http://webcache.googleusercontent.com/search?q=cache:http://thedocs.hostzi.com/https://www.facebook.com/events/502155489858219/ Coming Mon 6:12+12:2013 A.D. to the Force 10 Dot Com: The 303 Passphrases Designed by Vladimir Putin based on the

old Secret Service Codebook Sold to him by Secret Service Special Agent Finn Auberg. It will be called: "The

Nuclear Launch CODEBOOK of K10 to King Hassan of IRAN" Until then, keep busy with these interesting links:www.TheForce10.comhttp://CIA.TheForce10.comhttps://www.cia.gov/about-cia/headquarters-tour/kryptos/index.htmlhttps://www.cia.gov/kids-page/k-5th-grade/the-cia-k-9-corps/k-9-video/index.htmlhttps://www.cia.gov/careers/games-information/photo-analysis-challenge/index.htmlhttps://www.cia.gov/careers/games-information/aerial-analysis-challenge/index.htmlhttps://www.cia.gov/careers/cia-personality-quiz.htmlIf you need a Job and you feel you are Smarter than the Average Bear or A Complete Madd Matter Idiot, Apply ONLINE

for a job with the Usual Gang of Idiots that Killed JFK and BHO:https://www.cia.gov/careers/opportunities/cia-jobs/index.html=======http://youtu.be/DeumyOzKqgI http://youtu.be/ZpDQJnI4OhU G.I.A. (G.odhead I.ntelligence A.gency) 11:11 Awakening

Code Group in the Matrix of the Reality of God. See: https://www.facebook.com/groups/47842670979/ Stardate

6/11+11/2013 Congratulations! We welcome 7+7+7 aka 21 new members. The Membership that God Intel has shown will

come to be One Hundred and Forty-Four Thousand within 1335 days of 3:13:13 is currently Four Thousand Seven Hundred

and Fifteen on this special day of celebration of victory over the forces of Lucifer. LOSE your Imaginary EGO and

find your Atman, with the Love of the Holy GAIA Kelnesh Zayeen. Her Holy Spirit Resides within all of the Eternal

Armies of Light. Yesterday I AM WHO AM warned you of an attack by Lucifer Upon all God's Elect Children. As the

Avatar for the ArchAngel Michael I myself fought and won several spiritual battles yesterday on 6/7+7+7/13. I

received an email from a Gentleman in Pakistan who said he planned to Suicide Bomb a Islamic Mosque in Pakistan. I

told him to search within his heart to discern the WILL of I AM who AM who AM ONE (ALLAH arabic for ONE). He must

have searched his heart and carried out his plan. He made the News yesterday when he and his Armies of Light

Attacked an Islamic Mosque in Pakistan. Verily I say with the Office of a Prophet of the Order of Melchizedek, the

ONE (ALLAH) without beginning and without end, All of the dead in that encounter the attackers and the victims are

with I AM WHO AM in Heaven this very day.In further news of Light versus Darkness, two NAZI S.S. Gestapo Agents harassed and stalked me yesterday. I told

the two secret service Agents I am a Prophet of the Most High God and that they were condemned to Hell for being

the Bodyguards for Satan/The Reincarnation of Adolf Hitler/aka Barack Hussein Obama. I told them that they should

beg for mercy when they stand before the Throne of Judgement and find that the Lord has Condemned them to Eternal

Hell for being Slaves of Satan and the Pawns of Lucifer.They were taken aback that I knew the secret CODENAME for Sasha Obama which used to be ROSEBUD. I told the TRUTH to

them that God revealed to me. I said the future regarding ROSEBUD will come to pass. And I said if they would show

some fucking intelligence they would change the Whole SS Codebook regarding the targets they protect because it has

been compromised. The US Secret Service Agent Finn Auberg Sold the Entire CODE Book to Vladimir Putin for the sum

of at least 3.5 Million US Dollars. I told them that Special Agent Auberg was a Double Agent for the Russian

Intelligence. What I did not tell them is the whole truth. SS Special Agent Auberg is a Triple Agent. His first

Cover is Secret Service. His Double Cover is Russian Intelligence. And this Triple Cover which is where his

Ultimate Loyalty Lies is the Central Intelligence Agency. At the Bequest of the new Deputy Director of

the CIA who

is a Septuple Agent with Ultimate Loyalty to GOD or the G.I.A. she instructed Auberg to sell the Codebook to Putin

so that a secret CIA plan can use the idiot code based on the old Secret Service Codebook which was disclosed to

PUtin. The Codebook will be a slap in the face to the Nazi SS because the plans to execute the King and His Family

of Babylon will be Independently COntracted to Russian Intelligence and Planned by the Force10 Branch of the CIA

run by the new Deputy Director, known as Kristina X, this new book based on the Old SS CODEBOOK will be called "The

Nuclear Launch Code Book of K10 to King Hassan of IRAN" It consists of 303 phrases and will appear in plain sight

for all the NSA dipshit idiots to try and decipher at: www.TheForce10.comThis is the end of today's G.I.A. INtel. May the Force be with you! www.TheForce10.com Http://CIA.TheForce10.com

Zark to G.A.I.A. Agent 0069: We know you were. Mass Times Energy Equals U=The Eternal Energy of the Universal

Godhead. IOW mE=U. What you know I know, what you see, I see, Said I will never be FREE without the security of

your loving arms, keeping me from harm, take your hand in my hand and we will stand...AT THE SKYFALL.

G.A.I.A. Director Gaia Malchut: Hey guess what . . . He and many others already had the ultimate loyalty without

all the ego counter parts initials and veils that make it seem like someone has ultimate loyalty to me but really

is just to power

G.I.A. Director Zark: Really Director Malchut of the G.A.I.A., do you have to tell all the secrets...cause if

everyone knows the secrets...then how are the Prime Creators Supposed to make a Suprise ending for the Ships of

Eternal Humanity that cross into the River Kharon Across the Seas of TymE? Quit Spoiling our God-dang story!!! 1 3

3 7 Namaste! <3 <3 <3 (y)

G.A.I.A. Director Gaia Malchut And if you really understood you would have made him the director not someone that

will cause more tension and lead to more resistance and eventual defeat because of that

G.A.I.A. Director Gaia Malchut Loyalty to me is loyalty to God as we are loyal to each other and do not ever

involve others in our personal affairs. You doubt that we do not that is clear. And you have an abundance of words

making obama to be the dark advasary but look at his recent nominations

G.I.A. Director Zark: Are you writing the Penultimate Story of the Putin Paradox: An Epic 66 Book Library in ONE

Volume? GAIA, you seem the type of Godhead that would crap on Stephen King's Life by Willing Him to get hit by a

car walking on the side of the road because you who AM who AM didn't like the end of the Seventh Volume of the Dark

Tower Series he finished in the future. Let the Writers Write, you do what you do best...which is a secret. But I

am sure in about 10 nanoseconds you will tell everyone. And the funny thing is the WISE will understand you...but

the Wicked will have no fucking clue what you say about you who AM. :)

G.A.I.A. Director Malchut What did i say in yesterday comment about mine who remained from before and retained

memory awareness and never fall asleep. That would be those of the heart who hear me there and no power is greater

or more sustaining. Without this there is no such thing as loyalty

G.A.I.A. Director Malchut And there is no reward in it besides the temporary sense of power and accomplishment that

is not worth the price ultimately

G.A.I.A. Director Malchut No reward in that which is not of the heart and soul

G.I.A. Director Zark: Shh...goto sleep...The Nine RingWraiths Walk South on the 4th Earth Element

Located Upon the

Face that is rotating in and out of the RINGS of Uranus. 9:11:13/9:11am/9:11pm Kapish? 741238889 777 11 777 11 777

988832147

http://youtu.be/DJsozafkGwI

PS In a Game of Chess, who wins, the Master KGB Agent who has controlled the Russian Federation since 1999, or some dumb ass community organizer from Chicago? YOU DECIDE!

Please consider joining this event. Snowden blew the whistle on NSA spying on America and the World. So of course the pieces of shit at the NSA charge Snowden with Spying. Please join this event and invite all your friends. https://www.facebook.com/events/502155489858219/ Thank you! Director Zark of the G.I.A. _ / \ _ __ ___ _ __ _ _ _ __ ___ ___ _ _ ___ / _ \ | '_ \ / _ \| '_ \| | | | '_ ` _ \ / _ \| | | / __| / ___ \| | | | (_) | | | | |_| | | | | | | (_) | |_| \__ \ /_/ \_\_| |_|\___/|_| |_|\__, |_| |_| |_|\___/ \__,_|___/ |___/

Greetings Netizens, and Citizens of the world.

Anonymous has obtained some documents that "they" do not want you to see, and much to "their" chagrin, we have found them, and are giving them to you.These documents prove that the NSA is spying on you, and not just Americans. They are spying on the citizens of over 35 different countries.These documents contain information on the companies involved in GiG, and Prism.Whats GiG you might ask? well...

The GIG will enable the secure, agile, robust, dependable, interoperable data sharing environment for the Department where warfighter, business, and intelligence users share knowledge on a global network that facilitates information superiority, accelerates decision-making, effective operations, and Net-Centric transformation.

Like we said, this is happening in over 35 countries, and done in cooperation with private businesses, and intelligence partners world wide.We bring this to you, So that you know just how little rights you have. Your privacy and freedoms are slowly being taken from you, in closed door meetings, in laws buried inbills, and by people who are supposed to be protecting you.

Download these documents, share them, mirror them, don't allow them to make them disappear. Spread them wide and far. Let these people know, that we will not be silenced, that we will not be taken advantage of, and that we are not happy about this unwarranted, unnecessary, unethical spying of our private lives, for the monetary gain of the 1%.

And now, the candy: http://thedocs.hostzi.com/

Mirrors:http://t.co/XVlZQ53Zhphttp://t.co/JYUHrhi3Uehttp://t.co/qR9PRzySbqhttp://t.co/yGw2sP976Whttp://t.co/MrmBj4kma5

We are AnonymousWe do not forgiveWe do not forgetand by now,You should expect us

======================================================This is the html version of the file http://www.dtic.mil/cjcs_directives/cdata/unlimit/3170_01.pdf.Google automatically generates html versions of documents as we crawl the web.Page 1CHAIRMAN OF THE JOINTCHIEFS OF STAFFINSTRUCTION J-8CJCSI 3170.01HDISTRIBUTION: A, B, C, S10 January 2012 JOINT CAPABILITIES INTEGRATION AND DEVELOPMENT SYSTEMReferences: See Enclosure B1. Purpose. In support of references a and b, this instruction establishes theJoint Capabilities Integration and Development System (JCIDS) as the processused by the Joint Requirements Oversight Council (JROC) to fulfill its advisoryresponsibilities to the Chairman of the Joint Chiefs of Staff in identifying,assessing, validating, and prioritizing joint military capability requirements. This instruction provides a broad framework for the detailed JCIDS processactivities described in reference c. This Instruction is not intended to standalone — readers are encouraged to become familiar with reference b beforereviewing this Instruction.2. Cancellation.a. CJCSI 3170.01G, 1 March 2009, “Joint Capabilities Integration andDevelopment System,” is hereby cancelled.b. CJCSI 3470.01, 15 July 2005, “Rapid Validation and Resourcing ofJoint Urgent Operational Needs (JUONs) in the Year of Execution,” is herebycancelled.3. Applicability. This instruction applies to the Joint Staff, Services,Combatant Commands, and other DOD Components.4. Policy.a. The JCIDS process exists to support JROC and CJCS responsibilities inidentifying, assessing, validating, and prioritizing joint military capabilityrequirements as outlined in references a and b. JCIDS provides a transparentprocess that allows the JROC to balance joint equities and make informedPage 2CJCSI 3170.01H10 January 20122decisions on validation and prioritization of capability requirements.b. JCIDS operates through the organizational structures defined inreference b, with participation and advice from other organizations which haveequity in the capability requirements process.c. JCIDS uses Joint Capability Areas (JCAs) as an organizing construct forFunctional Capability Boards (FCBs) and portfolio assessments, consistentwith reference d. This provides the FCBs with portfolios of similar DODcapabilities functionally grouped to support capability analysis, strategydevelopment, investment decisions, capability portfolio management, andcapabilities-based force development and operational planning.d. In addition to supporting JROC and CJCS advisory responsibilities,outputs of the JCIDS process are used to facilitate Doctrine, Organization,Training, Materiel, Leadership and Education, Personnel, Facilities, and Policy(DOTMLPF-P) changes, to drive the Defense Acquisition System (DAS), and toinform the Planning, Programming, Budgeting, and Execution (PPBE) processesdetailed in references e through k.e. Services, Combatant Commands, and other DOD Components withdelegated validation authority will use variations of the JCIDS process withintheir organizations to validate Service-, Combatant Command-, or Component-specific capability requirements. Unless otherwise required to obtain jointvalidation, the following authorities

apply:(1) Services have validation authority for capability requirementsunique to their organizations when the Gatekeeper assigned Joint StaffingDesignator (JSD) is Joint Integration, Joint Information, or Independent. Services also have validation authority for Urgent Operational Needs (UONs)unique to their organizations. See references l through r for Service capabilityrequirement validation processes.(2) In accordance with reference s, USSOCOM has validation authorityfor capability requirements unique to its organization when the Gatekeeper-assigned JSD is Joint Capabilities Board (JCB) Interest, Joint Integration, JointInformation, or Independent. USSOCOM also has validation authority forUONs unique to its organization. See reference t for USSOCOM capabilityrequirement validation processes.(3) In accordance with reference u, the Defense Business SystemsManagement Committee has validation authority for defense business systems(DBS). Validation of capability requirements for, and acquisition of, DBS areconducted under the Business Capability Lifecycle (BCL) model outlined inreference u. BCL document formats remain acceptable in cases where DBSdocuments must be submitted to JCIDS for validation.Page 3CJCSI 3170.01H10 January 20123(4) In accordance with reference v, documents for capabilityrequirements that are funded primarily or wholly with National IntelligenceProgram (NIP) funding, and are related to Major System Acquisitions (MSA), orare programs designated by the Secretary of Defense or the Director of NationalIntelligence (DNI) to be of special interest, will be developed, reviewed, andvalidated in accordance with the Intelligence Community CapabilityRequirements process outlined in reference w. Documents for capabilityrequirements that are funded primarily or wholly with Military IntelligenceProgram funding, and are related to MSA, or are programs designated by theSecretary of Defense or the DNI to be of special interest, will be developed,reviewed, and validated under the JCIDS process outlined in this instructionand in reference c.(5) With the exception of NIP-funded IC capability requirements, theJROC reserves the right to exert validation authority over any capabilityrequirement by changing the JSD to JROC Interest or JCB Interest.f. Unless otherwise authorized, documents generated under other Service-,Combatant Command-, or Component-specific processes will be consistentwith JCIDS document formats and uploaded to the KM/DS system forinformation purposes and for visibility in the JCA portfolios.g. In the aggregate, the validated and prioritized capability requirements inthe FCB portfolios, along with information about the materiel and non-materielsolutions in work or already fielded to satisfy the capability requirements,provide the basis for the related advisory responsibilities of the JROC and theChairman.h. Processes and associated tools(1) Enclosure A provides an overview of the JCIDS process and theinteraction between JCIDS, DAS, PPBE, and other departmental processes.(2) Reference c provides specific procedures for the operation of JCIDS,the development and staffing of JCIDS documents, and the mandatedRequirements Management Certification Training program for personnelparticipating in the JCIDS process. It also outlines process variations forexpedited staffing of JUONs or DOD Component UONs and Joint EmergentOperational Needs (JEONs).(3) The KM/DS system is the authoritative system for processing,coordinating, tasking, and archiving JCIDS documents and related actionitems. Reference x provides the SIPRNET addresses for the KM/DS systemused for the staffing of JCIDS documents. Reference y provides the SIPRNETaddresses for the associated wiki site.Page 4CJCSI 3170.01H10 January 20124(4) The Capabilities Development Tracking and Management (CDTM)tool is provided as a means for sponsors to generate and submit documentsinto the KM/DS system for staffing and validation. Reference z provides theNIPRNET and SIPRNET addresses for the CDTM tool. Reference aa providesthe NIPRNET and SIPRNET addresses for the associated wiki sites.i. Applicability of documents developed under previous versions of thisinstruction(1) Documents that were validated under previous versions of thisinstruction and the now superseded CJCSI 3470.01, “Rapid Validation andResourcing of JUONs in the Year of Execution” remain valid.(2) Operational

Requirements Document updates and annexes, InitialCapabilities Documents (ICDs), Capability Development Documents (CDDs),and Capability Production Documents (CPDs) developed under previousversions of this instruction will be accepted to support capability development. Updates to legacy documents will incorporate, or justify the absence of, thefollowing Key Performance Parameters (KPPs) in accordance with reference c: force protection, survivability, sustainment, net-ready, training, and energy.j. Requests for exceptions or variances to this instruction or the documentformats and processes described in reference c must be directed to the JointStaff J-8 Requirements Management Division (J-8/RMD). J-8/RMD will workin coordination with the document sponsor and the appropriate FCB to ensureany exceptions or variances meet the needs of the JROC while allowing forappropriate flexibility in the capability requirements process.5. Definitions. See Glossary.6. Responsibilities. See reference b.7. Summary of Changes. This is a complete revision of CJCSI 3170.01,reflecting consolidation of CJCSI 3470.01, alignment with changes in CJCSI5123.01, Joint Capability Development Process Review (JCDPR) processimprovement recommendations, JROC direction, and other administrativechanges.8. Releasability. This instruction is approved for public release; distribution isunlimited. DOD components (to include the combatant commands), otherFederal agencies, and the public may obtain copies of this instruction throughthe Internet from the CJCS Directives Home Page--http://www.dtic.mil/cjcs_directives.Page 5CJCSI 3170.01H10 January 201259. Effective Date. This instruction is effective upon receipt.Enclosures:A — Joint Capabilities Integration and Development SystemB — ReferencesGL — GlossaryWILLIAM E. GORTNEYVADM, USNDirector, Joint StaffPage 6CJCSI 3170.01H10 January 20126(INTENTIONALLY BLANK)Page 7CJCSI 3170.01H10 January 2012iDISTRIBUTIONDistribution A, B, C, and J plus the following:CopiesSecretary of Defense ...................................................................................... 2Under Secretary of Defense (Acquisition, Technology, and Logistics) .............. 2Under Secretary of Defense (Comptroller) ...................................................... 2Under Secretary of Defense (Personnel and Readiness) .................................. 2Under Secretary of Defense (Policy) ............................................................... 2Under Secretary of Defense (Intelligence) ....................................................... 2Assistant Secretary of Defense (Health Affairs)............................................... 2Department of Defense Chief Information Officer ........................................... 2Director, Cost Assessment and Program Evaluation ...................................... 2Director, Operational Test and Evaluation ..................................................... 2Director, Joint Rapid Acquisition Cell ............................................................ 2Director, National Intelligence ....................................................................... 2Page 8CJCSI 3170.01H10 January 2012ii(INTENTIONALLY BLANK)Page 9CJCSI 3170.01H10 January 2012A-1Enclosure A ENCLOSURE A JOINT CAPABILITIES INTEGRATION AND DEVELOPMENT SYSTEM1. JCIDS Overviewa. The JCIDS process operates in an iterative manner as shown in Figure1. Initial capability requirements documents drive the early acquisitionprocess, and the early acquisition process drives updates to capabilityrequirements documents related to specific materiel and non-materielcapability solutions to be pursued. The updated capability requirementsdocuments then drive the development, procurement, and fielding of materieland non-materiel solutions that satisfy the capability requirements and closeassociated capability gaps.b. The JCIDS process is tailorable in many ways to facilitate timely fieldingof capability solutions to meet validated capability requirements, as detailed inreference c.Figure 1.

Overview of JCIDS Processc. Requirement Identification and Document Generation(1) Services, Combatant Commands, and other DOD Componentsconduct Capabilities Based Assessments (CBAs) or other studies to assesscapability requirements and associated capability gaps and risks. In the caseof Urgent or Emergent operational needs, the scope of the assessment may bereduced to an appropriate level to determine the capability requirements in atimely manner. Regardless of the type of assessment, the assessments are Requirement Ident.And Doc. Generation: o CBAs and otherstudies o Draft ICD,JEON, or JUON.(or DCRs, CDDs,or CPDs incertain cases) o Study/Docu-ment RepositoryDocument Staffingand Validation: o Staffing anddocument review o Validated ICDs,JUONs, DCRs,CDDs, CPDs. o Transition toDeliberateprocess for non-validated JUONsor JEONsPost-validation processand interations.: o AoAs and JUONfielding plans. o MDDs and otherACQ milestones. o Generate draftDCR/CDD/CPD. o Transition todeliberate processfor enduringJUONs/JEONsJoint Prioritization: o Jointassessment andweighting ofCCMDs andService equities. o Support toCJCS Title 10responsibilitiesand informationfor otherprocesses.Page 10CJCSI 3170.01H10 January 2012A-2Enclosure A informed by high level strategy and guidance in the National Security Strategy,National Defense Strategy, National Military Strategy (NMS), QuadrennialDefense Review, Guidance for the Employment of the Force, Defense PlanningGuidance (DPG), etc.(2) Capability requirements and capability gaps identified throughCBAs and other studies are traceable to an organization’s assigned roles andmissions, and, to the greatest extent possible, described in terms of tasks,standards, and conditions in accordance with references bb and cc. (3) In accordance with reference c, results of CBAs and other studies,as well as assessments of operational utility, and other documents intended tojustify the generation of JCIDS documents, are uploaded to the KM/DS studiesrepository for reference purposes.(4) Any capability requirements which have significant capability gapstypically lead to an ICD which can then drive development of capabilitysolutions which are materiel, non-materiel, or a combination of both. Urgentoperational needs typically lead to a JUON or DOD Component UON document. Emergent operational needs typically lead to a JEON or DOD Component UONdocument.(5) Joint DOTMLPF-P Change Recommendations (Joint DCRs)represent more refined requirements documents tailored toward a particularnon-materiel approach for a capability solution, while CDDs and CPDsrepresent more refined requirements documents tailored toward a particularmateriel approach for a capability solution. Both materiel and non-materielapproaches are usually derived from a validated ICD, JUON, JEON, or DODComponent UON after more detailed analysis of potential approaches andalternative capability solutions. In certain cases, Joint DCRs, CDDs, and CPDsare generated directly from studies or other analyses, without a related ICD,JUON, JEON, or DOD Component UON. Details of these variances are inreference c.d. Document staffing and validation(1) ICDs, CDDs, CPDs, and Joint DCRs(a) Staffing and validation of each ICD, CDD, CPD, and Joint DCRis tailored to the nature of the document, as indicated by the JSD assigned bythe Gatekeeper.(b) Validation of these documents does not expire unless withdrawnby the validation authority or requirement sponsor, and as long as the plans,Joint Concepts, Concept of Operations, or other guidance establishing theoriginal capability requirements are still valid.Page 11CJCSI 3170.01H10 January 2012A-3Enclosure A (2) JUONs, JEONs, and DOD Component UONs(a) Staffing and validation of JUON, JEON, and DOD ComponentUON documents are handled through expedited review processes in order tominimize delay and allow rapid fielding of capability solutions. JUONs arevalidated by the Joint Staff J-8 Deputy Director for Requirements (J-8/DDR),JEONs are validated by the JCB or JROC, and DOD Component UONs arevalidated by the designated sponsor validation authority.(b) Unless withdrawn earlier by the validation authority orrequirement sponsor, or supported by an assessment of operational utility fortransition to enduring capability requirements or limited duration sustainment,validated JUONs and JEONs require review by the validation authority 2 yearsafter the validation date. This ensures that the urgent capability requirementsremain valid, or

facilitates transition to the deliberate acquisition processes ifappropriate. A similar review process for validated DOD Component UONs isat the discretion of the sponsor validation authority.(3) Details of JCIDS staffing process variations, JSDs, and validationauthorities are in reference c and details of the DOD Component staffingprocesses are in references through t.e. Post-validation Processes and Interactions(1) When a capability requirement document is validated by anorganization with delegated validation authority, that validation authority willensure that the validated document is uploaded to the KM/DS system. This isfor information and visibility into the JCA portfolios, and does not imply jointstaffing and validation unless otherwise required.(2) Non-materiel solution activities, in the form of DOTMLPF-P analysisand Joint DCR validation and implementation, are covered under this part ofthe JCIDS process. Details are in reference c.(3) Materiel solution activities are executed in the DAS process, and areguided by validated capability requirement documents from the JCIDS process. Acquisition efforts drive the generation of additional/refined JCIDS documentswhich will re-enter part 2 for staffing and validation. Details of interactionbetween JCIDS and DAS are in references c, e, and f.(4) Material solutions initiated through a validated JUON, JEON, orDOD Component UON shall not require a CDD or CPD during rapid acquisitionunless the capability meets the threshold for a Major Defense AcquisitionPrograms or Major Automated Information System (MAIS) program or isdesignated as an Acquisition Category 1D with CDD and or CPD required byPage 12CJCSI 3170.01H10 January 2012A-4Enclosure A the Defense Acquisition Executive. Enduring requirements for rapidly fieldedcapability solutions may require a CDD and/or CPD to support transition andfollow-on efforts.(5) For any rapidly fielded capability solutions, the original requirementsponsor will generate an assessment of operational utility for the capabilitysolution within 90 days of initial fielding to facilitate transition, sustainment, oralternate approaches. The three categories for the assessment are:(a) Failure/Limited Success. Solution sponsor identifies analternative solution for rapid acquisition.(b) Success / Limited Duration Requirement. Solution sponsorsustains the solution for the limited timeframe identified by the requirementsponsor and then retires the capability solution.(c) Success / Enduring Requirement. Solution sponsor sustainsthe rapidly fielded capability solution until replaced by an alternative capabilitysolution, if applicable, and transitions to a deliberate acquisition program orfurther development, procurement, and sustainment efforts.f. Joint Prioritization(1) Joint prioritization of capability requirements addresses statutoryresponsibilities of the JROC and the Chairman in accordance with references aand b. In addition to satisfying statutory responsibilities, joint prioritizationwithin JCA portfolios provides context for senior decision makers across theDepartment.(2) Each FCB will establish joint priorities for all capabilityrequirements submitted to their respective FCB portfolios in ICDs, JEONs,JUONs, or DOD Component UONs.(a) Successor documents — CDDs, CPDs, and Joint DCRs —typically address capability requirements already established in ICDs, and thusdo not require additional prioritization and will be traceable to the capabilityrequirements and priorities from predecessor documents. In cases whereCDDs, CPDs, or Joint DCRs are submitted without a preceding ICD, jointpriorities will be established for the capability requirements contained withinthese documents.(b) FCB efforts to establish joint priorities are conducted primarilyas part of JCIDS document staffing activities to facilitate low workload on thepart of the FCBs, and avoid an increase to staffing timelines. Some level ofinitial effort will be required to establish joint priorities for previously validatedcapability requirements in each FCB portfolio.Page 13CJCSI 3170.01H10 January 2012A-5Enclosure A (c) Priorities determined by the sponsor of each capabilityrequirement will not be considered during FCB assessments of joint priorities. Document sponsors may participate in normal FCB and FCB WG activities toensure that pertinent information relating to the capability requirements underreview may be considered by the FCBs and FCB WGs.(d) See reference c for additional details of FCB activities relating tojoint prioritization.(3) The Gatekeeper maintains the FCB joint prioritization for capabilityrequirements within each FCB portfolio. The joint

prioritization is available asneeded to provide context to other Departmental processes and senior-leveldecision-making.2. Interaction of JCIDS with DAS and PPBE Processesa. JCIDS (capability requirements and non-materiel solutions), DAS(materiel solutions), and PPBE (resources) are three key processes in DODwhich must work in concert to ensure consistent decision making whiledelivering timely and cost effective capability solutions to the Warfighters. JCIDS is documented in this instruction and in references b and c; DAS isdocumented in references e and f; and PPBE is documented in references gthrough k. See Figure 2.Figure 2. Three Critical Interacting Processesb. Together, the three processes provide a means to determine, validate,and prioritize capability requirements and associated capability gaps and risks,PPBE DepSecDef OversightDoDD 7045.14DoDI 7045.7 JCIDS VCJCS/JROC OversightCJCSI 5123.01CJCSI 3170.01 DAS USD(AT&L) OversightDoDD 5000.01DoDI 5000.02 DoD Decision Support Systems: Effective Interactionis EssentialPage 14CJCSI 3170.01H10 January 2012A-6Enclosure A and then fund, develop, and field non-materiel and materiel capabilitysolutions for the Warfighter in a timely manner.c. DAS. USD(AT&L) manages DAS as the primary process for transformingvalidated capability requirements into materiel capability solutions. JCIDSdocuments provide the critical link between validated capability requirementsand the acquisition of materiel capability solutions through five major DASphases: Materiel Solution Analysis, Technology Development (TD), Engineering& Manufacturing Development (EMD), Production & Deployment (P&D), andOperations & Support (O&S). Details of the DAS process are in references eand f. See Figure 3 for the relationship between the acquisition process andJCIDS documents.Figure 3. Overview of DAS and interaction with JCIDS documents.(1) Materiel Solution Analysis Phase(a) Following the validation of an ICD in the JCIDS process and apositive Materiel Development Decision by the Milestone Decision Authority(MDA), the solution sponsor conducts an Analysis of Alternatives (AoA) orsimilar study during this phase to identify the most appropriate option(s) toaddress one or more validated capability requirements and reduce or eliminateassociated capability gaps. (b) Following an AoA on capability requirements in a JROC or JCBInterest ICD, the appropriate FCBs review the AoA and recommended solution,and other MSA analyses. Together with the solution sponsor, the FCB Chairbriefs the JCB and/or JROC on the AoA recommendations and FCBassessment to facilitate the JCB or JROC providing informed advice to theMDA on the best approach to satisfy the capability requirement(s).(c) The FCB review of these MSA results shall be completed insufficient time to permit preparation of a draft CDD, not submitted to JCIDSfor validation at this time, to inform the Technology Development Strategy andRequest for Proposals for the TD phase.(2) Technology Development Phase MSATDEMDP&DO&S MDDMS AMS BMS CICDCDDCPDPage 15CJCSI 3170.01H10 January 2012A-7Enclosure A (a) Following the completion of the Materiel Solution Analysisphase, and a positive Milestone (MS) A decision by the MDA to continuedevelopment of a materiel solution, the solution sponsor reduces technical riskthrough TD Phase activities, which may include competitive prototyping.(b) The solution sponsor updates the draft CDD based upon TDphase activities and submits it to the JCIDS process for staffing and validation. The validated CDD is used as part of the pre-EMD review leading up to a MS Bdecision by the MDA.(3) Engineering & Manufacturing Development Phase(a) Following the validation of a CDD in the JCIDS process and apositive MS B decision by the MDA to continue development of a materielsolution, the sponsor develops and demonstrates a potentially effective andproducible materiel solution during this phase, addressing the KPPs in theCDD and partially or wholly satisfying one or more validated capability gaps.(b) During this phase, the sponsor generates a draft CPD andsubmits it into the JCIDS process for staffing and validation prior to a MS Cdecision by the MDA.(4) Production and Deployment Phase(a) Following the validation of a CPD in the JCIDS process and apositive MS C decision by the MDA to enter production with the materielsolution developed in the earlier DAS

phases, the sponsor produces thecapability solution(s) and fields them to the Warfighter until they reach fulloperating capability and the full quantity of end items have been produced.(b) Normally there is no further interaction with JCIDS in thisphase, unless there are changes during production that require changes tovalidated KPP thresholds, or if the program is not expected to remain withintargets for cost, schedule, or quantity set during validation.(5) Operations & Support Phase(a) This phase overlaps the P&D phase once the first of thecapability solutions have been fielded to the Warfighter.(b) Normally there is no further interaction with JCIDS in thisphase, although the capability requirement may re-enter the JCIDS processduring this phase if modifications or upgrades require changes to validatedKPP thresholds for follow-on development and production.Page 16CJCSI 3170.01H10 January 2012A-8Enclosure A (d) At end of life, capability solutions supporting enduringcapability requirements may need to be recapitalized to prevent a capabilitygap related to an enduring capability requirement.1. In cases where the original capability requirements are stillvalid, and there are no changes to the previous KPPs, the original JCIDSdocuments may be used to recapitalize the capabilities and additional staffingand validation is not required.2. In cases where the original capability requirement have beenaltered and/or different capabilities are to be pursued as part of therecapitalization, updated JCIDS documents are submitted for staffing andvalidation.(6) When the capability requirement is no longer valid, the sponsorretires and disposes of any associated capability solution(s).d. PPBE. The Deputy Secretary of Defense manages PPBE as the primaryprocess for enabling the funding of the various JCIDS and DAS activities whichdevelop, field, and sustain effective capability solutions to the warfighters. Details of the PPBE processes are in references g through k. See Figure 4 foran overview of the PPBE process.Page 17CJCSI 3170.01H10 January 2012A-9Enclosure A Figure 4. Overview of PPBE Process(1) Planning. DPG considers the same strategic documents whichinform the JCIDS process. The DPG, along with fiscal guidance from the Officeof Management and Budget (OMB), informs the Services, CombatantCommands, and other DOD Components in the development of their ProgramObjective Memoranda (POMs).(2) Programming. Each Service, Combatant Command, and other DODComponent considers the DPG, joint priorities, and other strategic guidancedocuments to generate inputs to the DOD budget in the form of a POM. Validated capability requirements from the JCIDS process are the driver for alarge portion of the POMs, including both development of new capabilitysolutions and sustainment of fielded capability solutions. OSD conducts anannual Program and Budget Review (PBR) to adjudicate program and budgetissues and better align the overall DOD budget prior to submission to theOMB. The result of PBR is a Resource Management Decision, which directschanges to the POMs as they are consolidated into the overall DOD budgetsubmission to OMB. Joint priorities established in JCIDS will inform bothPOM development efforts and issue discussions under the PBR.Page 18CJCSI 3170.01H10 January 2012A-10Enclosure A (3) Budgeting. Since the DOD budget is only a portion of overallgovernment expenditures, OMB consolidates the budget submissions from allof the government departments and agencies and produces the President’sBudget for submission to Congress. Through a number of committees andlegislative procedures, and informed by the President’s Budget and testimonyof various DOD officials, Congress authorizes and appropriates funds as it seesfit for the execution of DOD programs.(4) Execution. Using the funding provided by Congress, the Services,Combatant Commands, and other DOD Components execute their programsand interact directly or indirectly with the JCIDS process with activitiesincluding study, identification, and validation of new capability requirementsand associated capability gaps; development and acquisition of new capabilitysolutions; and O&S of fielded capability solutions.3. Interaction with Other Processesa. Integrated Priority Lists (IPLs)/Capability Gap Assessment (CGA)(1) The IPL is a once-a-

year update of Combatant Command prioritizedissues (capability gaps associated with validated or proposed capabilityrequirements) that limit Combatant Command ability to successfully achieveassigned roles, functions, and missions. The IPLs are the official submissionsof these prioritized capability gaps to the Joint Staff for review under the CGAprocess.(2) The CGA process, detailed in reference c, reviews CombatantCommand IPLs, and other issues and perspectives from the Services and otherDOD Components, relative to existing materiel and non-materiel efforts whichmay already be underway to address the capability gaps. As a result of theCGA, the JROC validates any new capability requirements and associatedcapability gaps, and recommends solutions for mitigation.b. JROC/JCB Tripwire(1) The JROC/JCB Tripwire is a JROC process, established inaccordance with reference dd, to review JROC and JCB Interest programs thatdeviate from cost, schedule, or quantity targets established at the time ofvalidating CDDs or CPDs.(a) Cost. Programs must return to the JROC or JCB for re-validation if they experience a cost growth equal to or greater than 10 percentover their current baseline or 25 percent over their original baseline as definedin the Acquisition Program Baseline.Page 19CJCSI 3170.01H10 January 2012A-11Enclosure A (b) Schedule. Programs must return to the JROC or JCB for re-validation if they experience a schedule slip for Initial Operational Capability(IOC) or Full Operational Capability (FOC) equal to or greater than 12 monthsfrom IOC and FOC targets set in the validation JROC Memorandum (JROCM).(c) Quantity. Programs must return to the JROC or JCB for re-validation if they experience a reduction in end-item quantities equal to orgreater than 10 percent from a quantity target set in the validation JROCM.(2) The lead FCB will work with the sponsor to assess whether anadjustment to validated KPPs is appropriate to mitigate the changes to cost,schedule, or quantity, while still providing meaningful capability for thewarfighter. More detail on JROC/JCB Tripwire procedures are in reference c.(3) JROC/JCB Tripwires do not preclude a validation authority from, atany time, requiring a review of previously validated requirements or programsby directly communicating to the applicable sponsor, outlining the reviewrequirements, timeline, and other details.c. Nunn-McCurdy Unit Cost Breach. The Nunn-McCurdy Unit CostBreach review activity is a USD(AT&L) process implemented to meet statutoryreview requirements in reference ee. USD(AT&L) organizes Integrated ProcessTeams to review the program, alternatives, cost estimates, and nationalsecurity impacts. More detail on Nunn-McCurdy Unit Cost Breach proceduresare in references c and f.(a) The FCBs, JCB, and JROC participate in order to review thedriving capability requirements and associated capability gaps and operationalrisks, and provide recommendations with respect to the essentiality of theprogram to satisfying capability requirements critical to national security.(b) Joint priorities provide additional information for considerationduring the review.d. MAIS Critical Change Reports. The MAIS Critical Change review activityis a USD(AT&L) process implemented to meet statutory review requirements inreference ff. More detail on MAIS Critical Change review procedures are inreferences c, f, and gg.(a) The FCBs, JCB, and JROC participate in order to review thedriving capability requirements and associated capability gaps and operationalrisks, and provide recommendations with respect to the essentiality of theprogram to satisfying capability requirements critical to national security.(b) Joint priorities provide additional information for considerationduring the review.Page 20CJCSI 3170.01H10 January 2012A-12Enclosure A e. PBR. The PBR process is coordinated by CAPE to facilitate theconsolidation of POM submissions from the Services and other DODComponents, and adjudication of any outstanding issues before presenting theoverall DOD input to the President’s budget submission.(1) As close coordination of JCIDS, DAS, and PPBE is critical to thetimely fielding of capability solutions to the warfighters, as indicated in Figure2, representatives from the FCBs participate in issue teams to providerepresentation from the Warfighter capability requirement perspective.(2) In addition, Joint Staff participation from J-8/CAD providesrepresentation from the acquisition and capability solution perspective, andparticipation from J-8/PBAD provides

representation from the financialperspective.(3) Joint prioritization informs the PBR discussions regarding therelative priorities of the capability requirements behind the programs underreview.f. Chairman’s Program Recommendation/Assessment(1) Chairman’s Program Recommendation (CPR). The CPR provides theChairman personal recommendations to the Secretary of Defense for theprogramming and budgeting process prior to OSD publishing the DPG. TheCPR articulates issues the Chairman deems important enough for theSecretary to consider when identifying DOD strategic priorities in the DPG.(a) FCBs will assist in the development of the CPR by identifyingand articulating candidate issues, conducting supporting research andassessments, and developing 5x8s on the candidate issues.(b) Joint prioritization is an additional input for consideration in theformulation of the CPR.(2) Chairman’s Program Assessment (CPA). The CPA is the Chairman’spersonal assessment to the Secretary of Defense on the adequacy of Serviceand DOD POMs submitted in the most recent cycle and may be considered inrefining the Defense program and budget. The Chairman’s assessmentaddresses risk associated with the programmed allocation of Departmentresources and evaluates the conformance of POMs to the priorities establishedin strategic plans and Combatant Command priorities for capabilityrequirements. The CPA also assesses the recommendations and execution ofthose issues highlighted in the CPR.Page 21CJCSI 3170.01H10 January 2012A-13Enclosure A (a) FCBs will assist in the development of the CPA by identifyingand articulating candidate issues, conducting supporting research andassessments, and developing 5x8s on the candidate issues.(b) Joint prioritization is an additional input for consideration in theformulation of the CPA.g. Chairman’s Risk Assessment (CRA). The CRA is the Chairman’sassessment of the nature and magnitude of strategic and military risk inexecuting the missions called for in the NMS, and may includerecommendations for mitigating risk, including changes to strategy,development of new operational concepts or capabilities, increases in capacity,or adjustments in force posture or employment.(1) The CRA informs the review and validation of capabilityrequirements in the FCB portfolios during normal staffing activities as well asIPL/CGA, PBR, and other periodic reviews.(2) The CRA should also be informed by the priorities of validatedcapability requirements in the FCB portfolios, as well as the acquisitionactivities underway to satisfy the capability requirements and improvingcapabilities and reducing risk in conducting the missions called for in the NMS.h. Capability Portfolio Management (CPM). CPM is a process managed byUSD(P) which is intended to inform senior leadership regarding status ofcapability solutions within each JCA portfolio to aid decisions related to futureinvestments. CPM activities are aligned with the JCAs, and thus can leveragethe alignment with the FCBs and joint prioritization in each portfolio. Detailsof the CPM process are in reference hh.Page 22CJCSI 3170.01H10 January 2012A-14Enclosure A (INTENTIONALLY BLANK)Page 23CJCSI 3170.01H10 January 2012B-1Enclosure BENCLOSURE B REFERENCESa. Title 10, USC, section 181, “Joint Requirements Oversight Council”b. CJCSI 5123.01 series, “Charter of the Joint Requirements OversightCouncil”c. JCIDS Manual, “Manual for the Operation of the Joint CapabilitiesIntegration and Development System,” on NIPRNET - https://www.intelink.gov/wiki/JCIDS_Manual, on SIPRNET - http://www.intelink.sgov.gov/wiki/JCIDS_Manuald. PDUSD(P)/DJS memorandum, 8 April 2011, “Joint Capability Area (JCA)2010 Refinement”e. DODD 5000.01, 12 May 2003, “The Defense Acquisition System”f. DODI 5000.02, 8 December 2008, “Operation of the Defense AcquisitionSystem”g. CJCSI 8501.01 series, “Chairman of the Joint Chiefs of Staff, CombatantCommanders, and Joint Staff Participation in the Planning, Programming,Budgeting, and Execution System”h. DODD 7045.14 Ch-1, 28 July 1990, “The Planning, Programming, andBudgeting System (PPBS)”i. DTM-04-005, 27 March 2004, “Control of Planning, Programming,Budgeting, and

Execution (PPBE) Documents and Information”j. DODI 7045.7 Ch-1, 9 April 1987, “Implementation of the Planning,Programming, and Budgeting System (PPBS)”k. DepSecDef Management Initiative Decision 913, 22 May 2003,“Implementation of a 2-Year Planning, Programming, Budgeting, and ExecutionProcess”l. AFPD 10-6, 31 May 2006, “Capabilities-Based Planning & RequirementsDevelopment”m. AFI 10-601, 12 July 2010, “Operational Capability RequirementsDevelopment”Page 24CJCSI 3170.01H10 January 2012B-2Enclosure Bn. AFI 63-114, 4 January 2011, “Quick Reaction Capability Process”o. AR 71-9, 28 December 2009, “Warfighting Capabilities Determination”p. MCO 3900.15, 10 March 2008, “Marine Corps Expeditionary ForceDevelopment System (EFDS)”q. MCO 3900.17, 17 October 2008, “Marine Corps Urgent Needs Process (UNP)and the Urgent Universal Need Statement (Urgent UNS)”r. SECNAVINST 5000.2E, 1 September 2011, “Implementation and Operationof the Defense Acquisition System and the Joint Capabilities Integration andDevelopment System”s. JROCM 179-09, 2 November 2009, “Delegation of Authority for SpecialOperations Capabilities to Special Operations Command”t. USSOCOM Directive 71-4, 9 June 2009, “Special Operations ForcesCapabilities Integration and Development System”u. DTM 11-009, 23 June 2011, “Acquisition Policy for Defense BusinessSystems (DBS)”v. DJ-8 and ADNI/SRA memorandum, 16 March 2010, “Guidelines forInteraction between the Intelligence Community Capability Requirements(ICCR) Process and Joint Capabilities Integration and Development System(JCIDS)”w. DNI memorandum, 26 May 2010, "Intelligence Community CapabilityRequirements Process - Interim Guidance"x. KM/DS System. On SIPRNET – http://jrockmds1.js.smil.mily. KM/DS Wiki. On SIPRNET – http://www.intelink.sgov.gov/wiki/Portal:JROC_KMDS_Knowledge_Management_and_Decision_Supportz. CDTM Tool. On NIPRNET – https://cdtm.js.mil. On SIPRNET –https://cdtm.js.smil.milaa. CDTM Wiki. On NIPRNET – https://www.intelink.gov/wiki/Capabilities_Development_Tracking_and_Management_(CDTM). On SIPRNET – http://www.intelink.sgov.gov/wiki/Capabilities_Development_Tracking_and_Management_(CDTM)Page 25CJCSI 3170.01H10 January 2012B-3Enclosure Bbb. CJCSI 3500.02 series, “Universal Joint Task List (UJTL) Policy andGuidance for the Armed Forces of the United States”cc. CJCSM 3500.04 series, “Universal Joint Task Manual”dd. JROCM 104-10, 25 June 2010, “Cost Growth in Joint RequirementsOversight Council (JROC) Approved Programs”ee. Title 10, USC, section 2433a, “Critical Cost Growth in Major DefenseAcquisition Programs”ff. Title 10, USC, chapter 144a, “Major Automated Information SystemPrograms”gg. Defense Acquisition Guidebook. On NIPRNET - https://dag.dau.mil.hh. DODD 7045.20, 25 September 2008, “Capability Portfolio Management”Page 26CJCSI 3170.01H10 January 2012B-4Enclosure B(INTENTIONALLY BLANK)Page 27CJCSI 3170.01H10 January 2012GL-1GlossaryGLOSSARY PART I – ACRONYMSAoAAnalysis of AlternativesCBACapabilities Based AssessmentCDDCapability Development DocumentCDTMCapability Development Tracking and ManagementCGACapability Gap AssessmentCJCSChairman of the Joint Chiefs of StaffCJCSIChairman of the Joint Chiefs of Staff InstructionCPAChairman’s Program AssessmentCPDCapability Production DocumentCPRChairman’s Program RecommendationCPMCapability Portfolio ManagementDASDefense Acquisition SystemDCRDOTmLPF-P Change RecommendationDepSecDefDeputy Secretary of DefenseDNIDirector of National IntelligenceDODDepartment of DefenseDOTmLPF-PDoctrine, Organization, Training, Materiel, LeadershipPolicy and Education, Personnel, Facilities, and PolicyDPGDefense Planning GuidanceEMDEngineering and Manufacturing Development

PhaseFCBFunctional Capabilities BoardFCB WGFCB Working GroupFDDFull Deployment DecisionFOCFull Operational CapabilityICIntelligence CommunityICCRIntelligence Community Capability RequirementsICDInitial Capabilities DocumentIOCInitial Operational CapabilityIPLIntegrated Priority ListJ-8/DDRJoint Staff J-8 / Deputy Director for RequirementsJ-8/RMDJoint Staff J-8 / Requirements Management DivisionJCAJoint Capability AreaJCBJoint Capabilities BoardPage 28CJCSI 3170.01H10 January 2012GL-2GlossaryJCDJoint Capabilities DocumentJCDPRJoint Capability Development Process ReviewJCIDSJoint Capabilities Integration and Development SystemJEONJoint Emergent Operational NeedJRACJoint Rapid Acquisition CellJROCJoint Requirements Oversight CouncilJROCMJoint Requirements Oversight Council MemorandumJSDJoint Staffing DesignatorJUONJoint Urgent Operational NeedKM/DSKnowledge Management / Decision SupportKPPKey Performance ParameterMAISMajor Automated Information SystemMDAMilestone Decision AuthorityMIPMilitary Intelligence ProgramMQRMAIS Quarterly ReportMSMilestoneMSAMajor System AcquisitionsNIPNational Intelligence ProgramNIPRNETNonsecure Internet Protocol Router NetworkNMSNational Military StrategyO&SOperation and Support PhaseOMBOffice of Management and BudgetOSDOffice of the Secretary of DefenseOUSD(AT&L)Office of the Under Secretary of Defense for Acquisition,Technology & LogisticsP&DProduction and Deployment PhasePBRProgram and Budget ReviewPOMProgram Objective MemorandumPPBEPlanning, Programming, Budgeting, and ExecutionSARSelected Acquisition ReportSecDefSecretary of DefenseSIPRNETSECRET Internet Protocol Router NetworkSIPRNetSecret Internet Protocol Router NetworkTDTechnology Development PhaseUJTLUniversal Joint Task ListPage 29CJCSI 3170.01H10 January 2012GL-3GlossaryUONUrgent Operational NeedUSSOCOMUS Special Operations CommandPage 30CJCSI 3170.01H10 January 2012GL-4Glossary(INTENTIONALLY BLANK)Page 31CJCSI 3170.01H10 January 2012GL-5GlossaryPART II – DEFINITIONSCapability – The ability to execute a specified course of action. (A capabilitymay or may not be accompanied by an intention.) (JP 1-02)Capability Gap (or Gap) – The inability to execute a specified course of action. The gap may be the result of no existing capability, lack of proficiency orsufficiency in an existing capability solution, or the need to replace an existingcapability solution to prevent a future gap.Capability Need (or Need) – see “Capability Requirement”.Capability Requirement (or Requirement) – A capability required to meet anorganization’s roles, functions, and missions in current or future operations. To the greatest extent possible, capability requirements are described inrelation to tasks, standards, and conditions in accordance with the UniversalJoint Task List or equivalent DOD Component Task List. If a capabilityrequirement is not satisfied by a capability solution, then there is also anassociated capability gap which carries a certain amount of risk untileliminated. A requirement is considered to be ‘draft’ or ‘proposed’ untilvalidated by the appropriate authority.Capability Solution – A materiel solution or non-material solution to satisfy oneor more capability requirements (or needs) and reduce or eliminate one or morecapability gaps.Core Mission Area – DOD core mission areas identified under the most recentQuadrennial Roles and Missions (QRM) review are: Homeland Defense and CivilSupport (HD/CS); Deterrence Operations; Major Combat Operations (MCOs);Irregular Warfare; Military Support to Stabilization Security, Transition, andReconstruction Operations; Military Contribution to Cooperative Security.Document Sponsor – The organization submitting a JCIDS document. Solutionsponsors for successor documents – Capability Development Documents(CDDs), Capability Production Documents (CPDs), and Joint DOTmLPF-PChange Recommendations (Joint DCRs) - may

be different than theRequirement Sponsors for initial documents – Initial Capabilities Documents(ICDs), Urgent Operational Needs (UONs), Joint UONs (JUONs), and JointEmergent Operational Needs (JEONs). Different Sponsors for requirementsand solutions occurs most commonly when the initial requirement Sponsordoes not have delegated acquisition authority and a different organization isdesignated to develop and field a capability solution.DOD Components – The Office of the Secretary of Defense, the MilitaryDepartments, the Chairman of the Joint Chiefs of Staff, the CombatantPage 32CJCSI 3170.01H10 January 2012GL-6GlossaryCommands, the Office of the Inspector General of the Department of Defense,the Department of Defense Agencies, field activities, and all otherorganizational entities in the Department of Defense. (JP 1-02)Note that the term “DOD Components” also includes the National GuardBureau (NGB). The term “DOD Components” is used forstandardization/streamlining purposes and does not imply exclusion orexception from this grouping even if listed separately in the past.Gap – See “Capability Gap”.Joint - Connotes activities, operations, organizations, etc., in which elements oftwo or more Military Departments participate. (JP 1-02)Note that this definition of “joint” is applicable to requirement documents andcapability solutions which apply to more than one DOD Component. See “jointmilitary requirement” for the definition applicable to JROC responsibilities.Joint Emergent Operational Need (JEON) – UONs that are identified by aCombatant Command as inherently joint and impacting an anticipated orpending contingency operation.Joint Military Requirement – a capability necessary to fulfill or prevent a gap ina core mission area of the Department of Defense.Note that the responsibilities of the JROC over “joint military requirements”include both joint requirements and single DOD Component requirements whichmakeup the entirety of the capabilities of the joint force and enable the DOD coremission areas.Joint Urgent Operational Need (JUON) – UONs that are identified by aCombatant Command as inherently joint and impacting an ongoingcontingency operation.Materiel Solution – A new item (including ships, tanks, self-propelled weapons,aircraft, etc., and related spares, repair parts, and support equipment, butexcluding real property, installations, and utilities) developed or purchased tosatisfy one or more capability requirements (or needs) and reduce or eliminateone or more capability gaps.Need – See “Capability Requirement”.Non-materiel Solution – Changes to doctrine, organization, training, (existing)materiel, leadership and education, personnel, and/or facilities, implementedto satisfy one or more capability requirements (or needs) and reduce oreliminate one or more capability gaps, without the need to develop or purchasea new materiel solution.Page 33CJCSI 3170.01H10 January 2012GL-7GlossaryRapid Acquisition – a streamlined and tightly integrated iterative approach,acting upon validated urgent or emergent capability requirements, to: conductanalysis and evaluate alternatives and identify preferred solutions; develop andapprove acquisition documents; contract using all available statutory andregulatory authorities and waivers and deviations of such, appropriate to thesituation; identify and minimize technical development, integration, andmanufacturing risks; and rapidly produce and deliver required capabilities.Requirement – See “Capability Requirement”.Requirement Sponsor – See “Document Sponsor”.Solution – See “Capability Solution”.Solution Sponsor – See “Document Sponsor”.Sponsor – See “Document Sponsor”.Urgent Operational Need (UON) – capability requirements identified by a DODComponent as impacting an ongoing or anticipated contingency operation. Ifleft unfulfilled, UONs result in capability gaps potentially resulting in loss of lifeor critical mission failure. DoD Components, in their own terminology, mayuse a different name for a UON.Validation - The review and approval of capability requirement documents by adesignated validation authority. The JROC is the ultimate validation authorityfor capability requirements unless otherwise delegated to a subordinate boardor to a designated validation authority in a Service, Combatant Command, orother DOD Component.Page 34

CJCSI 3170.01H10 January 2012GL-8Glossary(INTENTIONALLY BLANK)======================================This is the html version of the file http://dodcio.defense.gov/Portals/0/Documents/DoD%20Directives/514401p[1].pdf.Google automatically generates html versions of documents as we crawl the web.Page 1Department of Defense DIRECTIVE NUMBER 5144.1May 2, 2005DA&MSUBJECT: Assistant Secretary of Defense for Networks and Information Integration/DoD Chief Information Officer (ASD(NII)/DoD CIO)Reference: (a) Title 10, United States Code(b) Title 44, United States Code(c) Title 40, United States Code(d) Unified Command Plan, March 1, 2005 1 (e) through (aa), see enclosure 11. PURPOSEUnder the authorities vested in the Secretary of Defense by section 113 of reference (a) andreferences (b) through (e), this Directive: 1.1. Assigns responsibilities, functions, relationships, and authorities to the AssistantSecretary of Defense for Networks and Information Integration/DoD Chief Information Officer(ASD(NII)/DoD CIO). 1.2. Cancels references (f) through (i). 2. APPLICABILITYThis Directive applies to the Office of the Secretary of Defense (OSD), the MilitaryDepartments, the Chairman of the Joint Chiefs of Staff, the Combatant Commands, the Office ofthe Inspector General of the Department of Defense, the Defense Agencies, the DoD FieldActivities, and all other organizational entities in the Department of Defense (hereafter referredto collectively as the “DoD Components”). 1 Requests for copies can be forwarded to the Director for Strategic Plans and Policy, J-5/Joint Staff, and will be provided in accordance with laws, regulations, and policies concerning the treatment of classified information. 1Page 2DoDD 5144.1, May 2, 2005 3. RESPONSIBILITIES AND FUNCTIONSThe ASD(NII)/DoD CIO is the principal staff assistant and advisor to the Secretary of Defenseand Deputy Secretary of Defense on networks and network-centric policies and concepts;command and control (C2); communications; non-intelligence space matters; enterprise-wideintegration of DoD information matters; Information Technology (IT), including NationalSecurity Systems (NSS); information resources management (IRM) (as defined by reference(b)); spectrum management; network operations; information systems; information assurance(IA); positioning, navigation, and timing (PNT) policy, including airspace and military-air-trafficcontrol activities; sensitive information integration; contingency support and migration planning;and related matters. Pursuant to chapter 113, subchapter III of 40 U.S.C. (reference (j)), theASD(NII)/DoD CIO has responsibilities for integrating information and related activities andservices across the Department. The ASD(NII)/DoD CIO also serves as the DoD Enterprise-level strategist and business advisor from the information, IT, and IRM perspective; Informationand IT architect for the DoD enterprise; and, DoD-wide IT and IRM executive. Hereafter theseresponsibilities and functions are referred to collectively as “NII and CIO” (including IRM)matters. In the exercise of assigned responsibilities and functions, the ASD(NII)/DoD CIO shall:3.1. Serve as the senior NII and CIO policy and resources official below the Secretary andDeputy Secretary of Defense.3.2. Advise and assist the Secretary and Deputy Secretary of Defense on policy and issuesregarding all assigned responsibilities and functions as they relate to the Department of Defense.3.3. As the DoD CIO:3.3.1. Review and provide recommendations to the Secretary and the Heads of the DoDComponents on:3.3.1.1. The performance of the Department’s IT and NSS programs (to includemonitoring and evaluating the performance of IT and NSS programs on the basis of allapplicable performance measurements).3.3.1.2. DoD budget requests for IT and NSS pursuant to section 2223 of reference(a).3.3.1.3. The continuation, modification, or termination of an IT and/or NSS programor project pursuant to section 1425 of reference (c).3.3.1.4. The continuation, modification, or termination of an NII or CIO programpursuant to the Federal Information Security Management Act of 2002 as part of Public Law(Pub. L.) 107-347 (reference (e)), Executive Order (E.O.). 13011 (reference (k)), and otherapplicable authorities.2

Page 3DoDD 5144.1, May 2, 2005 3.3.2. Lead the formulation and implementation of enterprise-level defense strategiesfrom the information, IT, network-centric, and non-intelligence space perspective.3.3.3. Serve as the information architect for the DoD enterprise informationenvironment, and provide oversight and policy guidance to ensure compliance with standards fordeveloping, maintaining, and implementing sound integrated and interoperable architecturesacross the Department, including intelligence systems and architectures. Ensure that IA isintegrated into architectures pursuant to section 3534 of reference (b) and section 11315 ofreference (c).3.3.4. Perform the duties and fulfill the responsibilities associated with informationsecurity and other matters under section 3544 of reference (b).3.3.5. Serve as the DoD-wide information executive and participate as a member onDoD-wide councils and boards involving NII and CIO matters, including serving as the DoDrepresentative on the Intelligence Community CIO Executive Council.3.3.6. Ensure that NII and CIO policy and resource decisions are fully responsive to theguidance of the Secretary and Deputy Secretary of Defense.3.3.7. Develop and maintain the DoD IA program and associated policies, procedures,and standards required by section 2224 of reference (a), chapter 35 of reference (e) and DoDDirective S-3600.1 (reference (l)).3.3.8. Ensure the interoperability of IT, including NSS, throughout the Department ofDefense pursuant to section 2223 of reference (a). 3.3.9. Design and implement, in coordination with the Under Secretary of Defense forAcquisition, Technology, and Logistics (USD(AT&L)), the Under Secretary of Defense(Comptroller)/DoD Chief Financial Officer (USD(C)/CFO), the Under Secretary of Defense forIntelligence (USD(I)), and the Chairman of the Joint Chiefs of Staff, a process for maximizingthe value and assessing and managing the risks of DoD IT acquisitions, including NSSacquisitions, as applicable.3.3.10. Ensure compliance with the reduction of information-collection burdens on thepublic pursuant to section 3507 of reference (b).3.3.11. Prescribe data and information management policies, procedures, and otherguidance for the Department.3.3.12. Issue policies and procedures necessary to establish and maintain a DoD RecordsManagement Program pursuant to standards, guidelines, and procedures issued under section2904 of reference (b) and Pub. L. No. 107-347 (reference (e)).3.3.13. Ensure that IT, including NSS, standards that apply throughout the Departmentare prescribed and enforced pursuant to section 2223 of reference (a).3Page 4DoDD 5144.1, May 2, 2005 3.3.14. Provide advice and other assistance to the Secretary of Defense and other seniorDoD managers to ensure that IT, including NSS, is acquired and information resources aremanaged in a manner consistent with reference (b) and section 11315 of reference (c) as well asthe priorities established by the Secretary.3.3.15. Provide enterprise-wide oversight of the development, integration, andimplementation of the Global Information Grid (GIG) in accordance with DoD Directive 8100.1(reference (m)).3.3.16. Promote the effective and efficient design and operation of all major IRMprocesses, including improvements to work processes for the Department pursuant to section11315 of reference (c).3.3.17. Provide for the elimination of duplicate IT, including NSS, within and betweenthe DoD Components, including the Military Departments and the Defense Agencies, pursuant toSection 2223 of reference (a).3.3.18. Maintain a consolidated inventory of DoD mission critical and mission essentialinformation systems, identify interfaces between those systems and other information systems,and develop and maintain contingency plans for responding to a disruption in the operation ofany of those information systems pursuant to section 2223 of reference (a).3.3.19. Provide DoD-wide policy regarding the use of the Internet and web siteadministration.3.3.20. Develop policies, in coordination with the Under Secretary of Defense forPersonnel and Readiness (USD(P&R)), to provide oversight of training, career development, andoccupation-specialty programs to ensure that personnel with the requisite knowledge and skillsare available to support the DoD Information Enterprise.3.3.21. Chair the DoD CIO Executive Board.3.3.22. Establish policies, plans, goals, measures, and baselines to incorporatecommercial-off-the-shelf software, knowledge management technologies, and services into thepolicies, doctrine, and training programs of the Department.

Undertake initiatives to increase theuse of commercial IT solutions throughout the Department across all applications, includingNSS, training, logistics, and non-material solutions.3.3.23. Serve as the principal DoD official responsible for preparing and defending NIIand CIO issues before the Congress as well as evaluating and assessing Congressional activityfor impact on all NII and CIO areas of responsibility.3.3.24. Provide for the enterprise information environment and ensure that itscapabilities are synchronized with requirements. This shall include providing for a common setof Enterprise capabilities that enable users to discover, access, post, process, advertise, retrieve,and fuse data, and make sense of the data gathered.4Page 5DoDD 5144.1, May 2, 2005 3.4. With regard to communications and information networks:3.4.1. Develop and implement network-centric policies, architectures, practices, andprocesses with emphasis on communications and information networks to enable Defensetransformation; however, these do not include content-based communications functions such asthose associated with public affairs and public diplomacy.3.4.2. Identify opportunities presented by communication and information technologiesas well as risks and costs, and make recommendations on the initiation of communication andinformation plans, programs, policies, and procedures accordingly.3.4.3. Provide policies, oversight, guidance, architecture, and strategic approaches for allcommunications and information network programs and initiatives on an enterprise-wide basisacross the Department, ensuring compliance with the IA requirements as well as interoperabilitywith national and alliance/coalition systems. This includes network-centric and information-integration projects, programs, and demonstrations as they relate to GIG implementation andemployment.3.4.4. Negotiate and conclude international agreements and other arrangements relatingto the sharing or exchange of DoD communications equipment, facilities, support, services orother communications resources; the use of DoD electromagnetic spectrum equities; and the useof U.S. communications facilities and/or systems pursuant to DoD Directive 5530.3 (reference(n)). Agreements of an operational nature within alliance organizations shall be coordinated withthe Chairman of the Joint Chiefs of Staff. 3.5. With regard to the electromagnetic spectrum:3.5.1. Provide policy, oversight, and guidance for all DoD matters related to theelectromagnetic spectrum, including the management and use of the electromagnetic spectrum(MUES) pursuant to DoD Directive 4650.1 (reference (o)) and the ElectromagneticEnvironmental Effects (E3) Program pursuant to DoD Directive 3222.3 (reference (p)) within theDepartment, nationally, and internationally. Ensure that appropriate national policies for MUESand E3 Control are implemented within the Department pursuant to section 305 and Chapter 8 oftitle 47, U.S.C. (reference (q)) and the National Telecommunications and InformationAdministration Manual (reference (r)) as well as applicable international policies and standards.3.5.2. Serve as the lead within the Department for coordination, approval, andrepresentation of DoD positions on all MUES and E3 Control matters within the U.S.Government as well as in regional, national, and international spectrum-management forums andorganizations.3.5.3. Coordinate, as appropriate, with the Chairman of the Joint Chiefs of Staffregarding the development of electromagnetic spectrum policy. 5Page 6DoDD 5144.1, May 2, 2005 3.6. With regard to C2:3.6.1. Develop and integrate the Department’s overall C2 strategy, approach, structure,and policies and ensure the C2 structure and architecture are compliant with DoD network-centric precepts, information strategy, and joint needs. 3.6.2. Provide policies, program oversight, guidance, and strategic approaches for all C2programs and initiatives on an enterprise-wide basis across the Department.3.6.3. Identify the governance of the C2 structure that addresses the needs of thePresident and all levels of operational command within the Department.3.6.4. Oversee and facilitate the integration of national, strategic, operational, andtactical C2 systems/programs, including support to the White House Military Office, pursuant toSecretary of Defense guidance (reference (s)).3.6.5. Oversee the development and integration of DoD-wide C2 capabilities, includingpromotion of C2-related research, experimentation, metrics, and analysis

techniques.3.6.6. Direct the Heads of the DoD Components to plan, program, budget, and executeprograms that will develop material solutions for Joint Capability Integration and DevelopmentSystem approved joint C2 capabilities. 3.7. With respect to space:3.7.1. Oversee DoD non-intelligence related space matters, including space-basedcommunications programs, space-based information integration activities, space controlactivities, operationally responsive space programs, space access, satellite control, space-basedposition, navigation, and timing programs, environmental sensing, and space launch ranges.3.7.2. Oversee the Space Major Defense Acquisition Program activities of the DoDExecutive Agent for Space in coordination with the USD(AT&L), and in coordination with theUSD(I) for space-based intelligence system acquisitions, as delegated by the USD(AT&L). 3.8. With regard to network-centric systems engineering policy and program oversight:3.8.1. Facilitate and resolve interoperability, performance, and other issues related tointerfaces, security, standards, and protocols critical to the end-to-end operation of the GIG.3.8.2. Oversee a network-centric system engineering effort using facilities and servicesof the Department of Defense to manage an enterprise-wide technical view for the GIG.3.8.3. Provide oversight of policies and programs to support independent evaluation andto physically validate the technical performance for key transformational communicationprograms of the GIG.6Page 7DoDD 5144.1, May 2, 2005 3.9. With regard to systems acquisition:3.9.1 Serve as the Milestone Decision Authority for Major Automated InformationSystems and other acquisition programs, as delegated by the USD(AT&L), with responsibilityfor developing and enforcing the policies and practices of DoD Directive 5000.1 (reference (t))for such programs, in coordination with the USD(AT&L) and the USD(I), as appropriate.3.9.2. Provide advice on issues related to all assigned responsibilities and functions tothe Defense Acquisition Board and the Defense Space Acquisition Board.3.10. With regard to PNT:3.10.1. Develop and implement PNT policy, including airspace and military air trafficcontrol, pursuant to DoD Directive 4650.5 (reference (u)).3.10.2. Develop and oversee contingency policies regarding the Federal AviationAdministration and its transfer to the Department of Defense under certain national securityemergencies, pursuant to E.O. 11161 (reference (v)).3.11. Support the Special Assistant to the Secretary of Defense and Deputy Secretary ofDefense for compartmented activities by coordinating sensitive information integration andproviding a support staff and appropriately cleared facilities for these functions pursuant toDeputy Secretary of Defense Memorandum (reference (w)).3.12. Provide NII and CIO support to the mission of Information Operations in support ofDoD Directive S-3600.1 (reference (l)).3.13. Develop and oversee contingency and crisis response communications policies andplanning for stabilization and reconstruction operations carried out by the Department withemphasis given to those executed in concert with the United States Government interagencyprocess, to include the interaction of DoD assets with foreign nations and nongovernmentalorganizations. Special emphasis shall be placed on migrating technologies uniquely suited tocontingency operations that are often not used in DoD applications.3.14. Participate, pursuant to the responsibilities and functions prescribed herein, in the DoDPlanning, Programming, Budgeting, and Execution process, which includes proposing DoDprograms, formulating budget estimates, recommending resource allocations and priorities, andmonitoring the implementation of approved programs in order to ensure adherence to approvedpolicy and planning guidance. This includes conducting program evaluation, assessments, andcross-program reviews, when applicable. 3.15. Address issues associated with meteorology, oceanography, and space weatherprograms (METOC) and provide overall guidance on DoD METOC matters. Ensure that DoDMETOC systems and architectures are interoperable and consistent with GIG policies.7Page 8DoDD 5144.1, May 2, 2005 3.16. Address international issues associated with information and communicationstechnologies, including technologies for the non-automatic movement, transmission, or receptionof information. Negotiate and conclude international agreements relating to coalition

command,control, and communications (C3) and IT policies, standards, and programs pursuant to DoDDirective 5530.3 (reference (n)). Exercise authority, direction, and control and approval of U.S.representation and negotiating positions in international fora and the conclusion of internationalagreements related to coalition C3 and international IT policies, standards, and programs. 3.17. Represent the Secretary of Defense at the North Atlantic Treaty Organization C3Board. 3.18. Recommend changes to the Director, Program Analysis and Evaluation regarding tothe content of the “virtual” Major Force Program for the GIG.3.19. Serve on boards, committees, and other groups and represent the Secretary and DeputySecretary of Defense on matters outside the Department pursuant to responsibilities andfunctions prescribed herein.3.20. Periodically review assigned DoD Executive Agent responsibilities and functions toensure conformance with DoD Directive 5101.1 (reference (x)).3.21. Identify and convey enterprise-wide, information-related research requirements to theDirector of Defense Research and Engineering (DDR&E) and other Senior Officials in theDepartment, as appropriate. In coordination and consultation with the DDR&E, establishreliability, survivability, and endurability design criteria/standards for DoD C3 and develop andmaintain a technology investment strategy to support the development, acquisition, andintegration of DoD C3 services, systems, and processes. 3.22. Provide advice on issues related to all assigned responsibilities and functions to theJoint Requirements Oversight Council and Joint Capabilities Integration and DevelopmentSystem process.3.23. Coordinate with the USD(I) to ensure that intelligence systems and architectures forcollection, analysis, and dissemination of critical intelligence information follow net-centricstrategies and are consistent and interoperable with DoD command, control, and communicationsand information-enterprise systems.3.24. Coordinate with the Assistant Secretary of Defense for Homeland Defense to ensureinteroperability of information systems with non-DoD organizations for homeland security andhomeland defense.3.25. Coordinate with the USD(AT&L) as the Vice Chair of the Defense Business SystemsManagement Committee to ensure that business systems and architectures for collection,analysis, and dissemination of militarily relevant information are consistent and interoperablewith DoD command, control, communications, and information-enterprise systems.8Page 9DoDD 5144.1, May 2, 2005 3.26. Ensure that NII and CIO policies and programs are designed and managed in ways thatimprove standards of performance, economy, and efficiency and that all Defense Agencies andDoD Field Activities under the authority, direction, and control of the ASD(NII)/DoD CIO areattentive and responsive to the requirements of their organizational customers, internal andexternal to the Department.3.27. Perform other such duties as the Secretary or Deputy Secretary of Defense may direct.4. RELATIONSHIPS4.1. In the performance of all assigned responsibilities and functions, the Assistant Secretaryof Defense for Networks and Information Integration/Department of Defense Chief InformationOfficer shall:4.1.1. Report directly to the Secretary and Deputy Secretary of Defense.4.1.2. Oversee and exercise authority, direction, and control over the Director, DefenseInformation Systems Agency.4.1.3. In consultation and coordination with the USD(I), provide policy guidance to theDirector, National Security Agency regarding network operations and IA matters.4.1.4. Use existing facilities and services of the Department of Defense and other FederalAgencies, whenever practicable, to avoid duplication and achieve maximum efficiency andeconomy.4.1.5. Provide advice to the OSD Principal Staff Assistants, as necessary, on DoD-wideissues associated with IRM, requirements analysis, budget-preparation matters, reportingactivities, Congressional material, and enterprise architectural design related to those areas underthe cognizance of the ASD(NII)/DoD CIO.4.1.6. Serve as the sponsor of the Command, Control, Communications, and IntelligenceFederally Funded Research and Development Center. 4.2. The Secretaries of the Military Departments shall provide timely advice to theASD(NII)/DoD CIO and shall ensure that the policies and guidance issued by theASD(NII)/DoD CIO are implemented in their respective Military Departments.4.3. The Heads of the DoD Components shall coordinate with the ASD(NII)/DoD CIO on

allmatters relating to the responsibilities and functions cited in section 3, above.9Page 10DoDD 5144.1, May 2, 2005 5. AUTHORITIESThe ASD(NII)/DoD CIO is hereby delegated authority to:5.1. Issue DoD Instructions, DoD publications, and one-time directive-type memoranda,consistent with DoD 5025.1-M (reference (y)), that implement policy approved by the Secretaryor Deputy Secretary of Defense in the areas of assigned responsibilities and functions. Instructions to the Military Departments shall be issued through the Secretaries of the MilitaryDepartments, or their designees.5.2. Obtain reports, information, advice, and assistance, consistent with DoD Directive8910.1 (reference (z)) and DoD Directive 8000.1 (reference (aa)), as necessary, to carry outassigned functions.5.3. Communicate directly with the Heads of the DoD Components. Communications withthe Military Departments shall be transmitted through the Secretaries of the MilitaryDepartments, their designees, or as otherwise provided in law or directed by the Secretary orDeputy Secretary of Defense in other DoD issuances, or except as provided in paragraph 5.4.below. Communications to the Commanders of the Combatant Commands, except in unusualcircumstances, shall be transmitted through the Chairman of the Joint Chiefs of Staff. With theconcurrence of the Chairman of the Joint Chiefs of Staff and the cognizant CombatantCommander, Chief Information Officers of the Combatant Commands may directly contact theASD(NII)/DoD CIO or designee, when required.5.4. Communicate directly with the CIOs of the DoD Components on all matters for whichthe ASD(NII)/DoD CIO is assigned responsibilities herein.5.5. Establish arrangements for DoD participation in non-Defense governmental programsfor which the ASD(NII)/DoD CIO is assigned primary responsibility. 5.6. Represent the Department of Defense and represent the Secretary and Deputy Secretaryof Defense on matters prescribed herein with government agencies, representatives of thelegislative branch, members of the public, and representatives of foreign governments andinternational organizations, as appropriate, in carrying out assigned responsibilities andfunctions. 5.7. Exercise the specific delegations of authority in enclosure 2.10Page 11DoDD 5144.1, May 2, 2005 6. EFFECTIVE DATEThis Directive is effective immediately.Enclosures - 2E1. References, continuedE2. Delegations of Authority11Page 12DoDD 5144.1, May 2, 2005 E1. ENCLOSURE 1REFERENCES, continued(e) E-Government Act of 2002 (Public Law 107-347), December 17, 2002(f) DoD Directive 5137.1, “Assistant Secretary of Defense for Command, Control, Communications, and Intelligence (ASD(C3I)),” February 12, 1992 (hereby canceled)(g) Deputy Secretary of Defense Memorandum, “Establishment of the Deputy Under Secretary of Defense for Space Acquisition and Technology Programs,” December 10, 1994 (hereby canceled)(h) Deputy Secretary of Defense Memorandum, “Responsibilities and Functions of the DeputyUnder Secretary of Defense for Space,” March 8, 1995 (hereby canceled)(i) Secretary of Defense Memorandum, “Implementation of Subdivision E of the Clinger-Cohen Act of 1996 (Pub. L. No. 104-106),” June 2, 1997 (hereby canceled)(j) Chapter 113, Subchapter III of title 40, United States Code(k) Executive Order 13011, “Federal Information Technology,” July 16, 1996(l) DoD Directive S-3600.1, “Information Operations,” December 9, 1996(m) DoD Directive 8100.1, “Global Information Grid (GIG) Overarching Policy,” September 9,2002(n) DoD Directive 5530.3, “International Agreements,” June 11, 1987(o) DoD Directive 4650.1, “Policy for Management and Use of the ElectromagneticSpectrum,” June 8, 2004(p) DoD Directive 3222.3, “DoD Electromagnetic Environmental Effects (E3) Program,”September 8, 2004(q) Section 305 and Chapter 8, title 47, United States Code(r) Part 300, title 47, Code of Federal Regulations (U.S. Department of Commerce, NationalTelecommunications and Information Administration (NTIA), “Manual of Regulations andProcedures for Federal Radio Frequency Management)(s) Secretary of Defense Memorandum, “Secretary of Defense Executive Agent for DoDAssetsSupporting White House Military Office (WHMO),” February 17, 1999 (classified) 2 (t) DoD Directive 5000.1, “The Defense Acquisition

System,” May 12, 2003(u) DoD Directive 4650.5, “Positioning, Navigation, and Timing,” June 2, 2003(v) Executive Order 11161, “Relating to Certain Relationships Between the Department ofDefense and the Federal Aviation Administration,” July 7, 1964, as amended by ExecutiveOrder 11382(w) Deputy Secretary of Defense Memorandum, October 10, 2003 (subject and content areclassified) 2 (x) DoD Directive 5101.1, “DoD Executive Agent,” September 3, 2002(y) DoD 5025.1-M, “DoD Directives System Procedures,” current edition(z) DoD Directive 8910.1, “Management and Control of Information Requirements,” June 11, 1993 2 Requests for copies can be forwarded to the Director, NII Administration and Management, Office of the Assistant Secretary of Defense for Networks and Information Integration/DoD Chief Information Officer, and will beprovided based upon DoD policy and a need to know regarding classified information. 12 ENCLOSURE 1Page 13DoDD 5144.1, May 2, 2005 E1. ENCLOSURE 1REFERENCES, continued(aa) DoD Directive 8000.1, “Management of DoD Information Resources and Information Technology,” February 27, 200213 ENCLOSURE 1Page 14DoDD 5144.1, May 2, 2005 E2. ENCLOSURE 2DELEGATIONS OF AUTHORITYE2.1.1. Pursuant to the authority vested in the Secretary of Defense, and subject to theauthority, direction, and control of the Secretary of Defense, and in accordance with DoDpolicies, Directives, and Instructions, the ASD(NII)/DoD CIO, or the person acting for theASD(NII)/DoD CIO in his or her absence, is hereby delegated authority, as required, in theadministration and operation of the Office of the ASD(NII)/DoD CIO to:E2.1.1.1. Perform the duties and fulfill the responsibilities of the Secretary of Defenseunder sections 11312 and 11313 of title 40, United States Code. Assist the USD(Comptroller)/DoD Chief Financial Officer in performing and fulfilling the responsibilities of the Secretary ofDefense under section 11316 of title 40, United States Code.E2.1.1.2. Make original security classification determinations (up to and including topsecret) in accordance with E.O. 12958, “Classified National Security Information,” April 17,1995.E2.1.1.3. Make written determinations for the conduct of all closed meetings of FederalAdvisory Committees under the cognizance of the ASD(NII)/DoD CIO as prescribed by section10(d) of the Federal Advisory Committee Act (5 U.S.C. Appendix II, 10(d)). E2.1.2. The ASD(NII)/DoD CIO may redelegate these authorities, as appropriate, and inwriting, except as otherwise specifically indicated above or prohibited by law, Directive, orregulation.14 ENCLOSURE 2========================================================

This is the html version of the file http://dodcio.defense.gov/Portals/0/Documents/DoD%20Directives/514401p[1].pdf.Google automatically generates html versions of documents as we crawl the web.Page 1Department of Defense DIRECTIVE NUMBER 5144.1May 2, 2005DA&MSUBJECT: Assistant Secretary of Defense for Networks and Information Integration/DoD Chief Information Officer (ASD(NII)/DoD CIO)Reference: (a) Title 10, United States Code(b) Title 44, United States Code(c) Title 40, United States Code(d) Unified Command Plan, March 1, 2005 1 (e) through (aa), see enclosure 11. PURPOSEUnder the authorities vested in the Secretary of Defense by section 113 of reference (a) andreferences (b) through (e), this Directive: 1.1. Assigns responsibilities, functions, relationships, and authorities to the AssistantSecretary of Defense for Networks and Information Integration/DoD Chief Information Officer(ASD(NII)/DoD CIO). 1.2. Cancels references (f) through (i). 2. APPLICABILITYThis Directive applies to the Office of the Secretary of Defense (OSD), the MilitaryDepartments, the Chairman of the Joint Chiefs of Staff, the Combatant Commands, the Office ofthe Inspector General of the Department of Defense, the Defense Agencies, the DoD FieldActivities, and all other organizational entities in the Department of Defense (hereafter referredto collectively as

the “DoD Components”). 1 Requests for copies can be forwarded to the Director for Strategic Plans and Policy, J-5/Joint Staff, and will be provided in accordance with laws, regulations, and policies concerning the treatment of classified information. 1Page 2DoDD 5144.1, May 2, 2005 3. RESPONSIBILITIES AND FUNCTIONSThe ASD(NII)/DoD CIO is the principal staff assistant and advisor to the Secretary of Defenseand Deputy Secretary of Defense on networks and network-centric policies and concepts;command and control (C2); communications; non-intelligence space matters; enterprise-wideintegration of DoD information matters; Information Technology (IT), including NationalSecurity Systems (NSS); information resources management (IRM) (as defined by reference(b)); spectrum management; network operations; information systems; information assurance(IA); positioning, navigation, and timing (PNT) policy, including airspace and military-air-trafficcontrol activities; sensitive information integration; contingency support and migration planning;and related matters. Pursuant to chapter 113, subchapter III of 40 U.S.C. (reference (j)), theASD(NII)/DoD CIO has responsibilities for integrating information and related activities andservices across the Department. The ASD(NII)/DoD CIO also serves as the DoD Enterprise-level strategist and business advisor from the information, IT, and IRM perspective; Informationand IT architect for the DoD enterprise; and, DoD-wide IT and IRM executive. Hereafter theseresponsibilities and functions are referred to collectively as “NII and CIO” (including IRM)matters. In the exercise of assigned responsibilities and functions, the ASD(NII)/DoD CIO shall:3.1. Serve as the senior NII and CIO policy and resources official below the Secretary andDeputy Secretary of Defense.3.2. Advise and assist the Secretary and Deputy Secretary of Defense on policy and issuesregarding all assigned responsibilities and functions as they relate to the Department of Defense.3.3. As the DoD CIO:3.3.1. Review and provide recommendations to the Secretary and the Heads of the DoDComponents on:3.3.1.1. The performance of the Department’s IT and NSS programs (to includemonitoring and evaluating the performance of IT and NSS programs on the basis of allapplicable performance measurements).3.3.1.2. DoD budget requests for IT and NSS pursuant to section 2223 of reference(a).3.3.1.3. The continuation, modification, or termination of an IT and/or NSS programor project pursuant to section 1425 of reference (c).3.3.1.4. The continuation, modification, or termination of an NII or CIO programpursuant to the Federal Information Security Management Act of 2002 as part of Public Law(Pub. L.) 107-347 (reference (e)), Executive Order (E.O.). 13011 (reference (k)), and otherapplicable authorities.2Page 3DoDD 5144.1, May 2, 2005 3.3.2. Lead the formulation and implementation of enterprise-level defense strategiesfrom the information, IT, network-centric, and non-intelligence space perspective.3.3.3. Serve as the information architect for the DoD enterprise informationenvironment, and provide oversight and policy guidance to ensure compliance with standards fordeveloping, maintaining, and implementing sound integrated and interoperable architecturesacross the Department, including intelligence systems and architectures. Ensure that IA isintegrated into architectures pursuant to section 3534 of reference (b) and section 11315 ofreference (c).3.3.4. Perform the duties and fulfill the responsibilities associated with informationsecurity and other matters under section 3544 of reference (b).3.3.5. Serve as the DoD-wide information executive and participate as a member onDoD-wide councils and boards involving NII and CIO matters, including serving as the DoDrepresentative on the Intelligence Community CIO Executive Council.3.3.6. Ensure that NII and CIO policy and resource decisions are fully responsive to theguidance of the Secretary and Deputy Secretary of Defense.3.3.7. Develop and maintain the DoD IA program and associated policies, procedures,and standards required by section 2224 of reference (a), chapter 35 of reference (e) and DoDDirective S-3600.1 (reference (l)).3.3.8. Ensure the interoperability of IT, including NSS, throughout the Department ofDefense pursuant to section 2223 of reference (a). 3.3.9. Design and implement, in coordination with the Under Secretary of Defense forAcquisition, Technology, and Logistics (USD(AT&L)), the Under Secretary of Defense(Comptroller)/DoD Chief

Financial Officer (USD(C)/CFO), the Under Secretary of Defense forIntelligence (USD(I)), and the Chairman of the Joint Chiefs of Staff, a process for maximizingthe value and assessing and managing the risks of DoD IT acquisitions, including NSSacquisitions, as applicable.3.3.10. Ensure compliance with the reduction of information-collection burdens on thepublic pursuant to section 3507 of reference (b).3.3.11. Prescribe data and information management policies, procedures, and otherguidance for the Department.3.3.12. Issue policies and procedures necessary to establish and maintain a DoD RecordsManagement Program pursuant to standards, guidelines, and procedures issued under section2904 of reference (b) and Pub. L. No. 107-347 (reference (e)).3.3.13. Ensure that IT, including NSS, standards that apply throughout the Departmentare prescribed and enforced pursuant to section 2223 of reference (a).3Page 4DoDD 5144.1, May 2, 2005 3.3.14. Provide advice and other assistance to the Secretary of Defense and other seniorDoD managers to ensure that IT, including NSS, is acquired and information resources aremanaged in a manner consistent with reference (b) and section 11315 of reference (c) as well asthe priorities established by the Secretary.3.3.15. Provide enterprise-wide oversight of the development, integration, andimplementation of the Global Information Grid (GIG) in accordance with DoD Directive 8100.1(reference (m)).3.3.16. Promote the effective and efficient design and operation of all major IRMprocesses, including improvements to work processes for the Department pursuant to section11315 of reference (c).3.3.17. Provide for the elimination of duplicate IT, including NSS, within and betweenthe DoD Components, including the Military Departments and the Defense Agencies, pursuant toSection 2223 of reference (a).3.3.18. Maintain a consolidated inventory of DoD mission critical and mission essentialinformation systems, identify interfaces between those systems and other information systems,and develop and maintain contingency plans for responding to a disruption in the operation ofany of those information systems pursuant to section 2223 of reference (a).3.3.19. Provide DoD-wide policy regarding the use of the Internet and web siteadministration.3.3.20. Develop policies, in coordination with the Under Secretary of Defense forPersonnel and Readiness (USD(P&R)), to provide oversight of training, career development, andoccupation-specialty programs to ensure that personnel with the requisite knowledge and skillsare available to support the DoD Information Enterprise.3.3.21. Chair the DoD CIO Executive Board.3.3.22. Establish policies, plans, goals, measures, and baselines to incorporatecommercial-off-the-shelf software, knowledge management technologies, and services into thepolicies, doctrine, and training programs of the Department. Undertake initiatives to increase theuse of commercial IT solutions throughout the Department across all applications, includingNSS, training, logistics, and non-material solutions.3.3.23. Serve as the principal DoD official responsible for preparing and defending NIIand CIO issues before the Congress as well as evaluating and assessing Congressional activityfor impact on all NII and CIO areas of responsibility.3.3.24. Provide for the enterprise information environment and ensure that itscapabilities are synchronized with requirements. This shall include providing for a common setof Enterprise capabilities that enable users to discover, access, post, process, advertise, retrieve,and fuse data, and make sense of the data gathered.4Page 5DoDD 5144.1, May 2, 2005 3.4. With regard to communications and information networks:3.4.1. Develop and implement network-centric policies, architectures, practices, andprocesses with emphasis on communications and information networks to enable Defensetransformation; however, these do not include content-based communications functions such asthose associated with public affairs and public diplomacy.3.4.2. Identify opportunities presented by communication and information technologiesas well as risks and costs, and make recommendations on the initiation of communication andinformation plans, programs, policies, and procedures accordingly.3.4.3. Provide policies, oversight, guidance, architecture, and strategic approaches for allcommunications and information network programs and initiatives on an enterprise-wide basisacross the Department, ensuring compliance with the IA

requirements as well as interoperabilitywith national and alliance/coalition systems. This includes network-centric and information-integration projects, programs, and demonstrations as they relate to GIG implementation andemployment.3.4.4. Negotiate and conclude international agreements and other arrangements relatingto the sharing or exchange of DoD communications equipment, facilities, support, services orother communications resources; the use of DoD electromagnetic spectrum equities; and the useof U.S. communications facilities and/or systems pursuant to DoD Directive 5530.3 (reference(n)). Agreements of an operational nature within alliance organizations shall be coordinated withthe Chairman of the Joint Chiefs of Staff. 3.5. With regard to the electromagnetic spectrum:3.5.1. Provide policy, oversight, and guidance for all DoD matters related to theelectromagnetic spectrum, including the management and use of the electromagnetic spectrum(MUES) pursuant to DoD Directive 4650.1 (reference (o)) and the ElectromagneticEnvironmental Effects (E3) Program pursuant to DoD Directive 3222.3 (reference (p)) within theDepartment, nationally, and internationally. Ensure that appropriate national policies for MUESand E3 Control are implemented within the Department pursuant to section 305 and Chapter 8 oftitle 47, U.S.C. (reference (q)) and the National Telecommunications and InformationAdministration Manual (reference (r)) as well as applicable international policies and standards.3.5.2. Serve as the lead within the Department for coordination, approval, andrepresentation of DoD positions on all MUES and E3 Control matters within the U.S.Government as well as in regional, national, and international spectrum-management forums andorganizations.3.5.3. Coordinate, as appropriate, with the Chairman of the Joint Chiefs of Staffregarding the development of electromagnetic spectrum policy. 5Page 6DoDD 5144.1, May 2, 2005 3.6. With regard to C2:3.6.1. Develop and integrate the Department’s overall C2 strategy, approach, structure,and policies and ensure the C2 structure and architecture are compliant with DoD network-centric precepts, information strategy, and joint needs. 3.6.2. Provide policies, program oversight, guidance, and strategic approaches for all C2programs and initiatives on an enterprise-wide basis across the Department.3.6.3. Identify the governance of the C2 structure that addresses the needs of thePresident and all levels of operational command within the Department.3.6.4. Oversee and facilitate the integration of national, strategic, operational, andtactical C2 systems/programs, including support to the White House Military Office, pursuant toSecretary of Defense guidance (reference (s)).3.6.5. Oversee the development and integration of DoD-wide C2 capabilities, includingpromotion of C2-related research, experimentation, metrics, and analysis techniques.3.6.6. Direct the Heads of the DoD Components to plan, program, budget, and executeprograms that will develop material solutions for Joint Capability Integration and DevelopmentSystem approved joint C2 capabilities. 3.7. With respect to space:3.7.1. Oversee DoD non-intelligence related space matters, including space-basedcommunications programs, space-based information integration activities, space controlactivities, operationally responsive space programs, space access, satellite control, space-basedposition, navigation, and timing programs, environmental sensing, and space launch ranges.3.7.2. Oversee the Space Major Defense Acquisition Program activities of the DoDExecutive Agent for Space in coordination with the USD(AT&L), and in coordination with theUSD(I) for space-based intelligence system acquisitions, as delegated by the USD(AT&L). 3.8. With regard to network-centric systems engineering policy and program oversight:3.8.1. Facilitate and resolve interoperability, performance, and other issues related tointerfaces, security, standards, and protocols critical to the end-to-end operation of the GIG.3.8.2. Oversee a network-centric system engineering effort using facilities and servicesof the Department of Defense to manage an enterprise-wide technical view for the GIG.3.8.3. Provide oversight of policies and programs to support independent evaluation andto physically validate the technical performance for key transformational communicationprograms of the GIG.6Page 7DoDD 5144.1, May 2, 2005 3.9. With regard to systems acquisition:3.9.1 Serve as the Milestone

Decision Authority for Major Automated InformationSystems and other acquisition programs, as delegated by the USD(AT&L), with responsibilityfor developing and enforcing the policies and practices of DoD Directive 5000.1 (reference (t))for such programs, in coordination with the USD(AT&L) and the USD(I), as appropriate.3.9.2. Provide advice on issues related to all assigned responsibilities and functions tothe Defense Acquisition Board and the Defense Space Acquisition Board.3.10. With regard to PNT:3.10.1. Develop and implement PNT policy, including airspace and military air trafficcontrol, pursuant to DoD Directive 4650.5 (reference (u)).3.10.2. Develop and oversee contingency policies regarding the Federal AviationAdministration and its transfer to the Department of Defense under certain national securityemergencies, pursuant to E.O. 11161 (reference (v)).3.11. Support the Special Assistant to the Secretary of Defense and Deputy Secretary ofDefense for compartmented activities by coordinating sensitive information integration andproviding a support staff and appropriately cleared facilities for these functions pursuant toDeputy Secretary of Defense Memorandum (reference (w)).3.12. Provide NII and CIO support to the mission of Information Operations in support ofDoD Directive S-3600.1 (reference (l)).3.13. Develop and oversee contingency and crisis response communications policies andplanning for stabilization and reconstruction operations carried out by the Department withemphasis given to those executed in concert with the United States Government interagencyprocess, to include the interaction of DoD assets with foreign nations and nongovernmentalorganizations. Special emphasis shall be placed on migrating technologies uniquely suited tocontingency operations that are often not used in DoD applications.3.14. Participate, pursuant to the responsibilities and functions prescribed herein, in the DoDPlanning, Programming, Budgeting, and Execution process, which includes proposing DoDprograms, formulating budget estimates, recommending resource allocations and priorities, andmonitoring the implementation of approved programs in order to ensure adherence to approvedpolicy and planning guidance. This includes conducting program evaluation, assessments, andcross-program reviews, when applicable. 3.15. Address issues associated with meteorology, oceanography, and space weatherprograms (METOC) and provide overall guidance on DoD METOC matters. Ensure that DoDMETOC systems and architectures are interoperable and consistent with GIG policies.7Page 8DoDD 5144.1, May 2, 2005 3.16. Address international issues associated with information and communicationstechnologies, including technologies for the non-automatic movement, transmission, or receptionof information. Negotiate and conclude international agreements relating to coalition command,control, and communications (C3) and IT policies, standards, and programs pursuant to DoDDirective 5530.3 (reference (n)). Exercise authority, direction, and control and approval of U.S.representation and negotiating positions in international fora and the conclusion of internationalagreements related to coalition C3 and international IT policies, standards, and programs. 3.17. Represent the Secretary of Defense at the North Atlantic Treaty Organization C3Board. 3.18. Recommend changes to the Director, Program Analysis and Evaluation regarding tothe content of the “virtual” Major Force Program for the GIG.3.19. Serve on boards, committees, and other groups and represent the Secretary and DeputySecretary of Defense on matters outside the Department pursuant to responsibilities andfunctions prescribed herein.3.20. Periodically review assigned DoD Executive Agent responsibilities and functions toensure conformance with DoD Directive 5101.1 (reference (x)).3.21. Identify and convey enterprise-wide, information-related research requirements to theDirector of Defense Research and Engineering (DDR&E) and other Senior Officials in theDepartment, as appropriate. In coordination and consultation with the DDR&E, establishreliability, survivability, and endurability design criteria/standards for DoD C3 and develop andmaintain a technology investment strategy to support the development, acquisition, andintegration of DoD C3 services, systems, and processes. 3.22. Provide advice on issues related to all assigned responsibilities and functions to theJoint Requirements Oversight Council and Joint Capabilities Integration and DevelopmentSystem process.3.23. Coordinate with the USD(I) to ensure that intelligence systems and

architectures forcollection, analysis, and dissemination of critical intelligence information follow net-centricstrategies and are consistent and interoperable with DoD command, control, and communicationsand information-enterprise systems.3.24. Coordinate with the Assistant Secretary of Defense for Homeland Defense to ensureinteroperability of information systems with non-DoD organizations for homeland security andhomeland defense.3.25. Coordinate with the USD(AT&L) as the Vice Chair of the Defense Business SystemsManagement Committee to ensure that business systems and architectures for collection,analysis, and dissemination of militarily relevant information are consistent and interoperablewith DoD command, control, communications, and information-enterprise systems.8Page 9DoDD 5144.1, May 2, 2005 3.26. Ensure that NII and CIO policies and programs are designed and managed in ways thatimprove standards of performance, economy, and efficiency and that all Defense Agencies andDoD Field Activities under the authority, direction, and control of the ASD(NII)/DoD CIO areattentive and responsive to the requirements of their organizational customers, internal andexternal to the Department.3.27. Perform other such duties as the Secretary or Deputy Secretary of Defense may direct.4. RELATIONSHIPS4.1. In the performance of all assigned responsibilities and functions, the Assistant Secretaryof Defense for Networks and Information Integration/Department of Defense Chief InformationOfficer shall:4.1.1. Report directly to the Secretary and Deputy Secretary of Defense.4.1.2. Oversee and exercise authority, direction, and control over the Director, DefenseInformation Systems Agency.4.1.3. In consultation and coordination with the USD(I), provide policy guidance to theDirector, National Security Agency regarding network operations and IA matters.4.1.4. Use existing facilities and services of the Department of Defense and other FederalAgencies, whenever practicable, to avoid duplication and achieve maximum efficiency andeconomy.4.1.5. Provide advice to the OSD Principal Staff Assistants, as necessary, on DoD-wideissues associated with IRM, requirements analysis, budget-preparation matters, reportingactivities, Congressional material, and enterprise architectural design related to those areas underthe cognizance of the ASD(NII)/DoD CIO.4.1.6. Serve as the sponsor of the Command, Control, Communications, and IntelligenceFederally Funded Research and Development Center. 4.2. The Secretaries of the Military Departments shall provide timely advice to theASD(NII)/DoD CIO and shall ensure that the policies and guidance issued by theASD(NII)/DoD CIO are implemented in their respective Military Departments.4.3. The Heads of the DoD Components shall coordinate with the ASD(NII)/DoD CIO on allmatters relating to the responsibilities and functions cited in section 3, above.9Page 10DoDD 5144.1, May 2, 2005 5. AUTHORITIESThe ASD(NII)/DoD CIO is hereby delegated authority to:5.1. Issue DoD Instructions, DoD publications, and one-time directive-type memoranda,consistent with DoD 5025.1-M (reference (y)), that implement policy approved by the Secretaryor Deputy Secretary of Defense in the areas of assigned responsibilities and functions. Instructions to the Military Departments shall be issued through the Secretaries of the MilitaryDepartments, or their designees.5.2. Obtain reports, information, advice, and assistance, consistent with DoD Directive8910.1 (reference (z)) and DoD Directive 8000.1 (reference (aa)), as necessary, to carry outassigned functions.5.3. Communicate directly with the Heads of the DoD Components. Communications withthe Military Departments shall be transmitted through the Secretaries of the MilitaryDepartments, their designees, or as otherwise provided in law or directed by the Secretary orDeputy Secretary of Defense in other DoD issuances, or except as provided in paragraph 5.4.below. Communications to the Commanders of the Combatant Commands, except in unusualcircumstances, shall be transmitted through the Chairman of the Joint Chiefs of Staff. With theconcurrence of the Chairman of the Joint Chiefs of Staff and the cognizant CombatantCommander, Chief Information Officers of the Combatant Commands may directly contact theASD(NII)/DoD CIO or designee, when required.5.4. Communicate directly with the CIOs of the DoD Components on all matters for whichthe ASD(NII)/DoD CIO is assigned

responsibilities herein.5.5. Establish arrangements for DoD participation in non-Defense governmental programsfor which the ASD(NII)/DoD CIO is assigned primary responsibility. 5.6. Represent the Department of Defense and represent the Secretary and Deputy Secretaryof Defense on matters prescribed herein with government agencies, representatives of thelegislative branch, members of the public, and representatives of foreign governments andinternational organizations, as appropriate, in carrying out assigned responsibilities andfunctions. 5.7. Exercise the specific delegations of authority in enclosure 2.10Page 11DoDD 5144.1, May 2, 2005 6. EFFECTIVE DATEThis Directive is effective immediately.Enclosures - 2E1. References, continuedE2. Delegations of Authority11Page 12DoDD 5144.1, May 2, 2005 E1. ENCLOSURE 1REFERENCES, continued(e) E-Government Act of 2002 (Public Law 107-347), December 17, 2002(f) DoD Directive 5137.1, “Assistant Secretary of Defense for Command, Control, Communications, and Intelligence (ASD(C3I)),” February 12, 1992 (hereby canceled)(g) Deputy Secretary of Defense Memorandum, “Establishment of the Deputy Under Secretary of Defense for Space Acquisition and Technology Programs,” December 10, 1994 (hereby canceled)(h) Deputy Secretary of Defense Memorandum, “Responsibilities and Functions of the DeputyUnder Secretary of Defense for Space,” March 8, 1995 (hereby canceled)(i) Secretary of Defense Memorandum, “Implementation of Subdivision E of the Clinger-Cohen Act of 1996 (Pub. L. No. 104-106),” June 2, 1997 (hereby canceled)(j) Chapter 113, Subchapter III of title 40, United States Code(k) Executive Order 13011, “Federal Information Technology,” July 16, 1996(l) DoD Directive S-3600.1, “Information Operations,” December 9, 1996(m) DoD Directive 8100.1, “Global Information Grid (GIG) Overarching Policy,” September 9,2002(n) DoD Directive 5530.3, “International Agreements,” June 11, 1987(o) DoD Directive 4650.1, “Policy for Management and Use of the ElectromagneticSpectrum,” June 8, 2004(p) DoD Directive 3222.3, “DoD Electromagnetic Environmental Effects (E3) Program,”September 8, 2004(q) Section 305 and Chapter 8, title 47, United States Code(r) Part 300, title 47, Code of Federal Regulations (U.S. Department of Commerce, NationalTelecommunications and Information Administration (NTIA), “Manual of Regulations andProcedures for Federal Radio Frequency Management)(s) Secretary of Defense Memorandum, “Secretary of Defense Executive Agent for DoDAssetsSupporting White House Military Office (WHMO),” February 17, 1999 (classified) 2 (t) DoD Directive 5000.1, “The Defense Acquisition System,” May 12, 2003(u) DoD Directive 4650.5, “Positioning, Navigation, and Timing,” June 2, 2003(v) Executive Order 11161, “Relating to Certain Relationships Between the Department ofDefense and the Federal Aviation Administration,” July 7, 1964, as amended by ExecutiveOrder 11382(w) Deputy Secretary of Defense Memorandum, October 10, 2003 (subject and content areclassified) 2 (x) DoD Directive 5101.1, “DoD Executive Agent,” September 3, 2002(y) DoD 5025.1-M, “DoD Directives System Procedures,” current edition(z) DoD Directive 8910.1, “Management and Control of Information Requirements,” June 11, 1993 2 Requests for copies can be forwarded to the Director, NII Administration and Management, Office of the Assistant Secretary of Defense for Networks and Information Integration/DoD Chief Information Officer, and will beprovided based upon DoD policy and a need to know regarding classified information. 12 ENCLOSURE 1Page 13DoDD 5144.1, May 2, 2005 E1. ENCLOSURE 1REFERENCES, continued(aa) DoD Directive 8000.1, “Management of DoD Information Resources and Information Technology,” February 27, 200213 ENCLOSURE 1Page 14DoDD 5144.1, May 2, 2005 E2. ENCLOSURE 2DELEGATIONS OF AUTHORITYE2.1.1. Pursuant to the authority vested in the Secretary of Defense, and subject to theauthority, direction, and control of the Secretary of Defense, and in accordance with DoDpolicies, Directives, and Instructions, the

ASD(NII)/DoD CIO, or the person acting for theASD(NII)/DoD CIO in his or her absence, is hereby delegated authority, as required, in theadministration and operation of the Office of the ASD(NII)/DoD CIO to:E2.1.1.1. Perform the duties and fulfill the responsibilities of the Secretary of Defenseunder sections 11312 and 11313 of title 40, United States Code. Assist the USD(Comptroller)/DoD Chief Financial Officer in performing and fulfilling the responsibilities of the Secretary ofDefense under section 11316 of title 40, United States Code.E2.1.1.2. Make original security classification determinations (up to and including topsecret) in accordance with E.O. 12958, “Classified National Security Information,” April 17,1995.E2.1.1.3. Make written determinations for the conduct of all closed meetings of FederalAdvisory Committees under the cognizance of the ASD(NII)/DoD CIO as prescribed by section10(d) of the Federal Advisory Committee Act (5 U.S.C. Appendix II, 10(d)). E2.1.2. The ASD(NII)/DoD CIO may redelegate these authorities, as appropriate, and inwriting, except as otherwise specifically indicated above or prohibited by law, Directive, orregulation.14 ENCLOSURE 2================================================================This is the html version of the file http://www.dtic.mil/cjcs_directives/cdata/unlimit/6212_01.pdf.Google automatically generates html versions of documents as we crawl the web.Page 1CHAIRMAN OF THE JOINT CHIEFS OF STAFF INSTRUCTION J-8 CJCSI6212.01FDISTRIBUTION: A, B, C, S21 March 2012NET READY KEY PERFORMANCE PARAMETER (NR KPP)Reference: See Enclosure F.1. Purpose. This instruction:a. Defines responsibilities and establishes policy and procedures todevelop the NR KPP and NR KPP certification requirement for all informationtechnology (IT) and national security systems (NSS) that contain joint interfacesor joint information exchanges (hereafter referred to as IT and defined as 'usedin the automatic acquisition, storage, manipUlation, management, movement,control, display, switching, interchange, or transmission or reception of DoDdata of information regardless of classification or sensitivity) (references a andb). (Enclosures A and B).b. Establishes procedures for the NR KPP certification requirement forJoint Requirements Oversight Council (JROC) Joint Capabilities Integrationand Development System (JCIDS) (Enclosures C and D).c. Establishes procedures to certify the NR KPP, with accompanyingarchitecture data, and compliance with spectrum requirements for allCapability Development Documents (CDDs) and Capability ProductionDocuments (CPDs). Additionally, establishes procedures for the review of thearchitecture data, as applicable, in JCIDS documents, including CapabilityBased Assessments; Initial Capability Documents (ICDs); Doctrine,Organization, Training, Materiel, Leadership and Education, Personnel andFacilities (DOTMLPF) Change Recommendations (DCRs); Concepts ofOperations (CONOPS); CDDs; and CPDs. (Enclosures C and D).d. Establishes NR KPP architecture data development methodologycompliant with the current DOD Architecture Framework (DODAF) guidance(reference g) and provides an optional NR KPP Architecture Data AssessmentPage 2CJCSI6212.01F21 March 2012Template and alignment to Global Information Grid 2.0 (reference h), DoD ITStandards Registry (DISR) (reference p), and Joint Information EnvironmentOperational Reference Architecture (JIE ORA)/ Warfighting EnterpriseArchitecture (WEA) guidance (reference z). (Enclosures C and D).2. Cancellation. CJCSI 6212.01E, 15 December 2008, "Interoperability andSupportability of Information Technology and National Security Systems" iscanceled.3. Applicability. Per references a through d, this instruction applies to:a. The Joint Staff, Military Departments and Services, CombatantCommands, Defense Agencies, DOD field activities, and joint and combinedactivities (hereafter referred to as DOD Components) (reference a).b. Federal agencies preparing and submitting JCIDS documents(references c and d).c. All IT acquired, procured, or operated by any DOD Component. In thisinstruction, IT includes, but is not limited to: NSS, IT acquisition programs,information systems, IT initiatives, IT services, software, electronic

warfaredevices, DBS, prototypes (reference e), Commercial-Off-the-Shelf (COTS),leased, Government Off-the-Shelf, Rapid Fielding (reference dd), Special AccessProgram, Joint Capability Technology Demonstration, Coalition WarriorInteroperability Demonstration, Combatant Command Initiatives Fund (CCIF),IT systems and subsystems that are integral to embedded weapons platformsand non-program of record materiel solution efforts. It does not apply to nonGlobal Information Grid (GIG) IT as defined by reference i. Hereafter, the termIT will be used in this document.d. Compliance. New JCIDS documents, not already in the system, mustcomply with this instruction. All documents submitted 6 months after thesignature date of this instruction must comply with this instruction. JCIDSdocuments entering their review cycle within 6 months of this instruction'srelease date may request permission from the Joint Staff to comply with theprevious version of this instruction.4. Policya. It is Joint Staff policy to ensure DOD Components develop, acquire, test,deploy, and maintain IT that:(1) Meets the essential operational needs of U.S. forces; 2Page 3CJCSI6212.01F21 March 2012(2) Uses architecture data to develop the NR KPP that is certified inJCIDS documents and reviewed in Information Support Plans (ISPs) (reference d). (3) Are interoperable and supportable with existing, developing, andproposed (pre-MS A) IT through architecture, standards, defined interfaces,modular design, and reuse of existing IT solutions;(4) Are supportable over the DOD GIG (see reference hand r);(5) Are interoperable with host nation, multinational coalition, andfederal, state, local, and tribal agency partners;(6) Provides global authentication, access control, and directoryservices; provide information and services from the edge; utilize jointinfrastructure; provide unity of command; and comply with common policiesand standards (reference h and v);(7) Leverages emerging capability-based references and methods,including the Joint Capability Areas (JCA) (references c, d, and m (as acommon language to discuss and describe capabilities across many relatedDOD activities and processes)), Joint Mission Threads (JMT), and the JointCommon System Function List (JCSFL) (reference k).(8) Complies with spectrum requirements throughout the system's lifecycle. Combatant Commands/Services/Agencies (C/S/A) ensure capabilitiesare aligned and interoperable during the development cycle; and(9) Complies with DOD Interoperability and Supportability (I&S) policyand instruction (references a and b).b. NR KPP Attributes for Certification. The NR KPP is based on threeattributes and JROC validated performance measures and metrics (reference d)identified by the IT's sponsor. Detailed NR KPP attributes and metricdevelopment guidance is in Enclosures C and D and on the NR KPP ManualWiki page (reference gg). The three NR KPP attributes are:(1) IT must be able to support military operations.(2) IT must be able to be entered and managed on the network.(3) IT must effectively exchange information.c. NR KPP Certification and Revalidation of Certification. All JCIDSdocuments are to be developed using the Capability Development Tracking andManagement (reference y) and reviewed via KM/DS to certify the NR KPP and 3Page 4CJCSI6212.01F21 March 2012spectrum requirements. In addition, supporting architecture data is reviewedfor compliance with the current DODAF. If DODAF Meta-model (DM2) PhysicalExchange Specification (PES) compliant tools are not available to developarchitectures, the optional NR KPP Architecture Data Assessment Template canbe used for the architecture development process described in Enclosure D andon the NR KPP Manual Wiki page. The optional NR KPP Architecture DataAssessment Template provides a fit-for-purpose view in compliance with thecurrent DODAF.(1) ISP Reviews. NR KPP contained in the ISP is reviewed forrecommendation to DOD CIO, including current DODAF architecture data orthe optional NR KPP Architecture Data Assessment Template, and spectrumrequirements compliance.(2) Other IT. NR KPP certification of non-JCIDS/non-acquisition IT(Le., fielded IT) is mandatory as described in Enclosure C and on the NR KPPManual Wiki page.(3) Baseline Capabilities Lifecycle (BCL) Documents. All BCLdocuments (reference f) entered by the JCIDS gatekeeper into KM/DS arereviewed (references e and f). The Business Case should include

how theproposed capability supports military operations from the problem statementand identify if the proposed capability can be entered and managed on thenetwork and can effectively exchange information. The solution architectureswill also be evaluated for alignment with the most current DODAF and the JIEORA/WEA (reference z). Business systems determined to not have a JointInterest by the JROC do not carry a NR KPP certification requirement.d. NR KPP Review and Certification Requirement. NR KPP review andcertification requirement in this instruction and the NR KPP Manual align tothe JCIDS process (references c and d).5. Definitions. See Glossary.6. Responsibilities. See Enclosure A.7. Summary of Changesa. Renames the instruction from "Interoperability and Supportability ofInformation Technology and National Security Systems" to "Net Ready KeyPerformance Parameter (NR KPP)."b. This revision eliminates previous elements and activities (informationassurance, data and services strategy, GIG Technical Guidance compliance,supportability compliance) from the NR KPP that are accomplished through 4Page 5CJCSI6212.01F21 March 2012other processes. The discussion of these former NR KPP elements is describedbelow.(1) Compliant solution architecture-within the context of the refinedNR KPP-now DODAF Architecture data.(2) The requirement to comply with the Net Centric Data and ServicesStrategies remains, but is no longer part of the NR-KPP. For NR KPP purposescompliance verification information (Data/Service Exposure VerificationTracking Sheet - "Bluesheet" - data) is provided DIV-3 submissions.(3) GIG Technical Guidance (GTG) - exists in the ISP.(4) DOD Information Assurance (IA) requirement - exist as a DAAresponsibility.(5) Supportability requirements - exists in the ISP but spectrumrequirements compliance will continue to be analyzed within the refined NRKPP.c. The NR KPP was redefined as three attributes focused on programspecific, validated, verifiable performance measures and metrics.d.NR KPP architecture development methodology (based on DODAFarchitecture or the optional NR KPP Architecture Data Assessment Template)was added with a requirement to align with DOD Information EnterpriseArchitecture (lEA) (reference m), the current DODAF, JIE ORA/WEA andJCSFL.e. Process details were removed from the instruction and added to the NRKPP Manual Wiki page to allow for more rapid dissemination of changes.8. Releasability. This instruction is approved for public release; distribution isunlimited. DOD components (to include the combatant commands), otherFederal agencies, and the public may obtain copies of this instruction throughthe Internet from the CJCS Directives Home Page--http://www.dtic.mil/cjcs_directives.9. Effective Date. This document is effective upon receipt. ~N Director, Joint Staff5O.,.....TT":h.TPage 6CJCSI6212.01F21 March 2012Enclosures:A - ResponsibilitiesB - Process Overview and Staffing ProceduresC - NR KPP Development and NR KPP CertificationD - NR KPP Architecture Development MethodologyE - ReferencesGL - Glossary6Page 7CJCSI6212.01F21 March 2012DISTRIBUTIONDistribution A, B, C, and J plus the following:CopiesUnder Secretary of Defense for Acquisition, Technology, and Logistics .......... 2 Under Secretary of Defense for Personnel and Readiness ............................... 2 Under Secretary of Defense for Policy ............................................................ 2 Under Secretary of Defense for Intelligence .................................................... 2 Deputy Chief Management Officer ................................................................. 2 DOD CIO ....................................................................................................... 2 Director, Operational Test and Evaluation ..................................................... 2 Director, National Intelligence ....................................................................... 2 United States Coast Guard............................................................................ 2 National Guard Bureau ................................................................................. 2 iPage 8

CJCSI6212.01F21 March 2012 (INTENTIONALLY BLANK) 11Page 9CJCSI6212.01F21 March 2012TABLE OF CONTENTS Page ENCLOSURE A RESPONSIBILITIES The Joint StaffJ8 ...................................................................................A-l DOD Components...................................................................................A-3 Sponsors ................................................................................................A-4 PMs ........................................................................................................A-5 Combatant Commands ...........................................................................A-7 DISA.......................................................................................................A-8 Director, NGA .........................................................................................A-9 Director, NSA .........................................................................................A-9 ENCLOSURE B PROCESS OVERVIEW AND STAFFING PROCEDURES Overview.................................................................................................B-1 Process Relationships .............................................................................B-1 NR KPP Certification Process ..................................................................B-2 NR KPP Staffing Levels and Timelines .....................................................B-5 C4/Cyber FCB Adjudication ...................................................................B-6 Review Timelines ....................................................................................B-6 Failure to Meet Certification Requirements .............................................B-7 Recommendations ..................................................................................B-7 Uniform Resource Locators.....................................................................B-7 ENCLOSURE C NR KPP DEVELOPMENT AND NR KPP CERTIFICATION PROCEDURES NR KPP Overview ....................................................................................C-1 Types of NR KPP Certification .................................................................C-1 Attribute Characteristics ........................................................................C-1 NR KPP Functions ..................................................................................C-4 NR KPP Development..............................................................................C-4 NR KPP 3-Step Process ...........................................................................C-4 NR KPP Example ....................................................................................C-6 Supportability Requirements Compliance ...............................................C-6 ENCLOSURE D NR KPP ARCHITECTURE DEVELOPMENT METHODOLOGY Architecture Development Methodology and Interoperability .................. D-1 DOD lEA Alignment............................................................................... D-3 NR KPP Information and Architecture Views .......................................... D-4 ENCLOSURE E REFERENCES ....................................................................E-1 ENCLOSURE GL GLOSSARY Abbreviations and Acronyms ............................................................... GL-1 Definitions .......................................................................................... GL-5 iiiPage 10CJCSI6212.01F21 March 2012 (INTENTIONALLY BLANK) ivPage 11CJCSI6212.01F21 March 2012ENCLOSURE ARESPONSIBILITIES 1. The Joint Staff J8, Deputy Director, Command, Control, Communications, and Computers (DDC4):a. Assistant Deputy Director (ADD), Command and Control (C2) Integrationwill:(1) Review ICDs, DCRs, CDDs, CPDs, CONOPS, and ISPs for C2interoperability, integration, and sustainability, and provide recommendationsand comments.(2) Maintain JCSFL for use in reference and solution architecturesrequired for JCIDS documents and ISPs. Maintenance and updates will bedone in coordination with Services and capability developers. The JCSFLprovides a common lexicon of warfighter system functionality. Thisinformation can be accessed on Intelink (NIPRNET: https:j jwww.intelink.govjwikijJCSFL; SIPRNET: http:j jwww.intelink.sgov.govjwikijJointCommon_Systems_Function_List 1) (reference k).(3) Direct Joint Mission Thread Architecture & Test Working GroupJMT development activities and

provide recommendations to develop selectedJMTs to support the Joint Staff J-8's objectives. JMTs provide decompositionof the mission elements necessary to support expeditious and efficient jointforce mission and capability analysis.(4) Conduct C2 interoperability assessments on selected IT. Theseassessments do not replace the joint interoperability test certification; however,Joint Interoperability Test Command (JITC) may elect to use J-8 DDC4assessment results to issue the joint interoperability test certification. (5) Maintain the Command and Control On-the-Move (C20TM) Reference Architecture to inform Service Sponsors and Program ManagersCapability Developers that are developing C20TM capabilities for commandersat the operational and tactical level. C20TM Reference Architecture can beaccessed on Intelink (SIPRNET: http:j jwww.intelink.sgov.govjwikij(C20TM)).(6) Manage, verify, and track exposure of authoritative data sourcessupporting net-enabled warfighter capabilities leveraging NR KPPdocumentation. Report the authoritative data source exposure progress to theJROC and DoD CIO.A-IEnclosure APage 12CJCS16212.01F21 March 2012(7) Review and analyze NR KPP architectures, KPPs, key systemattributes, and capabilities for interoperability and integration and provide acertification recommendation. (8) Manage, verify, and track exposure of C2 and non-C2 system bit level data implementation using the Interoperability Enhancement Processsupporting net-enabled warfighter capabilities leveraging NR KPPdocumentation. Report the bit level implementation progress, as annotated inthe DOD lEA DIV-3, to the Functional Capabilities Board (FCB).b. ADD, C4/Cyber will:(1) Review all JCIDS and BCL documents in KM/DS and ISPs in theDOD CIO repository for the NR KPP certification requirements according toEnclosures Band C, and references a through d. This includes:(a) Reviewing ICDs, DCRs, CONOPs, Statements of Capability, andBCL documents to validate current DODAF architecture data or the optionalNR KPP Architecture Data Assessment Template and spectrum requirementsvia KM/DS.(b) Confirming, through current DODAF architecture data or theoptional NR KPP Architecture Data Assessment Template, whether IT has jointinterfaces or joint information exchanges and requires NR KPP certification.(c) Providing an NR KPP certification memo for CDDs, CPDs, aftercertifying the NR KPP.(d) Determining whether IT portfolio management recommendationsand network operations (NetOps) for the GIG direction (reference j) and GIG 2.0goals and characteristics (reference h) were reviewed and included.(2) If applicable, for all IT I NSS, staff JCIDS documents, BCLdocuments, and IC documents to the C/SIAs for NR KPP certificationdetermination. Provide comments and where applicable, provide the NR KPPcertification memo to KM/DS (according to references c and d).(3) Provide the Joint Staff NR KPP ISP review to DOD CIO for ACAT I,Office of the Secretary of Defense (OSD) Special Interest, and DOD CIO specialinterest programs according to references band f for their final acceptance orrejection. (4) When required, attend JCB and JROC meetings to provide Joint Staff NR KPP certification results.A-2Enclosure APage 13CJCS16212.01F21 March 2012(5) Coordinate NR KPP policies, procedures, and programs withCIS/As.(6) Maintain the CJCSI 6212 Resource Page (reference n).(7) Maintain the NR KPP Manual Wiki page (reference gg).c. ADD, Communications and Networks (CN) will:(1) Review selected JCIDS and BCL documents, and ISP architectureartifacts, for compliance and integration with DOD enterprise levelarchitectures, reference architectures, and IT and NSS standards.(2) Review JCIDS, BCL, and ISP documents and architecture forcompliance to the spectrum requirements in Enclosure D of the NR KPPManual.2. DOD Components will:a. Review and provide comments on JCIDS and IC documents via KM/DSduring the NR KPP certification process. Review and provide NR KPP relatedcomments on BCL documents provided via KM/DS.b. Ensure NR KPP activities required by this policy are implemented withinDOD Component interoperability strategies, policies, processes, andprocedures.c. Ensure the Component Developmental Test and Evaluation (DT&E),Operational Test and Evaluation (OT&E) processes include mission-orientedNR KPP assessments as discussed in

Enclosure C. Ensure the assessmentuses common outcome-based methodologies to report on the impact that NRKPP and information exchanges have on system effectiveness and missionaccomplishment (reference e and u).d. Ensure IT solution architectures comply with the current DODAF(reference g), the DOD lEA (reference m), the DISR (reference p), and the JIEORA/WEA. Ensure solution architectures are aligned to available JMTs andthe JCSFL, and are resourced, developed, managed, discoverable, searchable,and retrievable (references q through y).e. Ensure Authoritative Data Sources (ADS) are registered in theDepartment's Enterprise ADS Registry. A-3 Enclosure APage 14CJCSI6212.01F21 March 20124. Sponsors (reference c) will:a. Include NR KPP certification requirements in JCIDS and for DBSBusiness Case (references b and d). Ensure the requirements providevalidated, verifiable, performance measures and metrics.b. Include NR KPP requirements with coalition, intergovernmental, andnon-government systems in JCIDS documents when the IT must interoperatein those environments.c. Include requirements to comply with spectrum management policy(references x through aa) and DOD IT standards policy (reference b) in JCIDSdocuments.d. Ensure solution architectures align with the current DODAF (referenceg), are aligned to JMTs and the JCSFL, and are resourced, developed,managed, discoverable, searchable, and retrievable (references w though y).Ensure DOD IC Components IT solution architectures comply with the IC JointArchitecture Reference Model (reference hh).e. Comply with the joint interoperability test certification requirement.f. Plan, program, budget for, and develop for DODAF architecture data orthe optional NR KPP Architecture Data Assessment Template.g. Initiate process for NR KPP recertification where changes to the NR KPPobjective and/or threshold values occur as a result of hardware or softwareupdates or information exchanges are changed.5. PMs (as defined in references e and f) will:a. Develop and provide access to NR KPP architecture data for JCIDS/BCLdocuments according to table B-1. Architecture data access may be providedvia a Web page link where the architecture is registered or other accessibleformat versus inserting actual architecture products in the documents. Alignthe architecture data to the current DODAF (reference g), the DOD lEA(reference m), Global Information Grid 2.0 (reference h), JIE ORA/WEA, andthe DISR (reference pl.b. Ensure IT is NR KPP certified according to Enclosures C and D. Thisincludes ensuring IT provides:(1) The NR KPP. A-4 Enclosure APage 15CJCSI6212.01F21 March 2012(2) DODAF-compliant NR KPP architecture data or the optional NR KPPArchitecture Data Assessment Template which provides the foundation for NRKPP development (Enclosures C and D).(3) Compliance to spectrum requirements (references t through aa).c. Plan, program, budget, execute, and provide resources according toagreed-to schedules. Ensure funding is planned for:(1) NR KPP certification, to include NR KPP architectures data or theoptional NR KPP Architecture Data Assessment Template data.(2) NR KPP re-certification.(3) Spectrum requirements risk assessments, required certificationprocesses, and control of electromagnetic environmental effects (E3).d. Populate a DISR generated Standards View (StdV)-1 (Technical View(TV)-1), using the information developed from the integrated architectures(Systems View (SV)-2, SV-6 and StdV-1(TV-1)) (Enclosures C and D).e. Provide the program's non-technical portion of the StdV-1 and StdV-2with the NR KPP architecture data or the optional NR KPP Architecture DataAssessment Template.f. Develop, publish, and maintain ICAs using the ICA template available onthe NR KPP Manual page (reference n).g. Register and maintain approved DODAF architecture data (reference g)or the optional filled out NR KPP architecture data assessment template in afederated repository. When architecture data resides in a military Service,agency, or Combatant Command repository, ensure architectures are alignedto JMTs (when available) and the JCSFL, and are resourced, developed,managed, discoverable, searchable, and retrievable (reference q through y).Include the Web page link where the architecture is registered in theJCIDS/BCL Business Case documents.h. Ensure an All View (AV)-1 is registered and exposed to public users inthe DOD Architecture Registry System (reference eel to enable its discovery.

i. Use IT mission-thread analysis to enable operational capabilities in coalition environment by identifying all potential system interfaces. j. Acquisition managers shall address information assurance requirements for all weapon systems; Command, Control, Communications, Computers,Intelligence, Surveillance, and Reconnaissance systems; and information A-5 Enclosure APage 16CJCSI6212.01F21 March 2012technology programs that depend on external information sources or provideinformation to other DoD systems. DoD policy for information assurance ofinformation technology, including NSS, appears in reference 1.6. Combatant Commands, in addition to Component responsibilities above,will:a. Prioritize interoperability requirements using approved attributes,(references d and m) to support capability-focused joint assessment, design,development, and testing.b. Identify and submit significant joint interoperability deficienciesobserved during operational exercises or real world operations as integratedpriority list inputs during the capability gap assessment process (reference bbl.c. USSOCOM, in addition to component responsibilities above, will:(1) Establish NR KPP criteria for Special Operations Peculiar (SO-P) IT.According to reference ff, USSOCOM approves all SO-P capability documentsbelow a JROC interest JPD. USSOCOM accomplishes NR KPP certificationsaccording to this publication and established standards. The standards will beused for interoperability testing for programs under their Title 10 authority.(2) Review programs that facilitate global operations against terroristnetworks.d. USSTRATCOM, in addition to the responsibilities above, will:(1) Review programs supporting global strike, missile defense,intelligence, surveillance and reconnaissance, information operations, andspace operations.(2) Ensure United States Cyber Command will assist DISA and theNational Geospatial Intelligence Agency (NGA) in reviewing and defining IAstandards.7. DISA will:a. Comply with sponsor, PM, and DOD Component responsibilities.b. Ensure JITC leverages previous, planned and executed DT&E and OT&Etests and results to support joint interoperability test certification andeliminate test duplication (reference cc). DASD(DT&E) shall approveDevelopmental Test and Evaluation plans in support ofJoint InteroperabilityTest Certification as documented in the TEMP. JITC shall advise DASD (DT&E)A-6Enclosure APage 17CJCSI6212.01F21 March 2012regarding the adequacy of test planning in support of Joint InteroperabilityTest Certification.8. Director, NGA, will, in coordination with JITC, the RTO, the OTAs, and theappropriate intelligence functional manager(s), develop interoperability test andevaluation criteria, measures, and requirements related to GEOINT. Thecriteria, measures, and requirements shall identify the expected cyber threatenvironment and be included in acquisition documents, TES, TEMP, and othertest plan submissions. Prior to a fielding decision for all new or modified IT(regardless of the JPD), the military Services, Defense Agencies, CombatantCommands, and participating test unit coordinators will ensure those systemsor net-centric capabilities undergo and successfully complete jointinteroperability test and evaluation according to these criteria. This includesany limited or prototype fielding.9. Director, NSA/Chief, Central Security Service, will:a. As the Community Functional Lead for Cryptology, coordinate mattersinvolving Interoperability and Supportability of Cryptologic Systems and U.S.Signals Intelligence Directives (USSIDs) across DoD Components.b. Serve as the DoD Lead for approving and enforcing tactical SignalsIntelligence (SIGINT) architectures and standards, which are coordinated withDoD Components, the U.S. Special Operations Command, and the IntelligenceCommunity CIO; as the basis for Cryptologic System interoperability.c. Provide architectural standards compliance and interoperabilityassessments to assist Milestone Decision Authorities in Cryptologic Systemproduction decisions.d. Develop policy and procedures so that IA information for interoperableIT/NSS is releasable to joint, combined, and coalition forces and U.S.Government Departments and Agencies.e. Ensure that interoperable and supportable IA products are available forIT/NSS.f. In cooperation with the DISA, identify, evaluate, and select appropriateIA standards which support interoperability ofIT/NSS, to be included in theDoD IT Standards Registry.g. Ensure that technical, procedural, and operational interfaces arespecified and

configuration managed in coordination with other DoDcomponents, so that DoD, non-DoD, and coalition cryptologic/cryptographicsystems can interoperate with DoD IT and NSS. A-7 Enclosure APage 18CJCSI6212.01F21 March 2012h. In coordination with JITC, the RTO, the OTAs, and the appropriateintelligence functional manager(s), develop interoperability test and evaluationcriteria, measures, and requirements related to cyber security. The criteria,measures, and requirements should be developed and maintained to identifythe expected cyber threat environment with the further expectation that theywill be included in acquisition documents, TES, TEMP, and other test plansubmissions for IT/NSS which are DoD ACAT II or above. A-8 Enclosure APage 19CJCSI6212.01F21 March 2012ENCLOSURE 8PROCESS OVERVIEW AND STAFFING PROCEDURES1. Overview. This enclosure provides an NR KPP certification process overviewwithin the DOD IT life cycle. NR KPP assessments are conducted throughoutthe IT life cycle to identify and resolve potential interoperability and/oremerging net-centricity challenges and mitigate the risk of delivering noninteroperable capabilities to the Warfighter.2. Types of NR KPP Certifications. NR KPP certification is provided via a JointStaff J-8 signed memo. The four NR KPP certifications are:a. Certified. Certified IT has completed all NR KPP requirementsand/or stages and all comments were successfully adjudicated.b. Not Certified. Not certified IT has completed all NR KPPrequirements and/or the stages, but has unresolved critical comments thatdeny certification.c. Not Applicable. After the JCIDS documents are reviewed it isdetermined by the Joint Staff the NR KPP does not apply because it lacks jointinterface or doesn't exchange joint information.d. Not Required. JCIDS documents are reviewed it is determined a NRKPP certification is not required for this stage or type of document byregulation or guidance (reference d).3. Process Relationships. Figure 8-1 depicts the DOD acquisition, JCIDS, NRKPP certification, and spectrum requirement compliance process relationships.8-1Enclosure 8Page 20CJCSI6212.01F21 March 2012 6 l:::... MUeatone Reri.... o . Deciaion Polat (Pr ~ L!i~=) IOC FOC I I I I Materiel........It..... , ~. , Opend:tou& TiIOJuaolocr I I DOD I MM. taUI.... I 8oluttoa 8uppoK~ I ~ I I 5000 .,..,.,...... Aaalysia I I "'aterial I - I I De".lopmeot I : I --0-- II IoBIl'/JOTU I O=-- I I ro' P!). ACI.lNlAI De<OWlo..I ~ II I Pre-S,._. AcqlllaitiOll s,.t..... Acqlllaitioll Sua'tIdnm_t J\ III JCIDSIII I NRKPPCmProceu cl I A ruCSI3170J-8 ,RDlSA (JITC)1116212KPPtCmTIIIlt Cm III Spectnlm I • Initid• BUIIIod4th-VpdaWBUIIIod4th'Deploye4 -Pull"Twtmc ~••__t Supportebility I Mill' ,..,. BM4ori4th Support IIIE3Proceu I'IIIitlall'lnDl'Ireq" - _....t ...... , ...........t ·_C......~/'het ·P.....J\req I I 'Spectrum 8eIectImlA.ape4 I ·.1........_ 'lD'A.Supportability .......n.r • BOP TJpp:lIAlII/• Update_II_ ....• c-tiIm.e JIa.t .atIcm. I AruI1J1OiII P3I ·8ta'tlD'Aeo.4 I 'E3Req o_4 •TJpdate4_11: Deftnttion .1lOOIINt __ I •Update _11_ .... II DDJ'ozm I 8.....8uee1 ....8 St-ce S 8ft&!t2 I 1494 stag.. Figure B-1. DOD Acquisition, JCIDS, NR KPP Certification Relationship Overview 3. NR KPP Certification Process. The Joint Staff reviews and grants NR KPPcertification (via a certification memo) on sponsor approved JCIDS documents.The Joint Staff certifies the NR KPP, using the DODAF architecture data or theoptional NR KPP Architecture Data Assessment Template, and spectrumrequirements compliance. The Joint Staff reviews and comments on the ISPNR KPP, DODAF architecture data, or the optional NR KPP Architecture DataAssessment Template, and spectrum requirements compliance. Thearchitecture data identified in table B-1 is required to support the variousJCIDS documents for systems that have joint interfaces or joint informationexchanges. BCL documents comply with the BEA.a. Pre-DOD Acquisition System MS A Documents. Prior to MS A, ICDs,DCRs, and CONOPS are reviewed to determine which JCA, JMT, associatedmission areas, and Universal Joint Task List (UJTL) are identified; to determineif interoperability with other developing capabilities is considered; to determineif GIG 2.0 goals and characteristics and NetOps for the GIG direction(references j and 1) are addressed, and to ensure spectrum requirements areidentified (references x through aa).B-2Enclosure B

Page 21CJCSI6212.01F21 March 2012 III ~e 5 ::I 61j ::I .tl U,.t: o U 0 ... .... ~ < OCRRlCONOPS RlICDXlCODXlCPOXlIC3,4X LepadNot. 1Not. 2Not. 3Not. 4Not. 5Not. 6 ---~-- ~ .... .... ~ ~ ID ..c ID .... t'l "? t'l .... t'l ('I') "it' II) ID ~ . .... t'l ('I') "it' II)II) "9 . ~ . ~ ~ . . ~ ~ ~ . ~ ~ . ~ ~~~ E5~~~ 000 R R R RRR R R RRR RR RX R R R RRX XX X 0X X X X X X XXX X X X X XX X X X X X XX X X X X X X XX X XXX XX X XX X X X - Requjnd 0 - 0ptDaal R- Ret:: QI 1I1IIIHIIdad. -- .... t'l "it' 11) :> . . > > > u uuu 6i6i > 6i O'l ...... ... ... 0 00 0 ID U "9 t'l .... t'l "it' II) ~ . , ~ . ~ fn fnfn X X X X X XX X X X X XXX X X X "9 ~ > - ~ .... u . > fn F! I'llID <3 u ... ... 0 0 00 .... .... .... .... • . :> • ID to: > > > . U U U ." fn fn > 6i > .... I'llI'll I'll RRRX XX2X XX2XX X X X ~ ~ t'l :> ." til. X2X2X PM IIIII:eIls to check with tbUr Component for a:a.Y additicma1 a:rdIib!ctu:ral/~ nquin!mImts iar CODs, CPOs.. (e .... HQDA requir-. tlw: SV -lOe, USMCrequires tlw: SV-3. Ie requir-. tlw: SvcV-I0a IIDIl Svcv...atThe AV -1 mu.st be rec;iste:nd. mu.sf. be "public-1IDIl ~ at tlw: lowest classi&caliDn IImtl POlO'" inDABS for couqiia't'lCe.The tacImical po:rtion of the StdV-1 aDd. StdV-2 an builtum.c G"lG-F DISR s1:a:odards praIitirJc J'UCJIJroIIS 1IDIl. within six IDDlItbs of suhzrittinc JCIDSclocnJTMtntptinn, mu.st be cuneDlllDll pulJlisbacl for compJjenc:. Use of __mandated. DISR staDdank in tlw: StdV-1 mu.sf. be apJm:MIIi by tlw: PM or otlw:rclub' clesipuded. CCII:upcmiI!Dt: ~ officialllDll clocn ....... ~ by a waiver DOtificatiDD prov:idat to tlw: DoD CIO.•lmeltipDce Commnrn.,. (Iq requin!mmts lAW tlw: IC Eat.rpis.e Archita:rture Pmp-mnA:mhifectJ.:a:a Guidulld clevelopmeDt.pbasewhicb.clari6es tlw: ICPoticy Gui:Umce 801.1 Acquis;itirm..Service V:in.rs. ~ __ 1. The Spoasar" IIDIl tlw:Prognunanjoinfl;yrespcmsible iartlw: AV-l. AV-2. CV-l. CV-2. CV-3. CV.4, CV-S, CV6, SV-6 or SVCV-7. 2. TheSpoasar" is responsiblefor tlw: clevelopueutoftlw: arcbitecture datafortlw: OV-l. OV-2, OV.4. OV..sa, OV6c:; DlV-2, aDd. tlw: SV-6 or SvcV-6.3. The PropIllZlis responsible for tlw: d.4n.Jopmmt of tlw: archiI:ecture data for tlw: DIV-l. DIV -3. OV-3, CN-Sb, OV-6a, PV-2, SV -1 or SvcV-l, SV-2 orSvcV-2, SV.4 or SvcV-4, SV-Saor SVCV-S. SveV-10a, SveV-l(1), SvcV-IOc, StdV-l, aDd. StdV-2. • ()peratiDDalUUI" (or repa!ll8Dtativet. The NR-KPP Measures data is capf.uJ.'8d intlw: SV-7 or tlw: SVCV-7. Table B-1. Required Architecture Data by Document B-3 Enclosure BPage 22~N P-4 P-4 00 NN P-4,.s:: N U IDa oo~ UP-4 aNIII (!) I-< :=:$ rJ) 0 ...... U s:: (:ilPage 23CJCSI 6212.01F21 March 2012b. Post-DOD Acquisition System MS A Documents(1) CDDs and CPDs are reviewed and the NR KPP certified via KM/DS,using DODAF architecture data or the optional NR KPP Architecture DataAssessment Template and spectrum requirement compliance to support NRKPP certification by the JROC. The post MS-A document certification evaluatescompliance with NR KPP attributes, GIG 2.0 goals and characteristics, ITportfolio management recommendations, and alignment to the current DODAF.Certification occurs prior to acquisition MS Band C and when capabilitychanges result in updates to the NR KPP. Architecture data is provided viaWeb page link where the architecture is registered or repository access versusincorporating the architecture products in the document.(2) NR KPP certification also applies to IT approved by the JROC to usethe modified JCIDS process (referred to as IT box in reference d).(3) The NR KPP within the ISP is reviewed by the Joint Staff.c. BCL Document Reviews and NR KPP Certification. BCL documents arereviewed to determine if JROC interest exists (reference d and f) and to providecomments. Ifjoint interest exists, the documents are evaluated using the mostcurrent BEA and assessed to ensure the planned acquisition is consistent withGIG policies, including spectrum compliance. Finally, the IT AcquisitionProgram Baseline NR KPP (reference e) is evaluated for NR KPP certification andBEA.4. NR KPP Staffinga. JCIDS Document Review and Certification. Pre-MS A JCIDS documentreviews CDD and CPD certification of the NR KPP, using the DODAFarchitecture data or the optional NR KPP Architecture Data AssessmentTemplate, and spectrum compliance is accomplished in concert with the threeJCIDS phases (reference d). Interoperability issues may be identified by DODComponent via KM/DS.5.

C4/CYBER FCB Adjudication. Unresolved NR KPP, DODAF architecturedata or the optional NR KPP Architecture Data Assessment Template, andspectrum compliance issues are forwarded to the C4/ CYBER FCB or MilitaryIntelligence Board (MIB) for resolution and their decisions provided to the leadDOD Component to complete the JROC approval process. The C4/CYBER FCBand MIB ensure unresolved issues are presented to the JROC for resolution viathe appropriate FCB. Unresolved issues will prevent JCIDS document NR KPPcertification. B-5 Enclosure BPage 24CJCSI6212.01F21 March 20126. Review Timelines. The current version of CJCSI 3170 contains the JCIDSdocument review timelines (reference d).7. Failure to Meet NR KPP Certification Requirements. Failure to meet ormaintain NR KPP certification or joint interoperability test certification mayresult in:a. No JROC validation of the program CDD, CPD, or DOD CIO approval ofthe ISP.b. Recommending the IT not proceed to the next MS (if currently in theDOD 5000 acquisition process).c. Recommend that funding be withheld until compliance is achieved andthe program and/or system is validated.d. Withholding NR KPP certification and recommend revoking any existingInterim Certificate to Operate (ICTO) until the issue is corrected.8. Recommendations. Failed NR KPP certification recommendations areprovided to USD(AT&L); USD(P); USD(C); USD(I); Director, CAPE; DOD CIO;DOD EA for Space; and the JROC.9. Uniform Resource Locators (URL). URLs for NR KPP internet resources andNR KPP Manual are located on the CJCSI 6212 Resource Page (reference n).This page will be kept up-to-date as Web sites change. Contact the Joint Stafflead if unable to access the resource pageB-6Enclosure BPage 25CJCSI6212.01F21 March 2012ENCLOSURE CNR KPP DEVELOPMENT AND NR KPP CERTIFICATION PROCEDURES 1. NR KPP Overview. All IT will follow the NR KPP development process. Net ready attributes determine specific measurable and testable criteria forinteroperability, and operationally effective end-to-end information exchanges.The NR KPP identifies operational, net-centric requirements with threshold andobjective values that determine its measure of effectiveness (MOE) and measureof performance (MOP). The NR KPP covers all communication, computing, andelectromagnetic spectrum requirements involving information elements amongproducer, sender, receiver, and consumer. Information elements include theinformation, product, and service exchanges. These exchanges enablesuccessful completion of the Warfighter mission or joint business processes.The NR KPP identified in the CDD or CPD will also be used in the ISP toidentify support required from external IT. The NR KPP is a mandatory KPP forall program increments. The NR KPP includes three attributes and theMOP/MOE that is derived through a three-step process of mission analysis,information analysis, and systems engineering. MOP / MOE are validated insolution architecture data developed according to the current DODAF or theoptional NR KPP Architecture Data Assessment Template. The attributesdepict how planned or operational IT:a. Attribute 1. Supports military operations,b. Attribute 2. Is entered and managed on the network, andc. Attribute 3. Effectively exchanges information.2. Attribute Characteristics. A general attribute description is below followedby detailed steps to develop each attribute. Enclosure D provides detaileddirection to develop solution architectures for each attribute.a. Support Military Operations. This attribute specifies which militaryoperations (e.g., missions or mission threads) a system supports. MOEs areused to measure mission success and are specific to the conditions underwhich a mission will be executed. The MOEs are the basis of the NR KPPthreshold and objective measures. This attribute should also specify whichoperational tasks the IT supports; the MOPs are used to measure taskperformance and the conditions under which the tasks are performed. Sincethe NR KPP focuses on exchanging information, products, or services withexternal IT, these tasks should only be net-centric operational tasks.Operational tasks are net-centric if they produce information, products, orC-1Enclosure CPage 26CJCSI6212.01F21 March 2012services for or consume information, products, or services from external

IT(including storing information on external IT).b. Entered and Be Managed On the Network. This attribute specifieswhich networks the IT must connect to in order to support its net-centricmilitary operations. The attribute must also specify performance requirementsfor these connections. To determine these performance requirements, answerthe following questions in the context of the missions and tasks supported:(1) What types of networks will the IT connect to (this is more thaninternet protocol (IP) networks)?(2) What MOPs do the required networks use to measure networkentrance and management performance? This includes MOPs to measure thetime from system start up to when the system is connected to the network andis supporting military operations.(3) Who manages the system as it connects to various networks? (4) How is system managed? Will management be distributed, centralized, local, or remote? (5) What configuration parameters does the network have? c. Effective Information Exchanges. This attribute specifies theinformation elements produced and consumed by each mission and net-readyoperational task identified above. Since the NR KPP focuses on a system'sinteractions with external systems, information elements the IT produces,sends, or makes available to an external system and information elements theIT receives from an external system are identified. For each informationelement, MOPs are used to measure the information element's production orconsumption effectiveness. NR KPP MOPs should describe how the informationelements will support unanticipated uses as described by the DOD Data andServices Strategy criteria of visible, accessible, usable, trusted, andinteroperable.d. Summary Table. Table C-1 summarizes the NR KPP attributes and theirassociated metrics in terms of a standardized framework and data sources toleverage when developing attributes and their threshold and objective values.C-2Enclosure CPage 27CJCSI6212.01F21 March 2012 NRDevelopmentSample DataMeasuresAttributeNRKPPNRKPPKPPStepSourcesAttributeDetailsMOEIMOPMissionJMETL, JMT, MOEAnalysisMOEs used toSupport to MilitaryUJTL,andOperationsOperation determine theMilitarysuccess of theMETLSupport to(e.g.,military Military missionoperation Operations areas ormissionConditionsthreads)under which themilitaryoperations mustbe executedOperationJMETL, JMT, MOPal tasksMOPs used todetermineUJTL,andrequiredactivityMETLby theperformancemilitaryConditionsoperations under which theactivity must beperformedInformationMOP for enteringMOPAnalysisEntered and Which N/A the network the network managed on networksdo theMOP forMOPnet-N/Amanagement incentricthe networkmilitaryoperationsrequireEffectivelyDODAFOV-3, MOPexchangesInformatio MOP to ensureinformationOperationalinformationnproduced exchanges are:Resource FlowandContinuousMatrixconsumed Survivableby eachInteroperablemilitarySecureoperation OperationallyandEffectiveoperational taskSystemsSupports allOVs and SVsEnsuresProvides N/A Engineering 3 attributes that ITtraceability fromandsatisfiesthe IT MOPs toArchitecturethethe derivedattribute operationalrequireme requirementsnts Table C-1. NR KPP Development C-3 Enclosure C iPage 28CJCSI6212.01F21 March 20123. NR KPP Functions. The NR KPP is used to:a. Requirements. Evaluate interoperability and net-centric requirementsfor the system.b. Information Exchanges. Verify IT supports operationally effectiveproducer to consumer information exchanges according to the sponsor'svalidated capability requirements and applicable reference models andreference architectures (reference b).c. MOEs and MOPs. Provide MOEs and MOPs to evaluate IT's ability tomeet the threshold and objective or initial minimum values when testing thesystem for joint interoperability certification.d. Interoperability Issues. Analyze and identify potential interoperabilityissues early in the IT's life cycle and identify joint interfaces or jointinformation exchanges through systems engineering and architecturedevelopment. IT architecture in JCIDS documents is developed according tocurrent. In addition, the architecture must align with JMTs (as available),JCSFL, DOD lEA (reference m), JIE ORAjWEA, and Data Services Environment(DSE) to identify potential interoperability disconnects

with interdependentsystems or services as well as detailed information exchange and informationsharing strategies.e. Compliance. Determine whether IT complies with netops for the GIGdirection (reference 1), GIG 2.0 goals and characteristics (reference h), and isintegrated into system development.f. Spectrum Requirements. Ensure compliance with joint, DOD, national,and international spectrum utilization requirements, E3, informationbandwidth requirements, bandwidth analysis (references x through aa), tacticaldata links (reference y), selective availability anti-spoofing module (referencesee and ff), and the joint tactical radio system (references gg and hh).4. NR KPP Development. All IT requires a NR KPP that specifies measurableand testable interoperability requirements. Interoperability requirementsinclude both the technical information exchanges and the operationaleffectiveness of those exchanges. NR KPP development uses a three-stepquestionjanswer process to develop threshold and objective values and initialminimum values.5. The Net Ready Key Performance Parameter (NR KPP) Manual Wiki page islocated here: https: j j www.intelink.govj wikij Net_Ready _Key _Performance_Parameter_{NR_KPPLManual. C-4 Enclosure CPage 29I CJCSI6212.01F21 March 20126. NR KPP Example. Table C-2 is an example of completed NR KPP usingnotional values. NR-KPPAttributeSupport net-centric militaryoperationsKey Performance ParameterMission: Tracking andlocating (Finding, Fixing,Finishing) High-Value Target(HVT)-Measure: Dissemination ofacquisition data for HVT-Conditions: C 2.3.1.6CommunicationsConnectivityMission Activities: Find HVT--Measure: LocationThreshold--10 minutes--Continuous--100 Meter circleObjective--Near-Real-Time i --Continuous --25 Meter circleaccuracy--Conditions: C 2.4.6--High. --AbsoluteCertitude of Data Enter and be Network: SIPRNET managed in the --2 minutes--1 minute network --Measure: Time to connectto an operational network from power up --Condition s: C 2.3.1.6 --Continuous--ContinuousCommunicationsConnectivityNetwork: NIPRNET--Measure: Time to connect --2 minutes--1 minuteto an operational networkfrom power up. --Conditions: C 2.3.1.6--Continuous--ContinuousCommunicationsConnectivityExchangeInformation Element: Target information Data--Measure: Dissemination of--5 secondsHVT biographic and physicaldata--Measure: Latency of HVT10 seconds--5 seconds--2 secondsbiographic and physical data--Conditions: C 1.3.5 RF--UnrestrictedI--unrestrictedSpectrum Table C-2. NR KPP Example7. Spectrum Requirements Compliance. To obtain an I&S NR KPPcertification, all spectrum dependent devices must comply and be developedwith the spectrum management and electromagnetic environment effects (E3)direction in references a, e, t, u, and hh. The assessment of equipment orsystems needing spectrum is the receipt of equipment spectrum certification,availability of frequencies for operation, and consideration of EMC. Thespectrum process includes joint, DoD, national, and international policies and C-5 Enclosure CPage 30CJCSI6212.01F21 March 2012procedures for the management and use of the electromagnetic spectrum. Thespectrum process is detailed in Enclosure D and on the NR KPP Manual Wikipage. The Supportability Requirements Compliance is located on the NR KPPManual Wiki page.C-6Enclosure CPage 31CJCSI6212.01F21 March 2012ENCLOSURE DNR KPP ARCHITECTURE DEVELOPMENT METHODOLOGY1. NR KPP Architecture Development Methodology. Architecture developmentenables development of the NR KPP. Architecture-based solutions, developedthrough a strict verification and validation process, are fundamental forimproved interoperability, better information sharing, stricter compliance, andleaner processes. They also feed into system engineering processes andultimately result in reduced costs and more effective mission accomplishment.The DODAF (reference g) describes the 6-step architecture development processfor DOD (figure D-1). The 6-step architecture development process supportsthe 3 step of NR KPP development process in Enclosure C. Solutionarchitectures, conforming to the current DODAF, are developed, registered, andused as tools to improve joint operational processes, infrastructure, andsolutions and to promote

common vocabulary, reuse, and integration.Additionally, architecture development enables compliance with the NR KPPcertification requirements. Figure D-2 displays the NR KPP development stepsin relation to the JCIDS and acquisition processes.a. Background. With the release of DODAF version 2.0, the architecturefocus switched from "products" to "data". Similarly, the NR KPP certificationprocess changes NR KPP architecture development from an architectureproduct process to a data focus to enable analysis among programs, systems,and services. Architectures for NR KPP certification will be developed using themost current DODAF version or the optional NR KPP Architecture DataAssessment Template. NR KPP Architecture Data Assessment Templateinstructions are on the CJCSI 6212 Resource Page (reference n).b. DODAF Use. Develop architectures for NR KPP certification using themost current DODAF version. Existing architectures will be updated to themost current DODAF version before the next JCIDS document is submitted.Data sharing and data interoperability are enabled through architectures.Table B-1 above depicts required architecture data by JCIDS documents.c. Architecture Tools. Produce architectures using a tool that creates data.Use of commercially available architecture tools is encouraged.d. Submitting Architectures. Include the web link to the requiredarchitecture data, wherein the data formats will support staffing, analysis,distribution, and reuse. Architecture data should be submitted in formats thatcan be viewed without specialized or proprietary tools and must be legible forreviewers. Until DM2 PES compliant tools are available with architecture dataexchange standards, submit required architecture data, from table B-1, usingD-1Enclosure DPage 32CJCSI6212.01F21 March 2012Microsoft products or the optional the NR KPP architecture data assessmenttemplate. Whether using Microsoft products or the optional NR-KPPArchitecture Data Assessment Template to submit the architecture data, therequired data is specified on the CJCSI 6212 Manual Page (reference gg).When DM2 PES compliant commercial architecture tools are available, they will be used to develop and submit architectures for NR KPP certification. - ! .8taIIe1aDld.er ............... ..,...,... • Cdt::lGlll .....• Tllrpto~... .....,.~ ·D~hia" ·PN.... .....". ........ - (3)(5) (a) ....... .............. • d••Ioa......... ..... • o.o.,a,ldoll1.opel'.tloaal, ... ftaaotloaal 'bouaft • T.oluaolofjo&l 'bouade • ••, ••d V9h1tC9'Wtl! Char..t.rIetio.. • AnWt••turll1••ta.AtHie. • Levele or...tail ·.Aut_at...repM'orie.• Aotiwty MOIl••·O.ta:aMHlcle• D,aamlo mocI.1e • Or • ..u..tIoall1 • DoItI"IIIl an.s,.ee ·c",...t7...... • ..t.l'op....1IWt,. ...._... ........,_.. -~ • Anh1t••tunpn••taw.aDcIvIe_ ........ _hitcotllNdata ·MaJreIe • Time "'_(e) • AroWt••tun• Uakeor _1UnIft aao4•• • IIkt"'ata• T.et a.rohit.otuno_,let......nport. HeOIII'O. aa4 _beduk• "'--iat.4IIktacl.t.retietratloD...o\ll'lOy, aDcI ..d1Weaq OODftI'Ua'e tI Figure D-1. DOD 6-Step Architecture Development ProcessD-2Enclosure DPage 33CJCS16212.01F21 March 2012 Operational RequirementsS,wtem RequirementsDevelopment via JcmsDevelopment DuringAcquUdtion r--------~~~--------'\ Stl I' I Sl< II ) St"I' " rvll',c,lull iJtl,qlJI,It!'>!I~~\"',H IlJ') All, 11\ "1', [\11,11\',1', 1'1 H')I 1(1"1 III!: MissionthreadsOperationalactivitiesPerformancemeasures Netviorks System Informa:t:i.on Design exchangesPerfomumcemeasures I;", 11111<"11111',111< Ie 11':-, I,,,,} ArchitecturesSpecificationsTest Plans Figure D-2. NR KPP Development Applied to the JCIDS and Acquisition Processes 2. DOD lEA Alignment. The DOD lEA provides a common taxonomy andlexicon to describe required communications capabilities and align solutionarchitecture with the GIG as required by reference x. The DOD lEA providesthe DOD-wide context and rules for IT solution architectures. Alignment withthe DOD lEA and other relevant architectures provides context for solutionarchitectures.a. Architecture Alignment. Align solution architectures to the laws,regulations, and policies identified in the DOD lEA (reference m) and accordingto the compliance criteria in the DOD lEA. Show linkage to parent enterprisearchitectures, and fit within Component and DOD architecture descriptions,using appropriate reference model and reference architectures (DOD lEA, JIEORA/WEA, and IT infrastructure ORA).b. Activity Models. For aligning with DOD lEA, within the activity model,address

activities and information inputs/outputs. This activity model will bebuilt in compliance with the DOD lEA. Use DOD lEA activity names anddescriptions to the maximum extent possible. An alternative method ofcompliance permits the use of system unique communications activities in theOV-5b, but requires a cross-walk table to the DOD lEA activities where arelationship exists and is included in the ISP. D-3 Enclosure DPage 34CJCSI6212.01F21 March 2012c. NR KPP Information and Architecture Views. The NR KPP architecturaldevelopmental process and template is located on the Net Ready KeyPerformance Parameter (NR KPP) Manual Wiki page located here:https: / / www.intelink.gov/wiki/ NeCReady_Key_Performance_Parameter_(NR_KPPLManual. D-4 Enclosure DPage 35CJCSI6212.01F21 March 2012ENCLOSURE E REFERENCES a. DOD Directive 4630.05, 5 May 2004, "Interoperability and Supportability ofInformation Technology (IT) and National Security Systems (NSS)"b. DOD Instruction 4630.8, 30 June 2004, "Procedures for Interoperabilityand Supportability of Information Technology (IT) and National SecuritySystems (NSS)"c. CJCSI 3170.01 Series, "Joint Capabilities Integration and DevelopmentSystem"d. Manual for the Operation of the Joint Capabilities Integration andDevelopment System, see https:/ /www.intelinkgov/wiki/JCIDS_Manual toaccess the JCIDS Manuale. DOD Instruction 5000.02,8 December 2008, "Operation of the DefenseAcquisition System" f. DTM 11-009 (Acquisition Policy for Defense Business Systems). g. DOD Architecture Framework (DODAF), Version 2.0, seehttp://dodcio.defense.gov / sites/ dodaf20/h. JROCM 095-09, "Global Information Grid 2.0 Initial Capabilities Document" i. DOD Directive 8000.01, 10 February 2010, "Management of the Department of Defense Information Enterprise" j. DOD Instruction 8410.02, 19 December 2008, "NETOPS for the Global Information Grid"k Joint Common System Function List, Defense Knowledge Online seehttps:/ /www.us.army.mil/suite/ page/419489 1. DOD Instruction 8510.01,28 November 2007, "DOD Information Assurance Certification and Accreditation Process (DIACAP)"m. Defense Information Enterprise Architecture 1.2 (DOD lEA 1.2), May 2010,see http://dodcio.defense.gov/ sites/diea/E-lEnclosure EPage 36CJCSI6212.01F21 March 2012n. CJCSI 6212 Resource Page, seehttps:/ /www.intelink.gov/wiki/Portal:CJCSC6212_Resource_Pageo. DOD Acquisition Guidebook see https:/ /dag.dau.mil/Pages/Default.aspxp. Department of Defense Information Technology Standards Registry (DISR)see NIPRNET at https:/ / DISRonline.disa.mil/ and on the SIPRNET at http:/ /DISRonline.disa.smil.milq. DOD Directive 8320.02, 23 April 2007, "Data Sharing in a Net-CentricDepartment of Defense"r. DOD CIO Memorandum, 9 May 2003, "DOD Net-Centric Data Strategy"s. DOD Chief Information Officer, 4 May 2007, "DOD Net-Centric ServicesStrategy,"t. DOD Directive 3222.3, 8 September 2004, "DOD ElectromagneticEnvironmental Effects (E3) Program"u. DODI 4650.01, January 9, 2009, "Policy and Procedures for Managementand Use of the Electromagnetic Spectrum,"v. DOD 4650.1-R1, 26, April 2005, "Link 16 Electromagnetic Compatibility(EMC) Features Certification Process and Requirements"w DOD Instruction 8500.2, 6 February 2003, "Information Assurance (IA)Implementation"x. CJCSI 6215.01 Series, "Policy for Department of Defense (DOD) VoiceNetworks with Real Time Services"y. Chairman of the Joint Chiefs of Staff, Director for Force Structure,Resources, and Assessments (J8) memorandum, 6 June 2011, "CapabilityDevelopment Tracking and Management (CDTM) Implementation Plan"z. JIE ORA/WEA athttps: / / www.intelink.gov/wiki/JoinCInformation_Environmentaa. DOD Directive 5000.01, November 20, 2007, "The Defense AcquisitionSystem"bb. DOD 7000. 14-R, Volume 2B, Chapter 18, July 2010, "DOD FinancialManagement Regulation: Information Technology"E-2Enclosure EPage 37

CJCSI6212.01F21 March 2012cc. DOD Instruction 8100.04,09 December 2010, "DoD Unified Capabilities(UC)"dd. Secretary of Defense DTM 11-006, June 14,2011, "Establishment of theSenior Integration Group (SIG) for the Resolution of Joint Urgent OperationalNeeds (JUONs)"ee. DOD CIO DTM 09-013, Change 2, March 10, 2011, "Registration ofArchitecture Descriptions in the DoD Architecture Registry System (DARS)"ff. JROCM 079-09, 2 November 2009, "Delegation of Authority for SpecialOperations Command"gg. Ready Key Performance Parameter (NR KPP) Manual Wiki located here:https:j jwww.intelink.govjwikijNeCReady_Key_Performance_Parametec(NR_KPPLManualhh. Intelligence Community Joint Architecture Reference Model, seehttps:j jwww.intelink.govjwikijJoinCArchitecture_WorkinK-Groupii. DoDI 0-3115.7, September 2008, Change 1 19 November 2010, "SignalsIntelligence (SIGINT)."jj. DoDD 5000.01, May 12, 2003 (Certified Current as of November 20, 2007),"The Defense Acquisition System"E-3Enclosure EPage 38CJCSI6212.01F21 March 2012 (INTENTIONALLY BLANK) E-4Enclosure EPage 39ACATAVBCLC2C4C/S/ACDDCIOCJCSCJCSICOlCONOPSCOTSCPDCRMDAADARSDBSDCRDDC4DHSDISADISRDIVDITPRDM2DODDOD CIODOD lEADODAFDODDDODIDOT&EDOTMLPFDRRSDRSNDT&ECJCSI6212.01F21 March 2012GLOSSARYAcquisition CategoryAll ViewBaseline Capabilities LifecycleCommand and ControlCommand, Control, Communications, and ComputersCombatant Commands, Services, AgenciesCapability Development DocumentChief Information OfficerChairman of the Joint Chiefs of StaffChairman of the Joint Chiefs of Staff InstructionCommunities of InterestConcept of OperationsCommercial-Off-the-ShelfCapabilities Production DocumentComments Resolution MatrixDesignated Approving AuthorityDOD Architecture Registry SystemDefense Business SystemDOTMLPF Change RecommendationsDeputy Director, Command, Control, Communications,and ComputersDepartment of Homeland SecurityDefense Information Systems AgencyDOD Information Technology Standards RegistryData and Information ViewDOD Information Technology Portfolio RepositoryDODAF Meta-modelDepartment of DefenseDepartment of Defense Chief Information OfficerDefense Information Enterprise ArchitectureDOD Architecture FrameworkDepartment of Defense DirectiveDOD InstructionDirector, Operational Test and EvaluationDoctrine, Organization, Training, Materiel, Leadershipand Education, Personnel, and FacilitiesDefense Readiness Reporting SystemDefense Red Switch NetworkDevelopmental Test and EvaluationGL-1GlossaryPage 40CJCS16212.01F21 March 2012 E3 EAEISPEMCEMEERAMFCBFDDFRPFYDPGIGGPSGTPHVTIAIATOICAICDICPICTOIOCIPIRBISPITITPJCAJCBJCIDSJCSFLJIEJITCJMTJMETLJPDJROCJROCMJUONJWICSElectromagnetic Environmental EffectsExecutive AgentEnhanced Information Support PlanElectromagnetic CompatibilityElectromagnetic EnvironmentEnterprise Risk Assessment MethodologyFunctional Capabilities BoardFull Deployment DecisionFull-Rate ProductionFuture Years Defense ProgramGlobal Information GridGlobal Positioning SystemGIG Technical ProfileHigh Value TargetInformation AssuranceInterim Authorization to OperateInterface Control AgreementInitial Capabilities DocumentInteroperability Certification PanelInterim Certificate To OperateInitial Operational CapabilityInternet ProtocolInvestment Review BoardInformation Support PlanInformation TechnologyInteroperability Test PlanJoint Capability AreaJoint Capabilities BoardJoint Capabilities Integration and Development SystemJoint Common System Function ListJoint Information EnvironmentJoint Interoperability Test CommandJoint Mission ThreadsJoint Mission Essential Task ListJoint Potential DesignatorJoint Requirements Oversight CouncilJROC MemorandumJoint Urgent Operational NeedJoint World Wide Intelligence Communications SystemGL-2Glossary

Page 41CJCSI6212.01F21 March 2012KM/DSKPPMCEBMDAMDRMETLMIBMILDEPMOAMOEMOPMSNGANetOpsNIPRNETNRKPPNSANSSNTIAOAOPLAN ORA OSDOT&EOTRROVPESPMPOCRTOSATCOMSIPRNETSMOSO-PStdVSvcVSTPKnowledge Management/Decision SupportKey Performance ParameterMilitary Communications-Electronics BoardMilestone Decision AuthorityDOD Metadata RegistryMission Essential Task ListMilitary Intelligence BoardMilitary DepartmentMemorandum of AgreementMeasure of EffectivenessMeasure of PerformanceMilestoneNational Geospatial Intelligence AgencyNetwork OperationsNon-secure Internet Protocol Router NetworkNet Ready Key Performance ParameterNational Security AgencyNational Security SystemsNational Telecommunications and InformationAdministrationOperational AssessmentOperations PlanOperational Reference ArchitectureOffice of the Secretary of DefenseOperational Test and EvaluationOperational Test Readiness ReviewOperational ViewPhysical Exchange SpecificationProgram ManagerPoint Of ContactResponsible Test OrganizationSatellite CommunicationsSECRET Internet Protocol Router NetworkSpectrum Management OfficeSOC OM PeculiarStandards ViewServices ViewSystem Tracking ProgramGL-3GlossaryPage 42SVT&ETEMPTESTS/SCITVUCRUJTLURLUS&PUSD (AT&L)USSOCOMUSSTRATCOM WWW XMLCJCSI6212.01F21 March 2012System / Service ViewTest and EvaluationTest and Evaluation Master PlanTest and Evaluation StrategyTop Secret/Special Compartmentalized InformationTechnical Standards ViewUnified Capabilities RequirementsUniversal Joint Task ListUniform Resource LocatorU.S. and its PossessionsUnder Secretary of Defense (Acquisition, Technology, andLogistics)United States Special Operations CommandUnited States Strategic CommandWorld Wide WebExtensible Markup LanguageGL-4GlossaryPage 43CJCSI6212.01F21 March 2012PART II - DEFINITIONSAcquisition Category (ACAT). Categories established to facilitate decentralizeddecision making as well as execution and compliance with statutorily imposedrequirements. The categories determine the level of review, decision authority,and applicable procedures. Reference e provides the specific definition for eachacquisition category.All View (AV)-l and AV2. These two products are defined as Overview andSummary Information (AV-1) and Integrated Dictionary (AV-2). The AV-1provides executive level summary information to support quick reference andcomparison among architectures. The AV-2 contains definitions and termsused in the given architecture.Architecture. The organizational structure and associated behavior of asystem. An architecture can be recursively decomposed into parts that interactthrough interfaces, relationships that connect parts, and constraints forassembling parts. Parts that interact through interfaces include classes,components, and subsystems.Attributes. A quantitative or qualitative characteristic of an element or itsactions. Defined in CJCSI 3170.01G.Capability. The ability to achieve a desired effect under specified standardsand conditions through combinations of means and ways across the doctrine,organization, training, materiel, leadership and education, personnel, andfacilities (DOTMLPF) to perform a set of tasks to execute a specified course ofaction. It is defined by an operational user and expressed in broad operationalterms in the format of an initial capabilities document or a joint DOTMLPFchange recommendation. In the case of materiel proposals/documents, thedefinition will progressively evolve to DOTMLPF performance attributesidentified in the capability development document and the capabilityproduction document. Defined in CJCSI 3170.01G.Capability Architecture. A set of descriptions that portrays the context andrules required to achieve a desired effect through a combination of doctrine,organization, training, materiel, leadership and education, personnel, andfacilities. (DODAF 2.0)Capability Development Document (CDD). A document that captures theinformation necessary to develop a proposed program(s), normally using anevolutionary acquisition

strategy. The CDD outlines an affordable increment ofmilitarily useful, logistically supportable and technically mature capability(reference c).GL-5GlossaryPage 44CJCSI6212.01F21 March 2012Coalition interface. Any interface that passes information between one or moreU.S. IT and one or more coalition partner IT.Communities of Interest. Collaborative groups of users who must exchangeinformation in pursuit of their shared goals, interests, missions, or businessprocesses, and who therefore must have shared vocabulary for the informationthey exchange (reference q)Capabilities Production Document. A document that addresses the productionelements specific to a single increment of an acquisition program (reference c).Defense Business System. An information system, other than a nationalsecurity system, operated by, for, or on behalf of the Department of Defense,including financial systems, mixed systems, financial data feeder systems, andinformation technology and information assurance infrastructure, used tosupport business activities, such as acquisition, financial management,logistics, strategic planning and budgeting, installations and environment, andhuman resource management (reference t).Defense Agencies. All agencies and offices of the Department of Defense,including the Missile Defense Agency, Defense Advanced Research ProjectsAgency, Defense Commissary Agency, Defense Contract Audit Agency, DefenseFinance and Accounting Service, Defense Information Systems Agency, DefenseIntelligence Agency, Defense Legal Services Agency, Defense Logistics Agency,Defense Threat Reduction Agency, Defense Security Cooperation Agency,Defense Security Service, National Geospatial intelligence Agency, NationalReconnaissance Office, and National Security Agency/Central Security Service.DOD Architecture Registry System (DARS). The DOD architecture registry thatprovides a web based access to architecture artifact for sharing andcollaboration. (reference gg).DOD Components. OSD, the Military Departments, the Office of the Chairmanof the Joint Chiefs of Staff and the Joint Staff, the Combatant Commands, theOffice of the Inspector General of the Department of Defense, the DefenseAgencies, the DOD Field Activities, and all other organizational entities withinthe Department of Defense (reference a).DOD Enterprise. Relating to policy, guidance, or other overarching leadershipprovided by OSD Officials and the Chairman of the Joint Chiefs of Staff inexercising authority, direction, and control of their respective elements of theDepartment of Defense on behalf of the Secretary of Defense.DOD Information Enterprise Architecture. A federation of descriptions thatprovide context and rules for accomplishing the mission of the Department.GL-6GlossaryPage 45CJCSI6212.01F21 March 2012These descriptions are developed and maintained at the Department,Capability Area, and Component levels and collectively define: (a) the people,processes, and technology required in the "current" and "target" environments,and (b) the roadmap for transition to the target environment.DOD Information Technology Standards Registry (DISR). DISR provides theminimal set of rules governing the arrangement, interaction, andinterdependence of system parts or elements, whose purpose is to ensure thata conformant system satisfies a specified set of requirements. It defines theservice areas, interfaces, standards, and standards profile guidance applicableto all DOD systems. Use of standards mandated in the DISR is required for thedevelopment and acquisition of new or modified fielded IT systems throughoutthe Department of Defense. The use of GTG Federation resources and GIGTechnical Profiles is required to identify DISR standards and to develop andpublish StdV-1/TV-'s and StdV-2/TV-2's for a program's integratedarchitecture/ solution architecture. The GTG Federation includesinteroperability information and web-based applications and resources(Standards Profile building, registry Configuration Management and changetracking) developed to provide the necessary support for continued DISRevolution and automation of the processes that use it. .Enhanced Information Support Plan (EISP). Use of the EISP is encouraged tofacilitate the development of standard ISP formats and assist programs in riskmitigation. The EISP tool is a desktop software application that provides astandard methodology for discovery, analysis, and management of anacquisition program's information dependencies. Data entered into the EISPtool will be tagged with

XML. The tagging is transparent to the user andrequires no PM's actions but enables the data to be easily stored, searched,retrieved, and reused. The EISP process uses a predefined output script thatautomatically creates a PDF ISP document. Information on the EISP tool isavailable on the CJCSI 6212 Resource Page,Electromagnetic environmental effects (E3). E3 is the impact of theelectromagnetic environment upon the operational capability of military forces,equipment, systems, and platforms. It encompasses all electromagneticdisciplines, including compatibility, interference; vulnerability, pulse; electrostatic discharge; hazards of radiation to personnel, ordnance, and volatilemateriel's; and natural phenomena effects, of lightning and precipitation static(reference t).Equipment Spectrum Certification. The statement(s) of adequacy received fromauthorities of sovereign nations after their review of the technicalcharacteristics of a spectrum-dependent equipment or system regardingcompliance with their national spectrum management policy, allocations,GL-7GlossaryPage 46CJCSI6212.01F21 March 2012regulations/instructions, and technical standards. Equipment SpectrumCertification is alternately called "spectrum certification". (Reference u).Essential Operational Needs. Capability determined by the provided of forcesor the combatant command as necessary to accomplish their assignedmlSSlOns.External IT. Any systems outside the scope of the program or Program ofRecord (POR) referenced in the JCIDS document, BCL document, IC document,or ISP (i.e. with information flowing into or out of the program). As an example,an external system to a DOD space system is the widely sharedcommunications backbone or data network that a space system might interfacewith for communications or data services.Fielded System. Post acquisition IT in use by operational or headquartersunits (regardless of the process used to put it into operational use). Fieldedsystems may be modified or improved though standard DOD processes.Functional Area. A broad scope of related joint warfighting skills andattributes that may span the range of military operations. Specific skillgroupings that make up the functional areas are approved by the JROC.Functional Capabilities Board. A permanently established body that isresponsible for the organization, analysis, and prioritization ofjoint warfightingcapabilities within an assigned functional area. (References c and dd).Global Information Grid (GIG). The globally interconnected, set of informationcapabilities associated processes and personnel for collecting, processing,storing, disseminating, and managing information on demand to warfighters,policy makers, and support personnel. The GIG includes all owned and leasedcommunications and computing systems and services, software (includingapplications), data, security services and other associated services necessary toachieve information superiority. It also includes National Security Systems asdefined in section 5142 of the Clinger-Cohen Act of 1996. The GIG supports allDepartment of Defense, National Security Systems, and related IntelligenceCommunity missions and functions (strategic, operational, tactical andbusiness), in war and in peace. The GIG provides capabilities from alloperating locations (bases, posts, camps, stations, facilities, mobile platformsand deployed sites). The GIG provides interfaces to coalition, allied, and nonDOD users and systems. (Reference i).GIG Technical Profiles. GTPs contain:a. General Information: GTP title, reference identification, version number,DOD lEA area, applicable JCA, JMT, associated mission areas, and UniversalJoint Task List (UJTL) are JCSFL items and date.GL-8GlossaryPage 47CJCSI6212.01F21 March 2012b. Interoperability Reference Architecture and Service Description: adescription and graphic to illustrate the context where the GTP will fit withinthe overallc. GIG Reference Topology and description of the services provided by theGTP.d. Interoperability Requirements Description: defined in GuidanceStatements necessary to fulfill Interoperability Reference Architecture, securityrequirements, and best practices.e. Technical Implementation Profile: interoperability requirements, in theform of Guidance Statements necessary for systems to correctly use thefunctions associated with the GTP and Standards Profile. f. Secured Availability: information

assurance (IA) guidance for securely connecting to and/or operating within the GIG.g. Maturing Guidance: mid and far term program planning andimplementation.h. Compliance Testing: describes possible test methods for compliance.Information Assurance. Information operations that protect and defendinformation and information systems by ensuring their availability, integrity,authentication, confidentiality, and non-repudiation. This includes providingfor restoration of information systems by incorporating protection, detection,and reaction capabilities. (Reference x).Initial Capabilities Document. Documents the need for a materiel solution to aspecific capability gap derived from an initial analysis of alternatives executedby the operational user and, as required, an independent analysis ofalternatives. It defines the capability gap in terms of the functional area, therelevant range of military operations, desired effects, and time. (Reference c).Interim Certificate To Operate (lCTO). Authority to field new systems orcapabilities for a limited time, with a limited number of platforms to supportdevelopmental efforts, demonstrations, exercises, or operational use. Thedecision to grant an ICTO will be made by the MCEB Interoperability Test Panelbased on the sponsoring component's initial laboratory test results and theassessed impact, if any, on the operational networks to be employed.Information Needs. A condition or situation requiring knowledge or intelligencederived from received, stored, or processed facts and data. GL-9 GlossaryPage 48CJCSI6212.01F21 March 2012Information Support Plan. The identification and documentation ofinformation needs, infrastructure support, IT interface requirements anddependencies focusing on net-centric, interoperability, supportability andsufficiency concerns (Reference b).Information Technology (IT). Any equipment or interconnected system orsubsystem of equipment, used in the automatic acquisition, storage,manipulation, management, movement, control, display, switching,interchange, transmission, or reception of data or information by the executiveagency, if the equipment is used by the executive agency directly or used by acontractor under contract with the executive agency that requires the use of a. Of that equipment, orb. Of that equipment to a significant extent in the performance of a serviceor the furnishing of a product;c. Includes computers, ancillary equipment, software, firmware and similarprocedures, services, (including support service), and related resources, butIT does not include any equipment acquired by a federal contractor incidentalto a federal contract (reference f). For the purpose of this instruction ITincludes, NSS, IT acquisition programs, information systems, IT initiatives, ITservices, software, electronic warfare devices, DBS, qualified prototypes,Commercial-Off-the-Shelf (COTS), Government Off-the-Shelf, RapidAcquisition, Joint Urgent Operational Needs (JUON), Special Access Program,Joint Capability Technology Demonstration, Coalition Warrior InteroperabilityDemonstration, Combatant Command Initiatives Fund, and non-program ofrecord materiel solution efforts.IT Acquisition Program. A directed, funded effort that provides a new,improved, or continuing materiel, weapon or information system, or servicecapability in response to an approved need. (reference cc)IT Initiative. IT initiatives can be systems, programs, projects, organizations,activities or grouping of systems. (reference dd)IT Services. The performance of any work related to IT and the operation of IT,including NSS. This includes outsourced IT-based business processes,outsourced IT, and outsourced information functions. (reference e)Information System. Any equipment, or interconnected system or subsystemof equipment, that is used in the automatic acquisition, storage, manipulation,management, movement, control, display, switching, interchange, transmissionor reception of data or information, and includes computers and computerGL-10GlossaryPage 49CJCSI6212.01F21 March 2012networks, ancillary equipment, software, firmware and similar procedures,services (including support services) and related resources. Notwithstandingthe above, the term information technology (IT) does not include any equipmentthat is acquired by a federal contractor incidental to a federal contract. Theterm information systems is used synonymously with IT (to include NationalSecurity Systems). (reference c)Information Timeliness. Occurring at a suitable or

appropriate time for aparticular condition.Increment. Whether an evolutionary, incremental, or spiral acquisition, anincrement is a militarily useful, logistically supportable, and technically matureincrease in operational capability that can be developed, produced, deployed,and sustained. Each increment will have its own set of threshold and objectivevalues set by the user. Increments include block upgrades, pre-plannedproduct improvement, and similar efforts providing an increase in operationalcapability.Interoperability. The ability to operate in synergy in the execution of assignedtasks. The condition achieved among communications-electronics systems oritems of communications-electronics equipment when information or servicescan be exchanged directly and satisfactorily between them and/ or their users.The degree of interoperability should be defined when referring to specific. (JP1-02) For IT (and NSS), interoperability is the ability of systems, units orforces to provide data, information, materiel and services to and accept thesame from other systems, units or forces and to use the data, information,materiel and services so exchanged to enable them to operate effectivelytogether. IT interoperability includes both the technical exchange ofinformation and the operational effectiveness of that exchanged information asrequired for mission accomplishment. Interoperability is more than justinformation exchange. It includes systems, processes, procedures,organizations, and missions over the lifecycle and must be balanced with IA.Joint Capability Area. Collections of like DOD activities functionally grouped tosupport capability analysis, strategy development, investment decision making,capability portfolio management, and capabilities-based force development andoperational planning.Joint Capabilities Board (JCB), The JCB functions to assist the JROC incarrying out its duties and responsibilities. The JCB reviews and, ifappropriate, endorses all JCIDS and DOTMLPF proposals prior to theirsubmission to the JROC. The JCB is chaired by the Joint Staff/J-8, Director ofForce Structure, Resources, and Assessment. It is composed of FlagOfficer / General Officer representatives of the Services. (Reference d and dd).GL-11GlossaryPage 50CJCSI6212.01F21 March 2012JCB Interest. ACAT II and below programs where the capabilities and/orsystems associated with the document affect the joint force and an expandedjoint review is required. These documents will receive all applicablecertifications, including a weapon safety endorsement when appropriate, andbe staffed through the JCB for validation and approval.Joint. Connotes activities, operations, organizations, etc., in which elements oftwo or more Military Departments participate. (Joint Publication 1-02)Joint Capabilities Integration and Development System (JCIDS). A Chairmanof the Joint Chiefs of Staff process to identify, assess, and prioritize jointmilitary capability needs. The JCIDS process is a collaborative effort that usesjoint concepts and DOD Information Enterprise Architecture and solutionarchitectures to identify prioritized capability gaps and integrated DOTMLPFsolutions (materiel and non-materiel) to resolve those gaps (reference c).Joint Common System Function List (JCSFL). Provides a common lexicon ofsystem functions supporting development of DOD Information EnterpriseArchitecture and solution architecture and horizontal/vertical assessment ofcapability across an enterprise.Joint Capability Technology Demonstration (JCTD). A demonstration of themilitary utility of a significant new technology and an assessment to clearlyestablish operational utility and system integrity.Joint Information. Joint Potential Designator used to keep the Services andcombatant commands informed of ongoing efforts for programs that do notreach the threshold for JROC Interest, JCB Interest or Joint Integration.(Reference d).Joint Interoperability Test Certification. Provided by JITC upon completion oftesting, valid for four years from the date of the certification or whensubsequent program modifications change components of the NR KPP orsupportability aspects of the system (when materiel changes (e.g., hardware orsoftware modifications, including firmware) and similar changes to interfacingsystems affect interoperability; upon revocation ofjoint interoperability testcertifications; non-materiel changes (i.e., DOTLPF) occur that may affectinteroperability).Joint Interface. An IT interface that passes or is used to pass informationbetween systems and equipment operated by two or more combatantcommanders, Services, or agencies.GL-12Glossary

Page 51CJCSI6212.01F21 March 2012Joint Mission Thread. An operational and technical description of the end toend set of activities and systems that accomplish the execution of a jointmission.JROC Interest. Programs identified by the JROC Secretary as being of interestto the JROC for oversight even though they do not meet the ACAT I costthresholds or have been designated as ACAT ID. (Reference d).Key Performance Parameters (KPPs). Those capabilities or characteristicsconsidered essential for successful mission accomplishment. Failure to meet asystem or program's KPP threshold can be cause for the concept or systemselection to be reevaluated or the program to be reassessed or terminated.Failure to meet a system or program's KPP threshold can be cause for thefamily-of-systems or system-of-systems concept to be reassessed or thecontributions of the individual systems to be reassessed. KPPs are validated bythe JROC. KPPs are included in the acquisition program baseline. (Reference d). Knowledge Management/Decision Support (KM/DS). The KM/DS tool is theauthoritative Joint Staff automated tool for processing, coordinating, tasking,and archiving JCIDS documents and related JCIDS action items. The KM/DSTool is located on the SIPRNet Web site athttps:/ fjrockmdsl.js.smil.mil/guestjrcz/gbase.guesthome. (Reference d).Military Communications-Electronics Board (MCEB). The MCEB considersmilitary communications-electronics matters including those associated withNational Security Systems by the Secretary of Defense, the Chairman of theJoint Chiefs of Staff, the DOD Chief Information Officer, and other designatedofficials. MCEB functions and responsibilities include coordination amongDOD Components and other Governmental Departments and Agencies onmatters related to military communications-electronics, provide frequencyspectrum management solutions, and to develop, review, and implementprocedures in the DOD EMC Program. (Reference 0).Milestone Decision Authority (MDA1. The individual designated in accordancewith criteria established by the USD(AT&L), or by the DOD CIO for acquisitionprograms, to approve entry of an acquisition program into the next phase.(Reference e). The MDA for IT that involves equipment that is an integral partof a weapon or weapon system, or is an acquisition of services program is orwill be designated by the USD (AT&L).Milestones. Major decision points that separate the phases of an acquisitionprogram. (Reference e).GL-13GlossaryPage 52CJCSI6212.01F21 March 2012Mission. A mission can be defined in four ways: 1. The task, together with thepurpose, that clearly indicates the action to be taken and the reason therefore;2. In common usage, especially when applied to lower military units, a dutyassigned to an individual or unit; a task; 3. An assignment with a purpose thatclearly indicates the action to be taken and the reason therefore; 4. Thedispatching of one or more aircraft to one particular task. Defined in CJCSM3500.03B.Mission Need. A deficiency in current capabilities or an opportunity to providenew capabilities (or enhance existing capabilities) through the use of newtechnologies. They are expressed in broad operational terms by the DODcomponents.Mission Systems Engineering. A process for conducting Systems Engineeringthat is based on the principle that Operational Requirements are defined bymissions (and their associated Operational Tasks) that warfighters mustperform.Mission Thread. A specific sequence of tasks performed by operational nodesto accomplish a mission in a given scenario.Net-Centric. Information-based operations that use service-orientedinformation processing, networks, and data from the following perspectives:user functionality (capability to adaptively perform assigned operational roleswith increasing use of system-provided intelligence/cognitive processes),interoperability (shared information and loosely coupled services), andenterprise management (net operations). The ability to provide a framework forfull human and technical connectivity and interoperability that allows all DODusers and mission partners to share the information they need, when theyneed it, in a form they can understand and act on with confidence, andprotects information from those who should not have it.Net-Centric Military Operations. The military exploitation of the human andtechnical networking of all elements of an appropriately trained joint force byfully integrating collective capabilities, awareness, knowledge, experience, andsuperior decision making to achieve a high level of agility and

effectiveness indispersed, decentralized, dynamic and uncertain military operationalenvironments. Adapted from the definition in Net-Centric Environment JFC,vl.O, 7 April 2005.Net-Ready. DOD IT that meets required information needs, informationtimeliness requirements, has IA accreditation, and meets the attributesrequired to support military operations, to be entered and managed on thenetwork, and to effectively exchange information for both the technicalexchange of information and the operational effectiveness of that exchange.GL-14GlossaryPage 53CJCSI6212.01F21 March 2012DOD IT that is net-ready enables warfighters and DOD business operators toexercise control over enterprise information and services through a looselycoupled, distributed infrastructure that leverages service modularity,multimedia connectivity, metadata, and collaboration to provide anenvironment that promotes unifying actions among all participants. Net-readiness requires that IT operate in an environment where there exists adistributed information processing environment in which applications areintegrated; applications and data independent of hardware are integrated;information transfer capabilities exist to ensure communications within andacross diverse media; information is in a common format with a commonmeaning; there exist common human-computer interfaces for users; and thereexists effective means to protect the information. Net-Readiness is critical toachieving the envisioned objective of a cost-effective integrated environment.Achieving and maintaining this vision requires interoperability:a. Within a Joint Task Force/combatant command area of responsibility(AOR).b. Across combatant command AOR boundaries.c. Between strategic and tactical systems.d. Within and across Services and agencies.e. From the battlefield to the sustaining base.f. Among U.S., Allied, and Coalition forces.g. Across current and future systems.Net-Ready Key Performance Parameter (NR KPP). The NR KPP documentssponsor identified and JROC validated verifiable performance measures andmetrics for interoperability engineering, design, and testing. To meet NR KPPattributes, IT must be able to support military operations, to be entered andmanaged on the network, and to effectively exchange information. The NR KPPdevelopment process will help verify operationally effective provider toconsumer, end-to-end information exchanges according to the sponsor's statedcapability requirements and applicable reference models and referencearchitectures. It informs the solution architecture according to the DODInformation Enterprise Architecture (lEA).NR-KPP Effectiveness and Performance Measures. Portion of the NR-KPP thatdescribes the measurable and testable Operational Requirements for the NRKPP. These Operational Requirements are the Threshold and Objectiveperformance values for each of the NR-KPP Attributes. The full descriptionGL-15GlossaryPage 54CJCSI6212.01F21 March 2012from the NR-KPP Compliance Statement is as follows: The capability, system,and/or service must fully support execution ofjoint critical operationalactivities and information exchanges identified in the DOD EnterpriseArchitecture and solution architectures based on integrated DODAF content.Net-Ready Operational Task. An Operational Task that produces informationfor an external system or consumes information from an external system.Node. Operational unit (e.g. ship, submarine, airplane, shore site, etc.) thatcan perform an Operational Task.NR-KPP Attributes. The three attributes listed in the NR-KPP Description thatare used to determine if a system satisfies the NR-KPP. These attributes are:support net-centric military operations, enter and be managed in the network,and exchange information. These are the same thing as net-ready attributes.Network. A group of interconnected IT systems and subsystems (e.g.computers and peripherals) that share IT software and hardware resources toenter, store, manage and exchange data and information between multipleusers. Networks are normally governed by defined rules and standards thatmake shared data discoverable and available to users per specific caveats andprocedures.Non-GIG IT. Stand-alone, self-contained, or embedded IT that is not, and willnot be connected to the enterprise network. (reference DODI 4630.8)National Security Systems (NSS). Information system (including anytelecommunications system) used or operated by an agency or by a contractorof an agency, or other

organization on behalf of an agency, the function,operation, or use of which (1) involves intelligence activities; (2) involvescryptologic activities related to national security; (3) involves the command andcontrol of military forces; (4) involves equipment that is an integral part of aweapon or weapons systems; or (5) is critical to the direct fulfillment of militaryor intelligence missions. Subsection (5) in the preceding sentence does notinclude procurement of automatic data processing equipment or services to beused for routine administrative and business applications (including payroll,finance, logistics and personnel management applications). NSS include anyinformation system (including any telecommunications system) protected at alltimes by procedures established for information that have been specificallyauthorized under criteria established by an Executive order or an Act ofCongress to be kept classified in the interest of national defense or foreignpolicy (reference i).Operational View (OV). An architecture view that describes the jointcapabilities that the user seeks and how to employ them. The OVs also identifyGL-16GlossaryPage 55CJCSI6212.01F21 March 2012the operational nodes, the critical information needed to support the piece ofthe process associated with the nodes, and the organizational relationships.Program of Record. IT with a program element funded through the programobjective memorandum process and included in the FYDP.Reference Architecture. An authoritative source of architecture information(within a domain) that guides and constrains the instantiations of solutionarchitectures by providing rules, principles and holistic models and patterns ofthe abstract architectural elements together with a common vocabulary, andsets of technical standards/specifications (Derived from OASIS, OMB, andJoint Pub 1-02 References).Reference Model. An abstract framework for understanding significantrelationships among the entities of some environment. (Reference Model forService Oriented Architecture 1.0, Organization for the Advancement ofStructured Information Standards (OASIS))Solution Architecture. A framework or structure that portrays therelationships among all the elements of something that answers a problem.This architecture type is used to define a particular project to create, update,revise, or delete established activities in the Department. Solution architecturemay be developed to update or extend another architecture. A solutionarchitecture is the most common type of architecture developed in theDepartment. (DODAF V2.0)Spectrum Requirements. The determination as to whether the electromagneticspectrum necessary to support the operation of spectrum-dependentequipment or system during its expected life cycle is, or will be, available (thatis, from system development, through developmental and operational testing,to actual operation in the electromagnetic environment.) The assessment ofequipment or system as having "spectrum requirements is based upon, as aminimum, receipt of equipment spectrum certification, reasonable assurance ofthe availability of sufficient frequencies for operation, and consideration ofEMC.Sponsor. The DOD component, principal staff assistant, or domain ownerresponsible for all common documentation, periodic reporting, and fundingactions required to support the capabilities development and acquisitionprocess for a specific capability proposal.Standard Conformance Testing. Testing the extent to which a system orsubsystem adheres to or implements a standard.GL-17GlossaryPage 56CJCSI6212.01F21 March 2012Standard Conformance Certification. Confirmation that an IT has undergoneIT standards conformance testing with respect to a given standard and itcorrectly implements the standard, with specified profiles and options.System I Service View (SV). An architecture view that identifies the kinds ofsystems, how to organize them, and the integration needed to achieve thedesired operational capability. It will also characterize available technology andsystems functionality.System Design. The portion of the Systems Engineering Process used for topdown design. This part of Systems Engineering ultimately develops variousdetailed specifications and other products that describe system solutions.System Design includes the System Engineering Technical Processes ofRequirements Development, Logical Analysis, and Design Solution. Defined inDefense Acquisition Course SYS 101.System Performance Requirements. Performance requirements the systemmust meet in order to

satisfy its Operational Requirements.System Realization. Providing the physical design solution in a product formsuitable for meeting the applicable acquisition phase exit criteria, includingproduct verification and validation and transitioning the product to the nextlevel up of the system structure or ultimately, to the customer. SystemRealization includes the Systems Engineering Technical Processes ofImplementation, Integration, Verification, Validation, and Transition. Definedin Defense Acquisition Course SYS 101.Systems Engineering Process. The overarching process that a program teamapplies to transition from a stated capability need to an operationally effectiveand suitable system. Systems engineering encompasses the application ofsystems engineering processes across the acquisition life cycle (adapted to eachand every phase) and is intended to be the integrating mechanism for balancedsolutions addressing capability needs, design considerations and constraints,as well as limitations imposed by technology, budget, and schedule. Thesystems engineering processes are applied early in concept definition, and thencontinuously throughout the total life cycle. Defined in the Defense AcquisitionGuidebook.Technical Standards View (TV). The TV provides the technical systemsimplementation standards upon which engineering specifications are based,common building blocks are established, and product lines are developed.Unanticipated Use. Any use of the data or services described in anarchitecture which have not previously been defined as an operational use inthe lCD, DCR, CONOPS, CDD, and CPD.GL-18GlossaryPage 57CJCSI6212.01F21 March 2012Unanticipated Users.data.Users who do not provide advance warning they will use GL-19 GlossaryPage 58CJCSI6212.01F21 March 2012 (INTENTIONALLY BLANK) GL-20Glossary====================================================This is the html version of the file http://dodcio.defense.gov/Portals/0/Documents/DT-12-COI-Glossary.pdf.Google automatically generates html versions of documents as we crawl the web.Page 1Version 08.3Page 1 of 5 DoD Net-Centric Data Strategy andCommunity of Interest (COI) TrainingGlossary Access Control: The protection of resources against unauthorized access; a process bywhich the use of resources is regulated by a security policy and is permitted by onlyauthorized system entities according to that policy. (DoD Net-Centric Services Strategy)Accessible: A data asset is accessible when a human, system, or application mayretrieve the data within the asset. Data assets may be made accessible by using sharedstorage space or web services that expose the business or mission process thatgenerates data in readily consumable forms. (DoD 8320.02)Agility: The ability of an organization to respond quickly to demands or opportunities.(DoD Net-Centric Services Strategy)Attribute: A distinct characteristic inherent in or ascribed to an entity; an entity'sattributes are said to describe it. (DoD Net-Centric Services Strategy)Authentication: To confirm a system entity’s asserted principal identity with a specifiedor understood level of confidence. (DoD Net-Centric Services Strategy)Authoritative Source: A source of data or information that is recognized by members ofa COI to be valid or trusted because it is considered to be highly reliable or accurate oris from an official publication or reference (e.g., the United States (U.S.) Postal Serviceis the official source of U.S. mailing ZIP codes). (DoD 8320.02)Business Function: Something an enterprise does, or needs to do, in order to achieveits objectives. (DoD Net-Centric Services Strategy)Business Process: The complete response that a business makes to an event. Abusiness process entails the execution of a sequence of one or more process steps. Ithas a clearly defined deliverable or outcome. A business process is defined by thebusiness event that triggers the process, the inputs and outputs, all the operationalsteps required to produce the output, the sequential relationship between the processsteps, the business decisions that are part of the event response, and the flow ofmaterial and/or information between process steps. (DoD Net-Centric ServicesStrategy)Community of Interest (COI): A

collaborative group of users that must exchangeinformation in pursuit of its shared goals, interests, missions, or business processes andtherefore must have shared vocabulary for the information it exchanges. (DoD 8320.02)Consumer: An entity (human or machine) that makes use of a service to meet aparticular need. (DoD Net-Centric Services Strategy) CIO/NII Enabling Net-Centric OperationsPage 2Version 08.3Page 2 of 5 Core Enterprise Services: That small set of services, whose use is mandated by theCIO, to provide awareness of, access to and delivery of information on the GIG. (DoDNet-Centric Services Strategy)Credential: Data that is transferred to establish a claimed principal identity. (DoD Net-Centric Services Strategy)Data Asset: Any entity that is comprised of data. For example, a database is a dataasset that is comprised of data records. A data asset may be a system or applicationoutput file, database, document, or web page. A data asset also includes a service thatmay be provided to access data from an application. For example, a service that returnsindividual records from a database would be a data asset. Similarly, a web site thatreturns data in response to specific queries (e.g., www.weather.com) would be a dataasset. A human, system, or application may create a data asset. (DoD 8320.02)Data Producer: Refers to a program, organization, or even a person that controls,manufactures, and/or maintains data assets within the Department. (DoD 8320.02-G)EIEMA: The Enterprise Information Environment Mission Area (EIEMA) is the DoDportfolio of programs, projects, and systems that deliver the EIE. The EIEMA portfolioenables the functions of the other mission areas, and encompasses all communications,computing, information assurance, and core enterprise service systems, equipment, orsoftware that provide a common information capability or service for enterprise use.(DoD Net-Centric Services Strategy)Enterprise: Refers to the Department of Defense, its organizations, and relatedAgencies. (DoD 8320.02)Extensible Markup Language (XML): Is a tagging language used to describe andannotate data so it can be consumed by human and system interactions. XML istypically arranged hierarchically using XML elements and attributes. It also usessemantically rich labels to describe elements and attributes to enable meaningfulcomprehension. An example of XML data describing an element named “Person”appears as follows:<Person><FirstName>John</FirstName><MiddleInitial>H</MiddleInitial><LastName>Doe</LastName></Person>(DoD Net-Centric Data Strategy)Global Information Grid (GIG): The globally connected, end-to-end set of informationcapabilities, associated processes, and personnel for collecting, processing, storing,disseminating, and managing information on demand to warfighters, policy makers, andsupport personnel. (DoD 8320.02)Governance: The systems, processes, and procedures put in place to steer thedirection, management, and accountability of an organization. In the context of the SOAPage 3Version 08.3Page 3 of 5 in the DoD, Governance means establishing and enforcing how DoD Componentsagree to provide, use, and operate services. (DoD Net-Centric Services Strategy)Identity: The collective set of attributes that defines an entity (i.e., subject, resource,etc.) within a given context. (DoD Net-Centric Services Strategy)Metadata: Information describing the characteristics of data; data or information aboutdata; or descriptive information about an entity’s data, data activities, systems, andholdings. For example, discovery metadata is a type of metadata that allows dataassets to be found using enterprise search capabilities. (DoD 8320.02)Metadata Registry: Repository of all metadata related to data structures, models,dictionaries, taxonomies, schema, and other engineering artifacts that are used tosupport interoperability and understanding through semantic and structural informationabout the data. A federated metadata registry is one in which multiple registries arejoined electronically through a common interface and exchange structure, therebyeffecting a common registry. (DoD 8320.02)Mission Area: A defined area of responsibility with functions and processes thatcontribute to mission accomplishment. In the context of managing the DoD's portfoliosof GIG investments, the DoD has four major categories of mission areas - theWarfighter Mission Area, the Business Mission Area, the Defense Intelligence MissionArea, and the Enterprise Information Environment Mission Area (EIEMA). (DoD Net-Centric Services Strategy)Net-Centric Information Sharing: Relating to or

representing the attributes of net-centricity. Net- centricity is a robust, globally interconnected network environment(including infrastructure, systems, processes, and people) in which data is shared timelyand seamlessly among users, applications, and platforms. Net-centricity enablessubstantially improved military situational awareness and significantly shorteneddecision making cycles. Net-Centric capabilities enable network-centric operations andNCW. (DoD 8320.02)Net-Centric Environment (NCE): The Net-Centric Environment is a framework for fullhuman and technical connectivity and interoperability that allows all DoD users andmission partners to share the information they need, when they need it, in a form theycan understand and act on with confidence; and protects information from those whoshould not have it. (Net-Centric Environment Joint Functional Concept, Version 1.0,April 7, 2005)Network-Centric Warfare (NCW): An information superiority-enabled concept ofoperations that generates increased combat power by networking sensors, decisionmakers, and shooters to achieve shared awareness, increased speed of command,higher tempo of operations, greater lethality, increased survivability, and a degree ofself-synchronization. In essence, NCW translates information superiority into combatpower by effectively linking knowledgeable entities in the battlespace. (DoD 8320.02)Page 4Version 08.3Page 4 of 5 Ontology: An explicit specification of how to represent the objects and concepts thatexist in some area of interest and of the relationships that pertain among them. (DoD8320.02-G)Schema: A diagrammatic representation, an outline, or a model. In relation to datamanagement, a schema can represent any generic model or structure that deals withthe organization, format, structure, or relationship of data. Some examples of schemasare (1) a database table and relational structure, (2) a document type definition (DTD),(3) a data structure used to pass information between systems, and (4) an XML schemadocument (XSD) that represents a data structure and related information encoded asXML. Schemas typically do not contain information specific to a particular instance ofdata. (DoD 8320.02-G)Semantic Metadata: Information about a data asset that describes or identifiescharacteristics about that asset that convey meaning or context (e.g., descriptions,vocabularies, taxonomies). (DoD 8320.02)Service: A mechanism to enable access to one or more capabilities, where the accessis provided using a prescribed interface and is exercised consistent with constraints andpolicies as specified by the service description. (DoD Net-Centric Services Strategy)Service Oriented Architecture: A paradigm for defining, organizing, and utilizingdistributed capabilities in the form of loosely coupled software services that may beunder the control of different ownership domains. It provides a uniform means to offer,discover, interact with, and use capabilities to produce desired effects that areconsistent with measurable preconditions and expectations. (DoD Net-Centric ServicesStrategy)Service Provider: An entity (i.e., person or organization) that offers the use ofcapabilities by means of a service. (DoD Net-Centric Services Strategy)Structural Metadata: Information provided about a data asset that describes the internalstructure or representation of a data asset (e.g., database field names, schemas, webservice tags). (DoD 8320.02)Taxonomy: Provides categorizations of related terms. In doing so, they make use of“class/subclass” relationships (i.e., they are hierarchical in conveying the relationshipsbetween categories). Taxonomies are important to ensuring that searches of discoverymetadata and content are targeted. An example taxonomy of the various types of ISRdata in several dimensions might be as follows: INT Type: HUMINT, SIGINT, ELINT, MASINT... Source Type: Human, Airborne, Space-based, ... Source Level: National source, tactical source, open source... Trust Level: Unevaluated, validated,….. Collection Purpose: Force protection, tactical, strategic, …. (DoD 8320.02-G)Understandable: Capable of being comprehended in terms of subject, specific content,relationships, sources, methods, quality, spatial and temporal dimensions, and otherfactors. (DoD 8320.02)Page 5Version 08.3Page 5 of 5 Visible: Able to be seen, detected, or distinguished and to some extent characterizedby humans and/or IT systems, applications, or other processes. (DoD

8320.02)Vocabulary: Represents agreements on the terms and definitions common to the COI,including data dictionaries. For example, one COI might define the term “tank” to meana pressurized vessel, whereas another might define “tank” to mean a tracked vehicle.Both definitions are acceptable, but the user must understand these definitions, andtheir context, to properly use the data. (DoD 8320.02-G)Web Services: A standardized way of integrating web-based applications using openstandards over an Internet Protocol backbone. Web services allow applicationsdeveloped in various programming languages and running on various platforms toexchange data without intimate knowledge of each application’s underlying IT systems.(DoD 8320.02)Website: A collection of web pages, that is, HTML/XHTML documents accessible viaHypertext Transfer Protocol (HTTP) on the Internet, an intranet, or another network. Thepages of a website can be accessed from a common root uniform resource locator(URL) using common web browsers. The URLs of the pages organize them into ahierarchy, although the hyperlinks between them control how the reader perceives theoverall structure and how traffic flows between the different parts of the site. (DoD8320.02-G)===========================================This is the html version of the file http://dodcio.defense.gov/Portals/0/Documents/DT-12-COI-Glossary.pdf.Google automatically generates html versions of documents as we crawl the web.Page 1Version 08.3Page 1 of 5 DoD Net-Centric Data Strategy andCommunity of Interest (COI) TrainingGlossary Access Control: The protection of resources against unauthorized access; a process bywhich the use of resources is regulated by a security policy and is permitted by onlyauthorized system entities according to that policy. (DoD Net-Centric Services Strategy)Accessible: A data asset is accessible when a human, system, or application mayretrieve the data within the asset. Data assets may be made accessible by using sharedstorage space or web services that expose the business or mission process thatgenerates data in readily consumable forms. (DoD 8320.02)Agility: The ability of an organization to respond quickly to demands or opportunities.(DoD Net-Centric Services Strategy)Attribute: A distinct characteristic inherent in or ascribed to an entity; an entity'sattributes are said to describe it. (DoD Net-Centric Services Strategy)Authentication: To confirm a system entity’s asserted principal identity with a specifiedor understood level of confidence. (DoD Net-Centric Services Strategy)Authoritative Source: A source of data or information that is recognized by members ofa COI to be valid or trusted because it is considered to be highly reliable or accurate oris from an official publication or reference (e.g., the United States (U.S.) Postal Serviceis the official source of U.S. mailing ZIP codes). (DoD 8320.02)Business Function: Something an enterprise does, or needs to do, in order to achieveits objectives. (DoD Net-Centric Services Strategy)Business Process: The complete response that a business makes to an event. Abusiness process entails the execution of a sequence of one or more process steps. Ithas a clearly defined deliverable or outcome. A business process is defined by thebusiness event that triggers the process, the inputs and outputs, all the operationalsteps required to produce the output, the sequential relationship between the processsteps, the business decisions that are part of the event response, and the flow ofmaterial and/or information between process steps. (DoD Net-Centric ServicesStrategy)Community of Interest (COI): A collaborative group of users that must exchangeinformation in pursuit of its shared goals, interests, missions, or business processes andtherefore must have shared vocabulary for the information it exchanges. (DoD 8320.02)Consumer: An entity (human or machine) that makes use of a service to meet aparticular need. (DoD Net-Centric Services Strategy) CIO/NII Enabling Net-Centric OperationsPage 2Version 08.3Page 2 of 5 Core Enterprise Services: That small set of services, whose use is mandated by theCIO, to provide awareness of, access to and delivery of information on the GIG. (DoDNet-Centric Services Strategy)Credential: Data that is transferred to establish a claimed principal identity. (DoD Net-Centric Services Strategy)Data Asset: Any entity that is comprised of data. For example, a database

is a dataasset that is comprised of data records. A data asset may be a system or applicationoutput file, database, document, or web page. A data asset also includes a service thatmay be provided to access data from an application. For example, a service that returnsindividual records from a database would be a data asset. Similarly, a web site thatreturns data in response to specific queries (e.g., www.weather.com) would be a dataasset. A human, system, or application may create a data asset. (DoD 8320.02)Data Producer: Refers to a program, organization, or even a person that controls,manufactures, and/or maintains data assets within the Department. (DoD 8320.02-G)EIEMA: The Enterprise Information Environment Mission Area (EIEMA) is the DoDportfolio of programs, projects, and systems that deliver the EIE. The EIEMA portfolioenables the functions of the other mission areas, and encompasses all communications,computing, information assurance, and core enterprise service systems, equipment, orsoftware that provide a common information capability or service for enterprise use.(DoD Net-Centric Services Strategy)Enterprise: Refers to the Department of Defense, its organizations, and relatedAgencies. (DoD 8320.02)Extensible Markup Language (XML): Is a tagging language used to describe andannotate data so it can be consumed by human and system interactions. XML istypically arranged hierarchically using XML elements and attributes. It also usessemantically rich labels to describe elements and attributes to enable meaningfulcomprehension. An example of XML data describing an element named “Person”appears as follows:<Person><FirstName>John</FirstName><MiddleInitial>H</MiddleInitial><LastName>Doe</LastName></Person>(DoD Net-Centric Data Strategy)Global Information Grid (GIG): The globally connected, end-to-end set of informationcapabilities, associated processes, and personnel for collecting, processing, storing,disseminating, and managing information on demand to warfighters, policy makers, andsupport personnel. (DoD 8320.02)Governance: The systems, processes, and procedures put in place to steer thedirection, management, and accountability of an organization. In the context of the SOAPage 3Version 08.3Page 3 of 5 in the DoD, Governance means establishing and enforcing how DoD Componentsagree to provide, use, and operate services. (DoD Net-Centric Services Strategy)Identity: The collective set of attributes that defines an entity (i.e., subject, resource,etc.) within a given context. (DoD Net-Centric Services Strategy)Metadata: Information describing the characteristics of data; data or information aboutdata; or descriptive information about an entity’s data, data activities, systems, andholdings. For example, discovery metadata is a type of metadata that allows dataassets to be found using enterprise search capabilities. (DoD 8320.02)Metadata Registry: Repository of all metadata related to data structures, models,dictionaries, taxonomies, schema, and other engineering artifacts that are used tosupport interoperability and understanding through semantic and structural informationabout the data. A federated metadata registry is one in which multiple registries arejoined electronically through a common interface and exchange structure, therebyeffecting a common registry. (DoD 8320.02)Mission Area: A defined area of responsibility with functions and processes thatcontribute to mission accomplishment. In the context of managing the DoD's portfoliosof GIG investments, the DoD has four major categories of mission areas - theWarfighter Mission Area, the Business Mission Area, the Defense Intelligence MissionArea, and the Enterprise Information Environment Mission Area (EIEMA). (DoD Net-Centric Services Strategy)Net-Centric Information Sharing: Relating to or representing the attributes of net-centricity. Net- centricity is a robust, globally interconnected network environment(including infrastructure, systems, processes, and people) in which data is shared timelyand seamlessly among users, applications, and platforms. Net-centricity enablessubstantially improved military situational awareness and significantly shorteneddecision making cycles. Net-Centric capabilities enable network-centric operations andNCW. (DoD 8320.02)Net-Centric Environment (NCE): The Net-Centric Environment is a framework for fullhuman and technical connectivity and interoperability that allows all DoD users andmission partners to share the information they need, when they need it, in a form theycan understand and act on with confidence; and protects information from those whoshould not have it. (Net-Centric Environment Joint Functional Concept,

Version 1.0,April 7, 2005)Network-Centric Warfare (NCW): An information superiority-enabled concept ofoperations that generates increased combat power by networking sensors, decisionmakers, and shooters to achieve shared awareness, increased speed of command,higher tempo of operations, greater lethality, increased survivability, and a degree ofself-synchronization. In essence, NCW translates information superiority into combatpower by effectively linking knowledgeable entities in the battlespace. (DoD 8320.02)Page 4Version 08.3Page 4 of 5 Ontology: An explicit specification of how to represent the objects and concepts thatexist in some area of interest and of the relationships that pertain among them. (DoD8320.02-G)Schema: A diagrammatic representation, an outline, or a model. In relation to datamanagement, a schema can represent any generic model or structure that deals withthe organization, format, structure, or relationship of data. Some examples of schemasare (1) a database table and relational structure, (2) a document type definition (DTD),(3) a data structure used to pass information between systems, and (4) an XML schemadocument (XSD) that represents a data structure and related information encoded asXML. Schemas typically do not contain information specific to a particular instance ofdata. (DoD 8320.02-G)Semantic Metadata: Information about a data asset that describes or identifiescharacteristics about that asset that convey meaning or context (e.g., descriptions,vocabularies, taxonomies). (DoD 8320.02)Service: A mechanism to enable access to one or more capabilities, where the accessis provided using a prescribed interface and is exercised consistent with constraints andpolicies as specified by the service description. (DoD Net-Centric Services Strategy)Service Oriented Architecture: A paradigm for defining, organizing, and utilizingdistributed capabilities in the form of loosely coupled software services that may beunder the control of different ownership domains. It provides a uniform means to offer,discover, interact with, and use capabilities to produce desired effects that areconsistent with measurable preconditions and expectations. (DoD Net-Centric ServicesStrategy)Service Provider: An entity (i.e., person or organization) that offers the use ofcapabilities by means of a service. (DoD Net-Centric Services Strategy)Structural Metadata: Information provided about a data asset that describes the internalstructure or representation of a data asset (e.g., database field names, schemas, webservice tags). (DoD 8320.02)Taxonomy: Provides categorizations of related terms. In doing so, they make use of“class/subclass” relationships (i.e., they are hierarchical in conveying the relationshipsbetween categories). Taxonomies are important to ensuring that searches of discoverymetadata and content are targeted. An example taxonomy of the various types of ISRdata in several dimensions might be as follows: INT Type: HUMINT, SIGINT, ELINT, MASINT... Source Type: Human, Airborne, Space-based, ... Source Level: National source, tactical source, open source... Trust Level: Unevaluated, validated,….. Collection Purpose: Force protection, tactical, strategic, …. (DoD 8320.02-G)Understandable: Capable of being comprehended in terms of subject, specific content,relationships, sources, methods, quality, spatial and temporal dimensions, and otherfactors. (DoD 8320.02)Page 5Version 08.3Page 5 of 5 Visible: Able to be seen, detected, or distinguished and to some extent characterizedby humans and/or IT systems, applications, or other processes. (DoD 8320.02)Vocabulary: Represents agreements on the terms and definitions common to the COI,including data dictionaries. For example, one COI might define the term “tank” to meana pressurized vessel, whereas another might define “tank” to mean a tracked vehicle.Both definitions are acceptable, but the user must understand these definitions, andtheir context, to properly use the data. (DoD 8320.02-G)Web Services: A standardized way of integrating web-based applications using openstandards over an Internet Protocol backbone. Web services allow applicationsdeveloped in various programming languages and running on various platforms toexchange data without intimate knowledge of each application’s underlying IT systems.(DoD 8320.02)Website: A collection of web pages, that is, HTML/XHTML documents accessible viaHypertext Transfer Protocol (HTTP) on the Internet, an

intranet, or another network. Thepages of a website can be accessed from a common root uniform resource locator(URL) using common web browsers. The URLs of the pages organize them into ahierarchy, although the hyperlinks between them control how the reader perceives theoverall structure and how traffic flows between the different parts of the site. (DoD8320.02-G)====================================================This is the html version of the file http://thedocs.hostzi.com/DoDAF-DM2_CMP_v1-0_FINAL_2011-10-03r1.docx.Google automatically generates html versions of documents as we crawl the web.Department of Defense

Office of the Assistant Secretary of Defense (OASD) for Network Infrastructure and Integration (NII)

Configuration Management Plan

for

The DoD Architecture Framework (DoDAF) and DoDAF Meta Model (DM2)

Version 1.0

3 October 2011

Distribution A

Approved for public release; distribution is unlimited.

THIS PAGE INTENTIONALLY LEFT BLANK

Revision History

This document is under the control of the Department of Defense Chief Information Officer (DoD CIO). Any changes to this document will be reflected by a document change record or by a complete revision.

Document Date Revision Level Change Description Affected Section(s)April 2010 1.0 DRAFT First DRAFT submitted to FAC for review ALLMarch 2011 1.0 DRAFT Response to FAC comments ALLOctober 2011 1.0 DRAFT Revision for change in FAC voting process, formal tasker process, baseline scheduling, and additional FAC comments ALL

THIS PAGE INTENTIONALLY LEFT BLANK

Table of Contents

List of Figures and Tables

IntroductionPurposePurposes of the DoD Architecture Framework (DoDAF)The purpose of the DoD Architecture Framework (DoDAF) is to support process improvement for the six core processes of DoD:

Joint Capabilities Integration and Development (JCIDS)Planning, Programming, Budgeting, and Execution (PPBE)Acquisition System (DAS)Systems Engineering (SE)Operations PlanningCapabilities Portfolio Management (CPM)Purposes of the DoDAF Meta Model (DM2)The DoDAF Meta Model (DM2) is the core of DoDAF. The purposes of DM2 are:

Provide the vocabulary for description and discourse about DoDAF models (formerly “products”) and core process usage.Provide the basis for generation of the “physical” exchange specification for exchange of data between architecture tools and databases.Provide a basis for semantic precision in architectural descriptions to support heterogeneous architectural description integration and analysis in support of core process decision making.Support discovery and understandability of architecture data assets within the DoD Enterprise Architecture (EA) Community of Interest (COI) and with cross-COIs, discovery using DM2 categories of information, and understandability thru precise semantics augmented with linguistic traceability.Support information sharing across the DoD Enterprise Architecture COI with precise, universally understood, and commonly interpretable semantics.Purposes of DoDAF-DM2 Configuration Management (CM)The purposes of DoDAF-DM2 Configuration Management (CM) are:

Governance. Provide a visible and clearly understood process for DoDAF-DM2 issue resolution and model improvement. Establish change activity that is controlled through a known, organized process so that there is a known basis for making change to architecture model, and a means for evaluating the effectiveness of that change. Establish procedures for interaction with related communities including related COIs, EA tool vendors, and semantic interoperability groups.Product Improvement. Improve the ability to produce desired models and analyses that reflect customer need through common understanding of the definition and usage of the data. Provide a process for evaluation of present and future impact of proposed changes.Baselines. Maintain stable DoDAF-DM2 baselines and clearly establish and provide community-wide awareness of DoDAF-DM2 developmental, operational, deprecated, and retired baselines. Ensure that all changes to any baseline can be traced to an approved change proposal and that the implementation status of changes can be verified.COI. Provide a means to continuously re-assess and improve information sharing within the DoD EA COI and with related COIs, to determine requirements for information sharing, and to monitor and measure progress within the DoD EA COI.A configuration management program provides an orderly way to facilitate change, based on need, and utilizes best practices and performances standards to ensure that expectations are realized, efficiency is increased, reliability and maintainability is assured, and stability achieved.

ScopeThis plan applies to the Office of the Secretary of Defense, the Joint Staff, the Military Services, the Combatant Commands and Defense Agencies at all levels involved in the development, employment, and maintenance of enterprise architecture models and data. The scope of this DoDAF-DM2 Configuration Management Plan (CMP) is:

Configuration Identification (CI)Configuration Management Organizational Roles and InteractionsDoDAF-DM2 CM Processes and ProceduresDoDAF-DM2 CM Business RulesConfiguration Status AccountingDefinitionsReference (d), “Military Handbook Configuration Management Guidance”, states, “DoD has adopted ANSI/EIA-649, “National Consensus Standard for Configuration Management,” as the guiding document providing the basic principles of Configuration Management. Consequently, this CMP adopts terminology and processes from Reference (a), “National Consensus Standard for Configuration Management”. . As stated in Reference (a),

The configuration management process facilitates orderly management of product information and product changes for such beneficial purposes as to revise capability; improve performance, reliability, or maintainability; extend life; reduce cost; reduce risk and liability; or correct defects. The relatively minimal cost of implementing configuration management is returned many fold in cost avoidance. The lack of configuration management, or its ineffectual implementation, can be very expensive and sometimes can have such catastrophic consequences as failure of equipment or loss of life.

It prescribes processes and procedures for:

The orderly establishment, documentation, and maintenance of a product's functional, performance and physical attributes

Management of changes to the attributes

Access to accurate information essential to the product's development, fabrication, production, use, maintenance, procurement, and eventual disposal..

Reference (a) defines a flexible, but well-defined standard employed most often at the ‘enterprise’ level. Its flexibility lies in the ability to provide CM practices that can be selectively applied to the degree necessary for each of the areas to be covered under this plan. Thus, while the standard will be the guide for development of the plan, its principles should not stifle necessary change without undue complexity. Rather, changes that are complex will require more stringent application of technical review, especially on the impact of potential change, than less complex proposals that may be expedited as administrative or logistical changes that do not require the same treatment.

Key terms are defined below. A complete glossary of terms, acronyms, and abbreviations is included at the end of this document.

Configuration Management (CM): a management discipline that applies technical and administrative direction over the life cycle of an item to:Identify and document the functional and physical characteristics of configuration items (CIs)

(configuration identification)Control changes to configuration items and their associated documentation (configuration control)Record and report information needed to manage configuration items effectively, including the status of proposed changes and the implementation status of approved changes (status accounting)Audit CIs to verify conformance to requirements (configuration audit)Configuration Item (CI): an aggregation of metadata, and occasionally data on architecture components, processes, or data that is designated for configuration management and treated as a single entity in the configuration management process. (E.g., NetViz net file, Core Systems and Quantities List, etc.) [Adapted from ISO 10007:1995(E)]Baseline: the configuration of a model formally established at a specific point in time, which serves as a reference for further activities. [ISO 10007:1995(E)]Release: the formal notification and distribution of an approved baseline version of a configuration item.Change Request (CR): A formal request for a major and/or specific change to a CI.Change Request Tracker (CRT): A database used to track submitted CRs to any configuration item and to document all actions that add, delete, or change a configuration item. Configuration Status Accounting Report (CSAR). A formal document prepared monthly that summarizes all DoDAF-DM2 Working Group (WG) activities during the monthly period, WG membership participation over the period, and all WG recommendations prioritization and adjudication of CRs.Version Description Document (VDD). A formal document issued with each DoDAF-DM2 baseline that describes all changes from the prior baseline in summary and detailed form.

Applicable DocumentsReference Number and Title Document Control Number Author DateNational Consensus Standard for Configuration ManagementANSI/GEIA Standard EIA 649-A American National Standards Institute Architecture and Standards Review Group (ASRG) CONOPS DoD CIO Feb 2010Systems and software engineering — Architecture descriptionISO/IEC WD4 42010IEEE P42010/D5

Jan 2009Military Handbook Configuration Management GuidanceMIL-HDBK-61A(SE) DUSD (AT&L) Feb 2001

Configuration IdentificationThe DoDAF-DM2 Configuration Items and their associated data items are:

DoDAF Viewpoint Definitions. Conventions for the construction, interpretation and use of architecture views and associated architecture models.DoDAF Model Specifications. Specifications from which architecture views representing a architecture are composed.Data Dictionary. Defines all non-demotic terms used in DoDAF and the DoDAF Meta Model.

DM2. Consists of a Conceptual Data Model (CDM) diagram and narrative description, a Logical Data Model (LDM) in an UML file adapted to IDEAS and a narrative description, and Physical Exchange Specification (PES) XML Schema Descriptions.NOTE that introductory, tutorial, document outlining, and web navigation documentation is considered under control of the DoDAF Journal editorial team and not subject to formal CM in scope of this plan.

DoDAF-DM2 baselines are statused as “DoDAF Version 2.xx” and “DM2 Version 2.xx” where xx is a sequential number assigned to each baseline. The status of DoDAF-DM2 baselines follows the nomenclature established by the DoD MDR as follows:

Operational: This is the current baseline approved for use throughout the DoD EA COI. In addition, this status indicates the Namespace Manager has deemed the baseline of sufficient quality to be used by other COI’s. This baseline is frozen and cannot change.Developmental: This is the future operational baseline and the baseline the FAC directs the DoDAF-DM2 WG to work with. DoDAF-DM2 CRs are applied against this baseline.Deprecated: These baselines are still valid for use but will be retired in the near future.Retired: These baselines are no longer valid to use.Deprecated and retired baselines will be kept in an archive.

Organizational Roles, Responsibilities, and InteractionsAs per Reference (b), “Architecture and Standards Review Group (ASRG) CONOPS”, there are three organizations involved in CM of the DoDAF-DM2 CI’s. They are shown outlined with the yellow background in Figure 3-1 and described in the following subparagraphs.

Figure 3-1. DoDAF-DM2 CM Organizational Relationships

Architecture and Standards Review Group (ASRG)For purposes of DoDAF-DM2 CM, the ASRG has the assigned authority and responsibility to approve configuration baselines and make decisions on configuration and its management.

The mission of the ASRG is to review and provide architecture policy and guidance, identify IT technical standards, oversee IT standards management, review and approve architectures as fit for federation, assess compliance with architecture policy, and oversee DOD EA Federation. [Adapted from ASRG CONOPS and ISO 10007:1995(E)] The ASRG serves within the DoD CIO Enterprise Governance framework. The ASRG is subordinate to the DOD CIO Enterprise Governance Board (EGB). It is chartered to: review architecture policy and guidance; identify DoD Information technology (IT) technical standards; oversee IT standards management; review architectures and enforce architecture policy; oversee DoD EA Federation; and enforce DoD Information Enterprise Architecture (IEA) compliance. The ASRG receives its authority to perform these duties from the DoD CIO Governance Board Restructure Implementation and EGB Charter, as authorized in DoD Directive 5144.1, Assistant Secretary of Defense for Networks and Information Integration/DoD Chief Information Officer (ASD(NII)/DoD CIO).The ASRG is co-chaired by the DoD CIO’s Director of Enterprise Architecture and Standards, and the Defense Information Systems Agency (DISA) Chief Systems Engineer. The ASRG meets quarterly or as requirements dictate. Chief Architects and Chief Engineers from the military services, selected Combatant Commands and Defense Agencies, USD (AT&L), Joint Staff J6, and the Director of National Intelligence (DNI) CIO comprise this group. the ASRG works through a dedicated secretariat, standing groups, and ad hoc working groups to execute its responsibilities. The standing groups that report directly to the ASRG include the Information Technology Standards Committee (ITSC), Global

Information Grid (GIG) Technical Guidance Configuration Management Board (GTG CMB), and FAC. Each has subordinate working groups. Ad hoc groups will also be constituted as needed to work specific issues related to policy, compliance criteria, reference models, and related issues in the EA and standards domains. Support will be provided by member organizations, and existing groups will re-align under the ASRG as applicable. The Enterprise Reference Architecture Cell, an element of the Enterprise Architecture and Infrastructure Directorate, will also provide support to the ASRG. ASRG membership is at the FO/GO/SES level and has representatives fromDoD CIO (DirectorEA and Infrastructure DirectorateCo-Chair)DISA (Chief Systems EngineerCo-Chair)DNI CIO (Chief Architect )USD (AT&L) (Deputy DirectorSystems Engineering )USD (Intelligence) (Chief Architect )USD (P&R) (Director of Information Management )Army (Chief Architect )Department of Navy (Chief Architect )USMC (Chief Architect )Air Force (Chief Architect )DCMO (Chief Architect )Joint Staff J6 (Vice Director for C4 Systems )STRATCOM (Chief Architect )JFCOM (Chief Architect )NSA (Chief Architect )DNI CIO (Chief Engineer )Army (Chief Engineer )Department of Navy (Chief Engineer )Air Force (Chief Engineer )Joint Staff J6 (Chief Engineer )JFCOM (Chief Engineer )NSA (Chief Engineer )Federated Architecture Committee (FAC)The mission of the FAC is to serve as the Architecture Community of Interest (COI) for the formulation and exchange of DoD architecture concepts, guidance, and policy and to review and recommend to the ASRG that Capability Segment, Reference, Component, and Enterprise-wide Solution architectures are fit for federation into the DoD EA. FAC membership consists of O6-level or civilian equivalent Enterprise Architects and associated managerial and technical professionals, responsible for overseeing architecture programs and activities within their organizations. The FAC is chaired by the DoD CIO EA and Infrastructure Directorate on behalf of the DoD Chief Architect. The Chair reports to the ASRG. The FAC will meet monthly or as required by the Chair. [Adapted from ASRG CONOPS and ISO 10007:1995(E)] For purposes of DoDAF-DM2 CM, the FAC is a board composed of technical and administrative representatives with the assigned authority and responsibility to review configuration baselines and to recommend approval to the ASRG. The FAC reviews CR adjudication recommendations from the DoDAF-DM2 WG and votes to accept, reject, or defer these recommendations. The FAC shall consider changes to DoDAF-DM2 for reasons that can be traced to:changes needed to eliminate newly discovered internal inconsistencies in the model, or regular model

maintenance and clean up,changes needed to make the model implementable in tools,new (or so far unmet) user community requirements, for example changes needed as a result of changing DoD processes, such as definitions in JCIDS or acquisition processes, new directives, etc.),changes in definition, or application of architecture modeling principles and tool application (e.g. release of a new related industry standard such as OASIS Reference Architecture). DoDAF-DM2 WGThe DoDAF-DM2 WG is an advisory group to the FAC. Whereas the FAC is relatively small formal voting body, the WG is a large collaborative body. The DoDAF-DM2 WG has hundreds of members from Government, military, industry, academia, and vendor communities. The DoDAF-DM2 WG oversees, reviews, and makes recommendations to the FAC on matters related to the DoDAF-DM2. The DoDAF-DM2 WG provides the subject-matter expertise necessary to provide informed and broad-based recommendations to the FAC. An overview of the relationship between the FAC and the WG is shown in Figure 3-2; details of the interaction are provided in section 4 of this CM Plan.

DoDAF-DM2 WG RolesThe DoDAF-DM2 WG is internally organized into a Functional Configuration Manager (FCM), CI Custodians (one per DoDAF-DM2 CI), and the WG members.

The FCM conducts the WG meetings, performs the day-to-day duties of organizing the WG, maintains the DoDAF-DM2 Action Item system, reports to the FAC, including regular submission of DoDAF-DM2 Configuration Status Accounting Reports (CSAR), maintains the ARCH Namespace on the DoD MDR, represents the DoDAF-DM2 WG at related COI, DoD MDR, and other forums, and establishes DoDAF-DM2 baselines.Designated CI Custodians maintain the CI baselines. DoDAF-DM2 CI Custodians are agents who are appointed to maintain specific DoDAF-DM2 CI’s. CI Custodians will research, analyze, and make recommendations on DoDAF-DM2 CRs and implement approved changes to designated CI’s as directed by the FCM.DoDAF-DM2 WG members. Membership is voluntary and there are no pre-requisites for membership. Members are from Government, military, industry, academia, and vendor communities. No restrictions were made because they tend to stifle input and alienate organizations. However, the DoDAF-DM2 WG follows business rules that channel diverse member views and inputs productively. Members representing DoD components are expected to ensure their components are aware of ongoing work and inform the FAC accordingly. The DoDAF-DM2 WG interacts with the following organizations as shown in Figure 3-2. Roles of these organizations with respect to DoDAF-DM2 CM are as follows:The International Defense Enterprise Architecture Specification (IDEAS) Group is developing a formal ontology to facilitate interoperability of Enterprise Architecture (EA) models. Members are the United States, United Kingdom, Canada, Australia, and Sweden with observation by NATO.Industry Advisory and Standards Groups to include OMG and OASIS.Related COI’s to include UCORE and C2 CoreControlled Vocabulary groupsPilots and Early AdoptersDoD Architecture Registry System (DARS) WGDoD Metadata Working Group (DoD MWG).DoD COI Forum.EA Tool VendorsFigure 3-2. FAC - DoDAF-DM2 WG Organizational Relationships Overview

DoDAF-DM2 CM Processes and Procedures

DoDAF-DM2 CM Processes and ProceduresDoDAF-DM2 CM is accomplished by the following major process types:

CR Processing and Configuration Status ReportingPreparation of Draft Baseline, Baseline Review, Resolution, and ReleaseEach of these is described in the following subparagraphs.

CR Processing and Configuration Status ReportingA typical monthly DoDAF-DM2 CM process is shown in Figure 4-2. Each of the tasks is described in detail in the following subparagraphs.

Maintain MembershipThe FCM will record attendance at scheduled WG meetings and update the membership information as needed with the following:

Name: The name of the individual attending the Work Group.Employer: The company which employs the individualOrganization/Project Supported: Project supported by individual.Principal ASRG/FAC Association: Organization represented by member.Email: Contact Email for the attendee.2nd Email: Secondary Email for contacting the attendee: (optional)3rd Email: Tertiary Email for contacting the attendee: (optional)Enter New CRsDoDAF-DM2 CRs can be submitted via the DoDAF-DM2 Working Group website or provided to the FCM by email or at meetings. New CRs are entered into the CRT with:

Number: A sequential number assigned to a specific CR.Title: A descriptive name assigned to a specific CR.Description: A detailed description of the CR, including any and all suggested resolutionsDate Submitted: Date the CR was added to the CR/DB tracking database.Source: Name of individual submitting the CR.Source Organization: Organization of the individual submitting the CR.Configuration Item (CI): The CI which the CR is about from Table 1.Data Group/ Model/ Other: Part of the CI which the CR specifically requests to be changed.Level of Effort (LOE): Estimate of the resources needed to adjudicate the request as High (H), Medium (M), or Low (L). The default value for new CRs is M.Priority: Importance to submitter and overall usability of the CI as High (H), Medium (M), or Low (L). The default value for new CRs is M.Core Process Category: One of six Core Process listed in paragraph 1.1, if reference by submission.Description of Core Process Requirement: A description extracted from the CR if provided.Status. New CRs are statused as Unassigned.

Figure 4-1. CR Processing and Configuration Status Reporting

Prepare Agenda and Readaheads

The FCM prepares an agenda of significant events since the last WG meeting, proposed actions based upon requests from last DoDAF-DM2 WG, prioritization from the FAC, inputs from other DoDAF venues, and periodic needs, e.g., to status “in progress” CRs. The typical agenda contains announcements and reports of significant events, status update for “in progress” CRs, presentations by submitters and/or Actionee(s) of new or in progress CRs, starting point in the excel spread sheet for next CRs for consideration and discussion, and time to suggest topics for the next meeting.

The FCM also includes in the Email agenda notification a link with a read-ahead for the upcoming WG from Reference and Research and other material and statuses a numeric summary of DoDAF-DM2 CRs by Status, Priority, and LOE. The FCM also notifies members of any new or updated Research and Reference material on the DoDAF-DM2 Collaboration Site. When a new CR is ready for consideration to the WG, it is proposed as a regular WG meeting agenda item.

Conduct WG MeetingThe FCM moderates the conduct of the meeting according to the agenda including:

Assisting members and quest with achieving proper access to the collaboration environment, taking attendance and recording contact information for new members.Introducing and regulating the sharing of status and any special briefings on agenda topics.When an agenda item for a new CR is queued, the FCM aids CR originator: (Note if the CR Originator does not present at scheduled the bi-weekly WG meeting, the unassigned CR is “Moved” to the bottom of queue and it is now in CR trackers rotation discussion queue)in the briefing the WG,presenting additional materials to the WG, including ones submitted in real-time by WG members,advising WG members of DoDAF-DM2 Business Rules as established and described in paragraph 5, herein,and facilitating orderly, time-limited, and productive discussion.If the working group decides to accept the CR, then the next decision is to determine how it will be implemented. This could include discussion to determine:If the CR requires long term research and/or determination of some Course of Action (CoA) and associated Actionee(s) orIf the CR can be resolved without further research.If it can be handled through a simple fix or change (e.g. short textual rewrite with in document), it will be resolved during the current WG discussion and:The change is made to the appropriate CI working copy, andDocumented in the CR Tracking system with the status of “In Version 2.XX” and recording of what was done and the date the action was taken.If, after discussion, the WG decided there is need for establishing an CoA, they can choice one of the following actions after following the Originator/Actionee research process outlined in paragraph 4.1.3 below. They do so via mutual consent of the WG attendees (no formal voting process is used): The Action decision shall be recorded with rational in the Action field of the CRT. The date of decision is recorded in the Action Updated Date, Action is recorded in the Action column, and Actionee(s) assigned Actionee(s) may be updated. The following are possible Status:In general, if the new CR will require significant time and resources for accomplishment, it will be added to a prioritized list of items that will be addressed through major revisions or formal updates. The significance of the CR will be considered for prioritizing its placement within scheduled revisions or updates as decided by the working group. Once the CI has been included in a formal revision, this information will be passed to the ASRG Secretariat who will inform the submitter of the CIs disposition (See paragraph 4.1.6).

Just like new CRs, When the agenda calls for review of existing DoDAF-DM2 CRs (CR tracking system) or CI Custodian actions , they are queued for consideration by the WG on a rotating basis. After Actionee(s) provide research findings and subsequent WG discussion, the WG decisions are entry into the CR tracking system again based on mutual consent of the WG attendees (no formal voting process is used). If after Actionee(s) presentation the CR now is considered completed or involves change beyond the requirements baseline of DoDAF-DM2 (core process modeling), or is technically incorrect, inconsistent, or suboptimal, it will be Status appropriately using one of the codes listed in f above. A rationale is recorded in the Action field in the CRT.All Completed CRs are reported to the FAC via the WG activity Summary CSAR. Minority member non-concurrence can be report to the FAC through the members FAC representative. Details in reporting to FAC are in paragraph 4.1.6 below. The FAC can vote to redirect CR priorities recommended by the WG and/or request further consideration of statused and/or non-concurred CRs.When the FCM receives instructions on redirections from the FAC, the topics will be added to the agenda for the next Bi-weekly WG meeting.The redirection will be discussed with the CR originator/CR actionee(s) for possible Action impact and the WG again discuss options.If the Action impacts business rules or Program vendors, these impacts along with new recommendation from the WG will be reported to the FAC at the same time as the CSAR is sent for FAC consideration as per Paragraph 4.1.6 below.Update CR StatusWhen the WG Actionee(s) present findings to the WG for review, The Status, Action, Action Update Date, Actionee(s), CI Change Date and/or WG Approve Date will be change to reflect the consensus of the WG.

Research TopicOriginator/Actionee recommendation process: Actionee(s) perform preliminary research and prepares a brief for the WG. Research materials are provided to the FCM for posting on the DoDAF-DM2 URL collaboration site.

Maintain Working Group Collaboration SiteMaterial prepared for briefing initial new CRs by originator(s) or Action Item research discussions will be added to content which can be found on the work group collaboration tab on to the http://cio-nii.defense.gov/sites/dodaf20/ web site.

Implement Directed Solution. The CI Custodian implements the solution as directed by the DoDAF-DM2 WG (paragraph 4.1.2.3.h.3), taking care to maintain consistency with all other CI’s and data items, particularly the Data Dictionary.

Conduct Ad Hoc WG SessionsThe Actionee(s) may require addition discussion to complete Research topics. Meetings with selected WG membership will be conducted as required.

Report to FACThe FCM reports to the FAC at each monthly FAC meeting. At the meeting, the FCM also receives direction on WG priorities and technical courses of actions and solutions. The FAC specifically reviews priorities recommended by the WG, resolves problems and issues that cannot be resolved within the WG, provides additional guidance from the Community of Interest perspective, and

approves or redirects the priorities. This information, guidance and approved priorities are given to the FCM for conduct of future WG activities. An overview of the data exchange is shown in Figure 4-2.

WG Activity summary information briefingOther information briefings of significant recommendations being consideredConfiguration Status Accounting Report (CSAR) document for informationProcess CR RedirectsFigure 4-2. Monthly Reporting Cycle

DoDAF Specific ProcessingProcessing specific to DoDAF CRs (as indicated by the CI field in the CRT) is shown in Figure 4-3. Note that if the analysis leads to a need for new or changed term or relationship, the process then leads into the DM2 specific processing described in paragraph 4.1.11,

View request process: If the CR requests deletion of a view or artifact within a view, perform paragraph c, below; otherwise perform paragraph b below.New or changed view request:Determine if the CR requires new views or new or changed artifacts and, if so, determine if the view or artifact is required by core process governance. If the new view or artifact or change is required by a Core Process, continue CR processing; otherwise reject.If a new artifact is being requested, determine if the artifact is included in an existing view. If the artifact is already in an existing view but a specific subset is required by Core Process governance, then proceed with CR processing; otherwise reject.If nether a new view or artifact nor a changed artifact is being requested, determine if the CR is for improved consistency, description quality, or other view description style guide issues. If so, continue CR processing; otherwise reject.Determine if CR requires a new of changed term. If the answer is Yes, perform DM2 Data Dictionary CR processing as described in paragraph 4.1.11.Determine if the CR requires a new relationship. . If the answer is Yes, perform DM2 Data Dictionary CR processing as described in paragraph 4.1.11.Construct the CR view requested IAW the view description style guide: Determine the name for the new relationship, create a “one-liner” of the new relationship, construct a description of the relationship, suggest Core Process usage of the new relationship, and provide a DM2 mapping of the new relationship. When these are completed, propose that the CR is done and request schedule for WG review.Artifact deletion request:Determine is artifact is required by core process governance. If the answer is No, perform paragraph 4) below, elseDetermine if artifacts are included in some other suitable existing view. If the answer is Yes, continue CR processing; otherwise reject CR.Determine if the manner in which the artifact is contained in the view proposed for deletion is required by Core Process governance for a particular reason. It the answer is No, continue CR processing; otherwise reject CR.Deleted artifact from View. If as a result of the deletion of this artifact, the view no longer has any artifacts, propose that the entire view be deleted; otherwise, create modified view with artifacts deleted.Notify Core Process governance owners of any changes proposed to cited views.

Figure 4-3 Detailed DoDAF CR Processing

DM2 Specific ProcessingProcessing specific to DM2 CRs (as indicated by the CI field in the CRT) is shown in Figure 4-4.

The CR is reviewed to determine if it requires a new term or definition change/DM2 relationship changeA determination is made to evaluate if a new term is requested. If the answer is yes follow procedures in b below, else follow procedures in c belowData Dictionary Process:Collect source definitions and enter in the Data Dictionary. Particularly important when considering new independent classes is researching multiple source definitions and aliases. Review and pick or formulate definitionMake determination of definition status. If the definition can be aliased follow procedures in 4 step below, else follow new definition process in step 5 belowMap Alias into appropriate location in the Data Dictionary and prepare for WG presentation (END).Determine the supertype of the new definition using the BORO analysis technique.Determine relationship in the DM2 by going to paragraph d belowA determination is made to evaluate the nature of the relationship change. If an new relationship is required follow procedures in d below and consider alternatives in f belowNew Relationship: If a new relationship is not required go to step e below, else perform the following:Relationship Process: Determine supertype using the BORO analysis process.If a super type can be determined, make change to DM2 and to Data Dictionary (paragraph b above) elseDetermine if the relationship should be aliased. If alias is selected add the alias to the Data Dictionary, else propose that the CR be rejected and request schedule for WG review (END).Evaluate relationship integration impact:What definitions and other requirements are effected by changed relationshipsIf the changed relationship has no impact on the model make change to DM2 and request schedule for WG review (END), else consider alternativesAlternatives:Consider possible alternatives and if there are nonePropose that the CR be rejected and request schedule for WG review (END).

Figure 4-4. DM2 CR Processing

Baseline ProcessThis process happens in two phases. The first phase is preparation of baseline for FAC approval for component review and the second phase is the adjudication of component comments and publishing the new baseline. Figure 4-6 shows the first phase required to prepare DM2 and DoDAF inputs for FAC approval. Figure 4-7 shows the review, resolution, and release process. A notional timeline for a DoDAF-DM2 version development and release is shown in Figure 4-5.

Figure 4-5. Notional DoDAF-DM2 Version Timeline

Announce to WG technical cutoff meetingThe FCM prepares an agenda of significant events since the last WG meeting, proposed actions based upon requests from last DoDAF-DM2 WG, prioritization from the FAC, inputs from other DoDAF venues, and order for “done” and “in progress” CRs to be presented. The cutoff meeting agenda contains announcements and reports of significant events, the actionee(s) briefing the “done” and “in progress” CRs , and time to suggest topics for the next meeting.

The FCM also includes in the Email agenda notification a link with a read-ahead for the upcoming WG from Reference and Research. The FCM also notifies members of specific material to be presented and its location in the Research and Reference material section on the DoDAF-DM2 Collaboration Site.

The FCM will notify WG membership of intentions to prepare a new baseline.Announcing a technical cutoff from CR solutions and implementations.The FCM will ask WG membership, who are CR actionee(s), to identify completed and ready for review “done” CR requests.The WG membership will also review “in progress” CRs for consideration.The FCM will announce a proposed date for the Technical Cutoff meeting.Figure 4-6 Baseline preparation

Conduct technical cutoff meetingThe FCM moderates the cutoff meeting according to the agenda including:

Assisting members and quest with achieving proper access to the collaboration environment, taking attendance and recording contact information for new members.Introducing and regulating the sharing of status and any special briefings on agenda topics.When an agenda item for a “done” or CR is queued, the FCM aids actionee(s) in :briefing the WG,presenting additional materials to the WG, including improvements submitted in real-time by WG members,advising WG members of DoDAF-DM2 Business Rules as established and described in paragraph 5 , herein,and facilitating orderly, time-limited, and productive discussion of baseline inclusion.When the agenda calls for review of “done” CRs (CR tracking system), they are presented to the WG membership. After Actionee(s) provide research findings and subsequent WG discussion, The WG decides if the CR is ready for baseline release. Approved CR are statused in the CR tracking system as “in version 2.xx” and others are re-status using codes from paragraph 4.1.2.3 and return to queue. All WG decisions are entry into the CR tracking system again based on mutual consent of the WG attendees (no formal voting process is used). The vetting process is similar to that listed for papa 4.1.2.3 but specifically include:Approved for baseline release CRs are given a WG approved date of the meeting.All other CRs will be given Updated status (e.g. defer, in progress for 2.XX+01., etc.) and given an Action Update Date of the meeting.When an agenda item for a “in progress” CR is queued, the FCM aids actionee(s) in:briefing the WG,presenting additional materials to the WG, including improvements submitted in real-time by WG members,advising WG members of DoDAF-DM2 Business Rules as established and described in paragraph 5 , herein,and facilitating orderly, time-limited, and productive discussion of baseline inclusion.

When the agenda calls for review of “in progress” CRs (CR tracking system), they are presented to the WG membership. After Actionee(s) provide research findings and subsequent WG discussion, The WG decides if the CR is ready for baseline release. Approved CR are statused in the CR tracking system as “in version 2.xx” and others are re-status using codes from paragraph 4.1.2.3 and return to queue. All WG decisions are entry into the CR tracking system again based on mutual consent of the WG attendees (no formal voting process is used). The vetting process is similar to that listed for papa 4.1.2.3 but specifically include:Approved for baseline release CRs are given a WG approved date of the meetingAll other CRs will be given Updated status (e.g. “in progress” for next version) and given an Action Update Date of the meeting.Minority member non-concurrence for any CRs approved for baseline can be report to the FAC through the members FAC representative.Reporting to FAC During Baseline CutoffThe FCM reports to the FAC at each monthly FAC meeting. At the meeting, the FCM will report on CRs to be included in the baseline release, CRs plan for version, and the version release timeline and any issues. The FCM also receives direction on WG priorities and technical courses of actions and solutions. The FAC specifically reviews priorities recommended by the WG, resolves problems and issues that cannot be resolved within the WG, provides additional guidance from the Community of Interest perspective, and approves or redirects the priorities. This information, guidance and approved priorities are given to the FCM for conduct of future WG activities.

Prepare baseline review documentationThe FCM will direct the CI and CR Custodians to prepare documentation for Component review to include:

Finalize implementationsPerform QA using various IDEAS Group and DoDAF-DM2 Custodian toolsUpdate definitions in EA file from Data DictionaryGenerate XSDs from Data Dictionary and Mappings Excel and EA UML filesUpdate all description documentsPrepare a Version Description Document (VDD) that describes changes to the DoDAF-DM2 in the new version. The VDD will be uploaded to all the DoDAF-DM2 distribution points. This will be prepared from CRT by changing Action field to describe the change actually made.Rename all new baseline files from ISO date stamps to version stampingOn MDR, deprecate v2.xx and post v2.xx+01 to Operational status. All ARCH namespace and DoD EA COI subscribers notified of the update.Provide all data items to DoD CIO webmasters for posting and HTML regenerationArchive v2.xx on DoDAF-DM2 Collaboration Site, post new baseline, and create working copy for v2.xx+.02 with ISO date file stampingWhen the draft documentation is complete, the FCM will request its entry into the SACP and prepare a “tasker” for FAC to request Component review of proposed “draft” baseline.

Adjudication of Component CommentsThe FAC will collect component comments and forward them to the FCM for adjudication:

The FCM will direct the CI Custodian to re-status the CRs with component comments.The FCM will include the comments in the agenda for the next WG meeting.The FCM will use the normal WG meeting processes (paragraph 4.1.2) to resolve comments.The FCM will relay WG decisions to the FAC in monthly CSAR report (paragraph 4.1.6)

When all comments have been resolved and the FAC has not redirects the FCM based on the CSAR report and FCM briefing. The FCM will begin Baseline production.Perform Baseline Production and QAThe FCM will direct the CI and CR Custodians to prepare final documentation for baseline release to include:

Finalize implementationsPerform QA using various IDEAS Group and DoDAF-DM2 Custodian toolsUpdate definitions in EA file from Data DictionaryGenerate XSDs from Data Dictionary and Mappings Excel and EA UML filesUpdate all description documentsPrepare a Version Description Document (VDD) that describes changes to the DoDAF-DM2 in the new version. The VDD will be uploaded to all the DoDAF-DM2 distribution points. This will be prepared from CRT by changing Action field to describe the change actually made.Rename all new baseline files from ISO date stamps to version stampingOn MDR, deprecate v2.xx and post v2.xx+01 to Operational status. All ARCH namespace and DoD EA COI subscribers notified of the update.Provide all data items to DoD CIO webmasters for posting and HTML regenerationArchive v2.xx on DoDAF-DM2 Collaboration Site, post new baseline, and create working copy for v2.xx+.02 with ISO date file stampingProvide Recommendation to ASRGThe FCM will prepare promulgation notice for the FAC to present to the ASRG. Upon ASRG approval, the ASRG approval recommendation will be provided to the DoDAF community distribution and a news article will be posted in the DoDAF Journal.

Publish New Baseline The FCM and Custodians will update the CI locations deprecating the prior version, and archiving older versions. The FAC, WG, and DoDAF community via community events such as the DoD EA Conference and DoDAF Plenaries will be notified of the publication.

Figure 4-7 Release Baseline Process

DoDAF-DM2 CM Business RulesBusiness rule govern the conduct of the DoDAF-DM2 WG CM processes. The business rules that apply to the DoDAF-DM2 WG are of two types, one pertaining to the CIs and the the other pertaining to the conduct of the WG. The former are shown in Table 5-1 and the latter in Table 5-2.

Table 5-1. DoDAF-DM2 Model Specification RulesRule Name DescriptionTerms and Definitions All model and alias terms proposed for inclusion in the data dictionary shall be researched for multiple source definitions. DoD definitions shall be included. Other Federal Government, industry and academic and common definitions should also be included. The WG shall formulate a baseline definition based on the multiple sources, core process requirements, and model structural meaning. The source definitions and the rationale for the baseline definition shall be

maintained in the data dictionary as well.AliasesTerms representing concepts that are represented in a semantically equivalent way by other terms and concepts in the model shall be maintained as aliases and shall not be introduced into the model. Multiple source definitions shall be maintained as with other model terms and a consensus definition shall be derived from the sources. Core Process Requirement All concepts included in the DM2 shall be necessary to support the information requirements of one or more core processes (PPBE, DAS, JCIDS, CPM, SE, OPS). All DoDAF models shall be applicable to one or more core processes. Core process information requirements shall be as explicitly or implicitly specified in current or planned DoD governance. All model terms and concepts not necessary for core process support with architectures shall be removed. All core process information requirements for architectural descriptions shall be modeled and contained in one or more DoDAF models.Aggregation Rule If a term representing a concept differs structurally from some other term representing some concept only in level of aggregation, it shall not be included in the model. Whole-part relationships cover the need without different names for different types of wholes and parts. The term may be included as an alias.Subtype Rule If a term representing a subtype concept has no structural difference from its supertype, it shall not be included in the model. Super-subtype relationships cover the need without different names for different types of supertypes and subtypes. The term may be included as an alias.Typed Relationships All relationships shall be typed, ultimately up to IDEAS foundation. The typing shall be determined using BORO analysis of spatio-temporal examples.Attributes and Properties All attribute and property relationships shall be explicit, that is, by an association class that is typed according to the Typed Relationships rule. The only exceptions are for representational exemplars.DoDAF model specification All DoDAF models shall be specified using terms from the data dictionary. Aliases may be used. If new terms are required, they shall undergo the process for new term inclusion in the data dictionary as described by the Terms and Definitions and Aliases rules. All DoDAF models shall be mapped to the DM2 classes (base and associative) that represent the information contained in the view the model specifies.Information Pedigree There shall be a provision to provide pedigree (and provenance) for every piece of data IAW NCDSSecurity classification marking There shall be a provision to provide a classification marking for every piece of data and for DM2 PES XML documents overall IAW NCDS

Table 5-2. DoDAF-DM2 Working Group Process RulesRule Name DescriptionDecision Process Decisions on CM processes, CRs, etc., are reached via mutual consent of the WG attendees (no formal voting process is used). Attendance is taken at each meeting, notes are logged and AIs/CRs are statused.DoDAF-DM2 work share site Maintains reference and research materials for WG.Maintain DoDAF-DM2 descriptions Part of CDM and LDM CI’s. Formerly, DoDAF Volume I, Section 9, and Volume II, Section 2WG CR cross-referencing and report-out For CRs coordinated with DoDAF and/or DARS WG, maintain CR cross-referencing and ensure report-out at CR closure.Modification to DDMS DoD EA COI Extensions and other DoDAF-DM2 architectural description metadata Coordination with DARS WG.Organizational Introduction Consideration of impact of change on existing and/or on-going

architecture and engineering efforts. Timing, degree of impact, “grandfathering’, and backwards compatibility will be considered.Quality Assurance Quality and clarity of proposed changeWG CR cross-referencing and report-out Monthly CR status reports generated from the CRT.XSD Content Via LDM CI data item that maps DM2 LDM to DoDAF models.Extensions A core that can be extended by user communities, so as not to try to cover all user detail. Extenders should be careful to not create redundant representations. Extensions (subtypes (e.g., Unified Modeling Language (UML) specializations), additional attribution, and concepts beyond scope of DoDAF-DM2) to the DoDAF-DM2 are expected and can be done by architecture development efforts. If an extension becomes widespread, it may be appropriate to submit a change request to the DoDAF so that it can be considered by the DoDAF Change Control Board and the Data Working Group for inclusion in the baseline DoDAF-DM2Configuration Status AccountingCR Tracker (CRT)CRs are tracked via system that records all actions, plans, status, and dispositions for CRs. The CR tracker has the following fields:

Table 6-1. CRT FieldsField Definition ValuesNo. Sequential number for DoDAF / DM2 action items and change requests assigned by the DoDAF / DM2 WG secretariat. Natural numbersTitle Short title of action item or change request for convenient reference by WG. TextDescription Action item or change request as submitted by submitter. TextDate Submitted Date submitted. dd mmm yyyySource Submitter individual, group, venue, etc. TextSource Organization Submitter organization. TextCI The Configuration Item to which the CR pertains. DoDAF Viewpoint, DoDAF Model, and / or DM2Data Group / Model / Viewpoint The DoDAF Viewpoint(s), Model(s) and / or DM2 Data Group(s) to which this CR pertains. Operational, Capability, System, Service, Project, Standard, Data and Information, AllAV-x, OV-x, CV-x, SV-x, SvcV-x, StdV-x, PV-x, DIV-x

Performer, Resource Flow, Services, Capabilities

Measures, Locations, Rules, Foundation (IDEAS), Pedigree, Metadata, Reification, Information and Data

LOE Estimated Level of Effort to resolve High, Medium, LowPriority FAC and Working Group priority for resolution of CR High, Medium, Low.Core Process Category Core process(es) that requires the requested change or that is potentially impacted by the CR. CPM, DAS, JCIDS, OPS, PPBE, SE.Description of Core Process Requirement The description of need or impact on the core process(es) cited in the Core Process field. TextStatus State of the CR in the CM process Consult IDEAS Group: If the CR involves the IDEAS Foundation, it is statused as “Consult IDEAS Group”. The Actionee(s) are set to the IDEAS Group US representative(s) and the Priority, LOE, and Action are updated with notes from the WG discussion as to what the Actionee(s) should address with the IDEAS Group. This CR now becomes a CR that will

not be re-statused until the IDEAS Group has been consulted and the CR issue has been addressed by the IDEAS Group.Defer: The CR can become a “defer” CR if the solution is too difficult, costly, time consuming. This could include decision to defer action until after next baseline release. The CR can also be deferred because it is not high priority, is not resourceable, or schedule is inadequate to solve, its Status also becomes “Defer”. Notes as to rationale may be added to the Action field in the CRT. Priority and LOE may also be updated.

In Progress for 2.xx+.01: If the CR is deemed desirable for the next baseline release, the Status becomes “In Progress for 2.xx+.01”, a preliminary Action is recorded in the CR database (DB), Actionee(s) are assigned, Priority is assigned, and an LOE is estimated. The CR will be re-statused at a future DoDAF-DM2 WG when the Actionee(s) have had time to research the CR and devise possible solutions and when In-Progress statusing becomes an agenda item.

Rejected: If the requested CR is not accepted or deemed “unactionable” by DoDAF /DM2 WG, its Status becomes “Rejected”. This includes any CR found to be incorrect, out of scope, or suboptimal. In addition the CI change date and WG Approved Date will be updated with the same date as the Action Update Date.

No Change Required: If the CR is determined to require no changes to the DoDAF or DM2, its Status becomes “No Change Required.” In addition the CI change date and WG Approved Date will be updated with the same date as the Action Update Date.

OBE: Although very unlikely for new CR, Previous CRs and/or CI from the CR and/or another CR has eliminated the need for this CR. In addition the CI change date and WG Approved Date will be updated with the same date as the Action Update Date.

In Ver 2.xx: If the CR is considered completed, its Status becomes “in Ver 2.xx”. A rationale is recorded in the Action field in the CRT and the WG Approve Date is also updated.

Unassigned: New ones that are pending WG initial review and determination of course of action and actionee.

Action During resolution, this is the action(s) the WG determines need to be taken, the Course of Action (CoA) to be taken. Upon satisfactory completion, this is the record of what was changed.

TextAction Update Date The date of the latest action update. dd mmm yyyyActionee(s) Who is assigned the action. CI Change Date Date(s) changes were made by the actionee(s) and reviewed by the WG. dd mmm yyyyApplicable CI Business Rules CI business rule(s) that need to be adhered to in the resolution of the CR.. From the Rule Name column of Table 5-1.Business Rule Adherence The CRs relationship with the adherence of a business rule. No, YesWG Approve Date The date the Working Group approves a CR. dd mmm yyyyCSARA CSAR is provided to the FAC by the WG every month. The contents are:

Purpose - This document summarizes the DoDAF-DM2 Working Group activities and status of DoDAF-DM2 Change Requests (CR).

Summary of the DoDAF-DM2 Working Group activity for the reporting period - To keep the FAC apprised of the Working Group meetings, agendas are listed as well as the attendance sheet and a complete list of the Working Group members.DoDAF-DM2 Change Request (CR) Status - This section shows the CR status summary for the current and prior reporting period. The CR tracker fields and field codes are defined in Table 6-1.VDDThe Version Description Document is published along with the new release. The purpose of this document is to describe changes made in the new version. It includes a summary of the DoDAF - DM2 change requests and their status. Of those, the ones that have been resolved are listed in a summary of improvements.

Glossary and TermsAccreditation An official determination by management that an M&S is acceptable for a specific purpose. [PAM 5-11]Activity Model Provides a framework for identifying, defining, and organizing the functional strategies, functional rules, and processes needed to manage and support the way an organization does or wants to do business--provides a graphical and textual framework for organizing the data and processes into manageable groups to facilitate their shared use and control throughout the organization. [DOD 5000.11-M]Application The system or problem to which a computer is applied. Reference is often made to an application as being of the computational type, wherein arithmetic computations predominate, or of the data processing type, wherein data handling operations predominate. [DoD Dictionary of Military and Associated Terms]Architecting The process of developing architecture.Architecture The structure of components, their interrelationships, and the principles and guidelines governing their design and evolution over time. [TOGAF]ASRG DoDAF-DM2 Change Request (CR) The formal mechanism to be used to configuration manage the architecture CI’s. The CR will be the document used to, (1) initiate a major change to a CI, and (2) request specific changes to CIs. Approved CRs are the main products of the ASRG.Archived information Information that has been retained for historical purposes that can be retrieved and is usable over the time designated for retention. [ANSI/EIA 649, 12/3/2001 Draft]Audit An independent examination of a work product or set of work products to assess compliance with specifications, standards, contractual agreements, or criteria. [CMU/SEI-93-TR-25, IEEE-STD-610]Baseline A configuration identification document or set of such documents formally designated and fixed at a specific time during the configuration item’s (CI’s) life cycle. Baselines, plus approved changes from those baselines, constitute the current configuration identification.Configuration (1) The product attributes of an existing or planned product, or a combination of products; (2) one of a series of sequentially created variations of a product. [ANSI/EIA 649, 12/3/2001 draft]Configuration audit The CM Function that reviews processes and products to validate compliance with requirements, and to verify that products have achieved their required attributes and conform to released product definition information. (I.e., (1) The review of procedures, processes, and systems for compliance and consistency. (2) Examination to determine if a product conforms to its product definition information. (3) Assessment of performance requirements to observed and measured information.) Note: These audits are sometimes divided into separate functional and physical configuration audits. [ANSI/EIA 649, 12/3/2001 draft]Configuration baseline Identifies and declares the attributes of a product at a point in time, which serves as reference for activities throughout its life cycle. [ANSI/EIA 649, 12/3/2001 draft]

Configuration change An alteration to a product and its product configuration information [ANSI/EIA 649, 12/3/2001 draft]Configuration change management The CM function that ensures changes to a configuration baseline are properly identified, recorded, evaluated, approved, incorporated, and verified. (2) The CM process concerning the systematic proposal, justification, evaluation, coordination, and disposition of proposed configuration changes; and the implementation of all approved and released configuration changes into (a) the applicable configurations of a product, (b) associated product configuration information, and (c) supporting and interfacing products and their associated product information. [ANSI/EIA 649, 12/3/2001 draft]Configuration Control The systematic proposal, justification, evaluation, coordination, and approval or disapproval of proposed changes, and the implementation of all approved changes in the configuration of a CI after establishment of the baseline(s) for the CI. [MIL-STD-973]Configuration Identification The selection of CI's; the determination of the types of configuration documentation required for each CI; the issuance of numbers and other identifiers affixed to the CI's and to the technical documentation that defines the CI's configuration, including internal and external interfaces; the release of CI's and associated configuration documentation; the functional and physical characteristics, and the establishment of configuration baselines for CI's. [MIL-STD-973]Configuration Item An aggregation of important information or data on a component that is designated for configuration management and treated as a single entity in the configuration management process. This definition includes all information of importance to the management of the design process and development of the CI. CIs include intermediate in-work/draft products and not just final products and, as such, change according to the specific work in progress.Configuration management (CM) A process that establishes and maintains consistency of a product with its requirements and configuration information throughout its life cycle. [ANSI/EIA 649, 12/3/2001 draft]Configuration status accounting (CSA) The CM function managing the capture, storage, retrieval, and access of product configuration information necessary to account for the configuration of a product. [ANSI/EIA 649, 12/3/2001 draft]Configuration verification The CM function verifying that a product has achieved consistency and accuracy of its product requirements, and product configuration information/data. The representation of facts, numbers, or datum of any nature that can be communicated/stored, and processed to form information. See Information. [ANSI/EIA 649, 12/3/2001 draft]Effectivity A designation defining the product range (e.g., serial, lot numbers, model, dates) or event at which a change to a specific product is to be (or has been) effected, or to which a variance applies. [ANSI/EIA 649, 12/3/2001 draft]Engineering Change Proposal (ECP)A proposed engineering change and the documentation by which the change is described, justified, and submitted to the Government for approval or disapproval. [MIL-STD-973] Appendix D of MIL-STD-973 provides the format and preparation instructions for an ECP.Group identifier An alphanumeric identifier that (1) uniquely identifies a group of like units of the same product which are manufactured or assembled under uniform conditions, and are expected to function in a consistent manner (e.g. lot). (2) Is used to uniquely designate a specific volumetric quantity (batch) of a material (usually a chemical mixture) created at the same time and expected to have properties similar to, but not necessarily the same as other batches created at other times. [ANSI/EIA 649, 12/3/2001 draft]Interchangeable A product that is capable of being exchanged with another product, which has equivalent or similar product, attributes without alteration of the products themselves, or of adjoining products, except for adjustment. [ANSI/EIA 649, 12/3/2001 draft]Interface The product attributes that exist at a common boundary of two or more products. [ANSI/EIA 649, 12/3/2001 draft]

Interface control The process of identifying, recording, and managing product attributes to the common boundary interfacing of two or more products provided by one or more organizations. Interface information is recorded information (e.g. interface control drawing) that depicts product attributes of an interface between related or co-functioning products. [ANSI/EIA 649, 12/3/2001 draft]Life cycle A generic term for the entire life of a product from concept to disposal. [ANSI/EIA 649, 12/3/2001 draft]Nomenclature (1) Names assigned to kinds and groups of products, (2) formal designations assigned to products by customer or supplier (e.g., model number or model type, design differentiation, specific design series or configuration). [ANSI/EIA 649, 12/3/2001 draft]Operational configuration The ‘state’ (i.e., on/off, open/closed, operating / not operating) of products, systems, or components at a particular point in time. The actual operational configuration will vary depending on overall product status and condition. [ANSI/EIA 649, 12/3/2001 draft]Operational information Information that supports the use of a product (e.g., operation, maintenance, and user’s manuals/instructions, procedures, and diagrams). [ANSI/EIA 649, 12/3/2001 draft]Planning, Programming, Budgeting, and Execution (PPBE) The process for justifying, acquiring, allocating, and tracking resources in support of DoD missions. [http://acc.dau.mil]Product attribute(s) Performance, functional, and physical characteristic(s) of a product--product configuration information. Information about a product in support of its life cycle phases. This includes product definition and supplementary types of information e.g., operating procedures, maintenance procedures, disposal methods) necessary to support all phases of the product’s life cycle. However, it does not consist of project or administrative types of information (e.g. cost, schedule, and planning etc. Update alias table [ANSI/EIA 649, 12/3/2001 draft]Product definition information Technical design definition information that defines product attributes and is the authoritative source for configuration definition. (E.g., specifications, drawings, source code) Other types of information are derived from the product definition information to develop the product configuration information (e.g., operating procedures, maintenance procedures, disposal methods) necessary to support the product. Update alias table [ANSI/EIA 649, 12/3/2001 draft]Product identifier A name or alphanumeric identifier, unique to the issuing organization, used to designate parts, assemblies, or products of the same configuration, and to differentiate them from other products. Note: These identifiers may include a supplementary identifier used to distinguish one of several sequentially created configurations of a product from the previous configuration of the same product (i.e. revision or version). [ANSI/EIA 649, 12/3/2001 draft]Release Dissemination or distribution of information and/or products after approval and is subject to configuration change management. [ANSI/EIA 649, 12/3/2001 draft]Retrofit The incorporation of new design parts, or software code, resulting from an approved configuration change, into products already delivered. [ANSI/EIA 649, 12/3/2001 draft]Specification Information that explicitly states the essential technical attributes for a product/unit:)One of a quantity of items (e.g., products, parts); identifier of measure [ANSI/EIA 649, 12/3/2001 draft]Validation Confirmation that the requirements for a specific intended use or application have been fulfilled [ANSI/EIA 649, 12/3/2001 draft]Variance An approved departure from a specified requirement(s). Note: A variance does not require a corresponding revision to current approved product definition information. It may be temporary, permanent, or for a specific use. [ANSI/EIA 649, 12/3/2001 draft]Verification Confirmation that the produce has fulfilled specific requirements. [ANSI/EIA 649, 12/3/2001 Draft]Version A particular form of product that varies from other forms of the product. [ANSI/EIA 649, 12/3/2001 draft]Acronyms

ACP Architecture Certification PackageCR Action ItemANSI American National Standards InstituteARCH ArchitectureASD Assistant Secretary of DefenseASRG Architecture Standards and Review GroupAT&L Acquisition, Technology and LogisticsCDM Conceptual Data ModelC2 Command and ControlC4 Command, Control, Communications and ComputersCI Configuration ItemCIO Chief Information OfficerCM Configuration ManagementCMB Configuration Management BoardCMP Configuration Management PlanAction Course of ActionCOI Community of InterestCPM Capabilities Portfolio ManagementCR Change RequestCSAR Configuration Status Accounting ReportDARS DoD Architecture Registry SystemDAS Defense Acquisition SystemDB DatabaseDDMSDoD Discovery Metadata SpecificationDISA Defense Information Systems AgencyDM2 DoDAF Meta ModelDNI Director of National IntelligenceDoD Department of DefenseDoD CIO Department of Defense Chief Information OfficerDoD MWG DoD Metadata Working GroupDoDAF DoD Architecture FrameworkDODDDepartment of Defense DirectiveDODI Department of Defense InstructionEA Enterprise ArchitectureEGB Enterprise Governance BoardEIA Electronic Industries AllianceFAC Federated Architecture CommitteeFCM Functional Configuration ManagerGEIA Government Electronics and Information AssociationGIG Global Information GridGTG CBM GIG Technical Guidance Configuration Management BoardIAW In Accordance WithIDEASInternational Defense Enterprise Architecture SpecificationIEA Information Enterprise ArchitectureIEEE Institute of Electrical and Electronics EngineersISO International Organization for StandardsIT Information TechnologyITSC Information Technology Standards CommitteeJCIDS Joint Capabilities Integration and Development

LDM Logical Data ModelLOE Level of EffortMDR Meta Data RegistryMIL MilitaryNGO Non-Governmental OrganizationNII Networks and Information IntegrationOASD Office of the Assistant Secretary of DefenseOASISOrganization for the Advancement of Structured Information StandardsOMG Object Management GroupOWL Web Ontology LanguagePES Physical Exchange SpecificationPOA&M Plan of Action and MilestonesPPBE Planning, Programming, Budgeting, and ExecutionQA Quality AssuranceRDBMS Relational Data Base Management SystemSE Systems EngineeringTWG Technical Working GroupUCORE Universal COREUSD Under Secretary of DefenseVDD Version Description DocumentWG Working Group ============This is the html version of the file http://thedocs.hostzi.com/DoD_NetOps_Strategic_Vision.pdf.Google automatically generates html versions of documents as we crawl the web.Page 1Department of DefenseNetOps Strategic Vision December 2008 Department of DefenseChief Information OfficerThe Pentagon – Washington, D.C.Page 2Page 3iii Table of Contents 1Purpose ............................................................................................................................................... 12Introduction ....................................................................................................................................... 12.1 NetOps Overview ........................................................................................................................... 12.2 The Role of NetOps in Net-Centric Operations............................................................................ 22.3 NetOps Today ................................................................................................................................. 33NetOps in the Future ........................................................................................................................ 43.1 The NetOps Challenge ................................................................................................................... 43.2 The Vision for Net-Centric NetOps............................................................................................... 54The Net-Centric NetOps Strategic Vision Goals and Objectives............................................... 74.1 Goal 1: Share GIG Situational Awareness...................................................................................74.1.1 Objective: Make NetOps data visible, accessible, and understandable to all authorizedusers 74.1.2 Objective: Provide GIG Situational Awareness information in a mission context............ 84.1.3 Objective: Establish metrics for measuring the health and mission readiness of the GIG 84.2 Goal 2: Unify GIG Command and Control..................................................................................84.2.1 Objective: Provide capabilities to support proactive and adaptive decision making for theoperations and defense of the GIG........................................................................................ 94.2.2 Objective: Implement a GIG management approach that is centrally directed withdecentralized policy-based execution for synchronized operations and defense of all GIGdomains...................................................................................................................................94.2.3

Objective: Develop and adopt consistent and coordinated tactics, techniques, andprocedures for NetOps ......................................................................................................... 104.3 Goal 3: Institutionalize NetOps...................................................................................................104.3.1 Objective: Define, develop, and deploy time-phased NetOps capability increments......104.3.2 Objective: Develop and implement a standardized GIG Configuration Managementprocess .................................................................................................................................. 114.3.3 Objective: Implement and oversee a NetOps governance structure that supports otherNet-Centric strategies........................................................................................................... 115Next Steps ......................................................................................................................................... 116Conclusion........................................................................................................................................11Page 4List of Figures Figure 1. NetOps Enabled Net-Centric Operations ............................................................................... 3Page 5v List of Tables Table 1. Goals for Net-Centric NetOps..................................................................................................... 7Page 6DoD NetOps Strategic Vision1 1Purpose The purpose of the NetOps Strategic Vision is to communicate the DoD CIO’s vision and goalsfor migrating to new NetOps capabilities which will enable the Department’s Net-Centricvision. It builds on the DoD Information Management/Information Technology (IM/IT)Strategic Plan, the GIG Architectural Vision, and supporting Net-Centric strategies. Thisdocument is intended to do the following: guide the Department’s NetOps activities,initiatives, and investments; foster unity of effort throughout DoD and its mission partners;serve as a framework for governing the evolution of NetOps capabilities; and provide thefoundation for planning the coherent implementation of NetOps across the DoD. The NetOps Strategic Vision is written for Department leadership including the Office of theSecretary of Defense, the Military Departments, the Chairman of the Joint Chiefs of Staff, theCombatant Commands, and Agencies. It provides insight for the Department’s missionpartners and other organizations engaged in the operation and defense of the GIG. Commanders, warfighters, system and service developers, and acquisition personnel mustunderstand the vision for NetOps. Areas of responsibility for this new construct have beendefined in Departmental policy and guidance such as the Defense Information EnterpriseArchitecture version 1.0 and will be formalized in the DoD Instruction, NetOps for the GIG. 2Introduction 2.1 NetOps Overview As the globally interconnected set of DoD information capabilities, the GIG is truly a set ofJoint capabilities that are used throughout DoD. The information and functional capabilities itprovides impact every aspect of DoD operations. The GIG includes all owned and leased communications and computing systems andservices, software (including applications), data, security services, and other associatedservices necessary to achieve Information Superiority. It also includes National SecuritySystems as defined in section 5142 of the Clinger-Cohen Act of 1996. The GIG supportsall Department of Defense, National Security, and related Intelligence Communitymissions and functions (strategic, operational, tactical, and business), in war and in peace. The GIG provides capabilities from all operating locations (bases, posts, camps, stations,facilities, mobile platforms, and deployed sites). The GIG provides interfaces to coalition,allied, and non-DoD users and systems.1NetOps is defined as the DoD-wide operational, organizational, and technical capabilities foroperating and defending the GIG. NetOps includes, but is not limited to, enterprisemanagement, net assurance2, and content management. NetOps provides commanders withGIG situational awareness to make informed command and control decisions. GIG situationalawareness is gained through the operational and technical integration of enterprise 1 DoD Directive 8100.1, September 19, 20022 This term formerly referred to as “Net Defense”Page 7

DoD NetOps Strategic Vision2management and defense actions and activities across all levels of command (strategic,operational, and tactical).3• Enterprise Management is the set of functional capabilities and operational processesnecessary to monitor, manage, and control the availability, allocation, and performancewithin and across the GIG. It includes Enterprise Services Management, ApplicationsManagement, Computing Infrastructure Management, Network Management, SatelliteCommunications Management, and Electromagnetic Spectrum Management. • Net Assurance is the set of functional capabilities and operational processes necessaryto protect and defend the GIG. This includes the operational responsibilities forinformation assurance, computer network defense (to include Computer NetworkDefense Response Actions), and critical infrastructure protection in defense of the GIG. • Content Management is the set of functional capabilities and operational processesnecessary to manage, and facilitate the visibility and accessibility of information withinand across the GIG.NetOps influences all core segments of the GIG and associated capabilities in the Net-Centriccapability portfolio4 which encompasses Net Management as well as those associated withInformation Transport, Enterprise Services and Information Assurance. By linking theseoperational, technical and programmatic perspectives to achieve integrated capabilities,NetOps assures the availability, protection and integrity of DoD networks, systems, services,and information. In support of NetOps, the United States Strategic Command (USSTRATCOM) is responsiblefor planning, integrating, and coordinating DoD’s global network operations by directing GIGoperations and defense and by advocating the respective desired characteristics andcapabilities. USSTRATCOM executes this mission through the Joint Task Force–GlobalNetwork Operations (JTF-GNO) with the full and active participation by the entire jointcommunity. Every DoD Component and partner organization that develops, deploys, operates,or uses any portion of the GIG plays a role in the accomplishment of this mission from theCombatant Commands and Services through acquisition executives and materiel developerswho must ensure capabilities destined for use as part of the GIG are supportive of NetOps andUSSTRATCOM’s role. 2.2 The Role of NetOps in Net-Centric Operations The role of NetOps in Net-Centric Operations is to enable the GIG to provide users at all levelsand in all operational environments access to and use of the information they need. Asdepicted in Figure 1, NetOps is a critical operational enabler, and forms the core of GIGoperations in a Net-Centric framework. NetOps enables the operations and defense within andacross GIG information transport, enterprise services, and information assurance capabilities. 3 DoD Instruction, NetOps for the GIG, Draft Final, July 2008 4 Net-Centric Joint Capability Area (JCA) Tier 2Page 8DoD NetOps Strategic Vision3It does so in a way that creates a trusted environment capable of protecting and maintaining theintegrity, quality, and availability of information. This trusted environment enables users topost, access, and share relevant information and to collaborate on the development and/or useof such information. This environment also enables forces to conduct Net-Centric Operationsand superior decision making through shared understanding, and agile force synchronization.Figure 1. NetOps Enabled Net-Centric Operations 2.3 NetOps Today NetOps has yet to transcend the organizationaland functional stovepipes of individual GIGnetworks in terms of interoperability andinformation access. While each of thesestovepipes has its own management capability,DoD does not yet share information to manageacross domains. The result is relatively staticconfigurations that limit NetOps and GIGagility in the face of rapidly changing and Providing a robust, DoD-wideNetOps capability wouldsignificantly enhance the ability ofthe operators/defenders of the GIGto fully support warfighting andnon-warfighting missions in anincreasingly joint and multi-partnerenvironment.Page 9DoD NetOps Strategic Vision4unanticipated mission needs. The Joint NetOps Concept of Operations5 has enabled the DoDto begin significantly improving how the GIG is operated and defended. Also the Net-CentricFunctional Capability Board within the Joint Capabilities Integration and

DevelopmentSystem (JCIDS) process and the related Net-Centric Capability Portfolio Manager (NC CPM)initiative6 have begun to address many of the key deficiencies that have been reported fromoperation Iraqi Freedom and day-to-day operations. Continued organizational, technologicaland process changes will enable a significantly more unified, timely and responsive GIGNetOps that can fully enable net-centric operations by providing:• Timely and complete GIG Situational Awareness information to Commanders• GIG Command and Control capabilities that enable rapid decision making• Clear, well integrated and enforceable NetOps operational policies • More effective, coordinated operational use of the electromagnetic spectrum• Standardized metrics that enable the measurement of the health and mission readinessacross the GIG • Automated, federated NetOps capabilities that enable the rapid adaption of GIGcapabilities to rapidly changing mission needs and unanticipated threats.• Increased coordination, alignment and synchronization of NetOps acquisition andfielding activities currently under wayAddressing these capabilities will significantly improve the ability of the operators anddefenders of the GIG to fully support ongoing warfighting and peacekeeping missions in anincreasingly joint and multi-partner environment. However, there is a need for overarchingoperationally based guidance to ensure unity of effort in transforming NetOps to this end. 3NetOps in the Future 3.1 The NetOps Challenge To provide the capabilities outlined in theprevious section, NetOps will transform alongwith the GIG, to dynamically support newwarfighting, intelligence, and business processesand enable users to access and share trustedinformation in a timely manner. The future GIGwill result in a richer Net-Centric informationenvironment comprised of shared services andcapabilities based on advanced technologies. Itwill be heavily reliant on end-to-end virtualnetworks to interconnect anyone, anywhere, at 5 Joint Concept of Operations for GIG NetOps, Version3, 4 August 20066 Network Management & Spectrum Management Functional Solutions Analysis (NM & SP FSA); Final Draft, 16 May 2008 The overarching NetOpschallenge is to be able to operateand defend the GIG as a single,unified, agile and adaptiveenterprise capable of providingresponsive and resilient support tomultiple simultaneous missionareas under uncertain andchanging conditions.Page 10DoD NetOps Strategic Vision5any time with any type of information through voice, video, images, or text. It will also befaced with even greater security threats that NetOps must help address. In a Net-Centric environment, the core GIG capabilities (e.g. Information transport, EnterpriseServices, and Information Assurance) and the applications they support will becomeincreasingly dynamic with new capabilities being deployed, configured, re-configured, andremoved as needed to meet the needs of an agile force and dynamic mission requirements. This new and dynamic environment will require that NetOps be executed in an equallydynamic way. As the current Base Realignment and Closure progresses, Commanders and staff elements willfind themselves increasingly operating in an environment that they do not directly control. Forexample, an Air Force or Army unit may be Joint-based on each other’s installation, which willrequire them to use the host organization’s networked infrastructure and conform to the host’spolicies. Another example would be if a user at a Navy or Marine Corps installation had toaccess Army services, information, or data to do operational planning. While there are somenotable exceptions, this is in sharp contrast to today’s environment, in which most services andcapabilities are Service stovepipes owned and controlled by individual units or organizations. In a shared environment, warfighters will have to trust that services and capabilities will beavailable when and where they are needed. NetOps requires dynamic, flexible, integrated management capabilities that enable rapidsynchronization of decisions at appropriate levels across different areas of responsibility ordomains within the GIG. This will facilitate the decision-making necessary to quickly identifyproblems, shift resources, change configurations and coordinate management of the GIGinfrastructure and capabilities. Finally, the future NetOps must provide Commanders with the ability to effectively control,manage, defend, and operate in and through the cyberspace domain. The National MilitaryStrategy for Cyberspace Operations lays the initial

groundwork for this effort and NetOps mustcontinue to evolve and support this integral component of future warfighting. 3.2 The Vision for Net-Centric NetOps To meet the NetOps challenge, a fundamentallyimproved approach for performing NetOps isnecessary – one that involves major improvementsin the ability to achieve GIG shared situationalawareness and significant changes in theoverarching approach to C2 of the GIG as well asthe enabling capabilities; the way these capabilitiesare provided across DoD, and most importantly theway they are viewed and employed by the GIG’susers. The vision is to transform existing and newNetOps capabilities into a force multiplier thatenables the warfighters, business, and intelligenceusers and decision makers to fully employ the The NetOps Vision is totransform existing and newNetOps capabilities into a forcemultiplier that enables warfighter,business, intelligence, andenterprise informationenvironment users and decisionmakers to fully employ the powerof the GIG.Page 11DoD NetOps Strategic Vision6power of the GIG. This vision will be attained by establishing NetOps capabilities that are:▪ Mission Oriented: All information dependent processes necessary for a mission can beeffectively supported;▪ User Focused: Users can access and obtain needed information from anywhere in theGIG in a timely manner; even when their needs are unanticipated; ▪ Globally Agile: Rapidly changing and unanticipated mission priorities andrequirements can be met by dynamically maneuvering GIG resources; and▪ Institutionally Transformed: NetOps capabilities evolve smoothly in concert with GIGcapabilities and emerging Net-Centric operational concepts. This vision will require developing and implementing agile and responsive planning,engineering and provisioning capabilities. In this vision, GIG situational awarenessinformation will be shared with GIG authorized users so they can collaborate on meetingmission needs or assessing the impact of GIG changes on mission accomplishment. NetOpspersonnel will use shared situational awareness to proactively manage the GIG to meetcommander’s intent and to rapidly respond to unexpected changes in threats and missionneeds. Shared situational awareness will facilitate central oversight of critical GIG assets andrapid integrated management and execution of decisions. This will be accomplished throughdecentralized policy-based management with a high degree of automated support and byemploying consistent tactics, techniques, and procedures that enable the conduct of coherentoperations in a federated GIG environment.In the future, NetOps will be able to routinely, rapidly, and accurately reallocate or reconfigureGIG resources, including elements such as information assurance devices, computingprocessing and storage capacities, and network throughputs to meet changing mission needsand threats. All NetOps tasks necessary to enable data access, information flow, and usercollaboration across management boundaries or domains will be synchronized and executed atan appropriate level of detail. Commanders will be able to understand the state of the GIG as itrelates to their missions and the associated tradeoffs in performance, security, and agility thatcould impact the mission. Warfighters and other users will be confident that the GIG can betailored to meet their needs and can be leveraged to enhance the agility and effectiveness oftheir forces.NetOps capabilities will be developed, implemented, and matured as time-phased capabilityincrements. These defined capability increments will be consistent with and supportive of theDoD’s evolving Net-Centric operational concepts. Transforming and maturing NetOps willinvolve work in many non-technical areas that span Doctrine, Organization, Training, Material,Leadership and Education, Personnel and Facilities (DOTMLPF). A critical aspect of NetOpstransformation will be the creation of policy, governance structures, implementation plans, andmetrics that will be necessary to guide NetOps evolution.Page 12DoD NetOps Strategic Vision7 4The Net-Centric NetOps Strategic Vision Goals andObjectives The following sections describe a set of goals and objectives that are intended to serve asactionable guidance for achieving the NetOps Vision. The goals described in Table 1 arefocused on achieving operational outcomes, not on developing and deploying specific technicalimplementations. This recognizes that the major hurdles associated with transforming NetOpsare organizational, procedural,

or cultural in nature. While there are also technical challenges,the Department must first and foremost fundamentally re-think how it conducts NetOps inorder for the GIG to be truly responsive to mission needs and to effectively support operationsin cyberspace. Each goal identifies high-priority objectives for meeting that goal.Table 1. Goals for Net-Centric NetOpsGoalsDescriptionShare GIG SituationalAwarenessProvide GIG users, operators, and commanders at all levelswith accurate and timely information that enables a sharedunderstanding of the health and mission readiness of the GIG.Unify GIG Command andControl Adopt a unified C2 approach for agile proactive managementof the GIG.Institutionalize NetOpsInstitutionalize NetOps across DOTMLPF to ensure DoDrequirements, acquisition, budgeting, and managementprocesses can be influenced to achieve the NetOps vision. 4.1 Goal 1: Share GIG Situational Awareness Provide GIG users, operators, and commanders at all levels with accurate and timelyinformation that enables a shared understanding of the health and mission readiness of theGIG.4.1.1 Objective: Make NetOps data visible, accessible, and understandable to allauthorized usersEffective and efficient management of the GIG requires accurate, timely, and relevantsituational awareness. Authorized users must be able to quickly find, access, retrieve, andanalyze information related to the operational health, performance, security, and missionreadiness of the GIG. Achieving this objective will require the adoption of Department-wide,industry based standards for posting and sharing NetOps information. This will ensure thatauthorized users, to include mission partners, will have access to the NetOps information theyneed to support operational missions. NetOps must move from a point-to-point informationsharing model to one that exposes NetOps data and information to any authorized user (personor machine) using agreed-upon data models and mechanisms.Page 13DoD NetOps Strategic Vision8Owners and managers of NetOps capabilities must comply with the DoD Net-Centric DataStrategy by making all NetOps data visible, accessible, and understandable to all authorizedusers. This is necessary to support critical processes among NetOps centers; such as processesfor fault identification, isolation, and correction, as well as those for information assurance andcomputer network defense activities. Adopting industry based standards will also improve theDepartment’s ability to share NetOps information with mission partners and commercialentities that support and provide information technology services and capabilities to the DoD. NetOps personnel and the users they support must be able to access NetOps datacommensurate with its operational and security sensitivity and their assigned and authorizedpermissions. This means that it will be necessary to develop rules to govern access to NetOpsdata. NetOps data must also be made available in ways that support users equipped withdifferent access mechanisms, (e.g. desktop or laptop versus personal digital assistants, etc.). Finally it is no longer possible to predict in advance all who might need access to NetOpsinformation; therefore NetOps information sharing approaches must be able to accommodatethe unanticipated or ad hoc user. For instance, a Combatant Command J4, who traditionallymight not be considered a user of NetOps information, may want to know the reliability of aservice that was not specifically developed for his mission. He might want to understandwhether a Defense Logistics Agency service that provides order confirmation and availabilitystatus to wholesale logistics centers is reliable (i.e., operational all the time, endorsed by thepeople who rely on it, etc.). 4.1.2 Objective: Provide GIG Situational Awareness information in a mission contextCommanders at all levels must be provided with the understanding of how events happeningacross the GIG impact their operations. NetOps personnel must make information related tothe health and mission readiness of the GIG available to Commanders in a form that can beeasily adapted to their mission context. Rather than simply informing a Commander that anetwork router is “down” or that a critical battlefield application service that operates over asatellite link is experiencing excessive delay, NetOps must have the ability to report an event interms of what it means to mission success. 4.1.3 Objective: Establish metrics for measuring the health and mission readiness ofthe GIGDoD must develop NetOps metrics and measures from two perspectives. The first reflects theneed for common metrics to characterize the health of the

GIG in terms of operational status,performance, and vulnerability. The second is from a mission readiness perspective, whichcaptures and details how well the GIG is performing in relationship to the operationalrequirements of the supported missions. Developing and implementing common NetOpsmetrics will not only significantly improve reporting, especially across organizationalboundaries, but will also make information regarding the health of the GIG much moreunderstandable and useful to Commanders and decision-makers at all levels. 4.2 Goal 2: Unify GIG Command and Control Adopt a unified C2 approach for agile and proactive management of the GIG.Page 14DoD NetOps Strategic Vision94.2.1 Objective: Provide capabilities to support proactive and adaptive decision makingfor the operations and defense of the GIGToday, NetOps personnel and organizations do not have the technical capabilities necessary tosee and react to events in real time. For instance, the performance of a network connection orapplication may be slowly degrading due to a significant increase in the number of users, butthis may not be seen until an actual application failure or network isolation occurs. Development and planning of responses is also delayed by existing manual coordination andcollaboration techniques used among stove-piped organizations and systems. DoD lacks thedynamic technical and operational capabilities that are needed to enable NetOps personnel toreact to rapidly changing and uncertain situations using real-time data. Moving toward proactive and adaptive GIG management will require improved informationsharing and collaboration. It will require automated capabilities that can help operators toquickly identify and assess the potential impact of mission requirements or GIG events, assessalternatives, and present decision makers with viable courses of action for prevention,mitigation or recovery actions. Existing manual NetOps processes and procedures will have toevolve and be supported and, where it makes sense, should be replaced with automatedmanagement, control, and decision support and planning capabilities. In addition it isimportant for NetOps personnel to engage with operational planners on how modeling andsimulation techniques could be used to assess the impact of alternative scenarios and forceemployment plans on GIG requirements. Using modeling and simulation to anticipate andquickly and accurately explore different responses to a broad range of events will serve toimprove GIG effectiveness and responsiveness.4.2.2 Objective: Implement a GIG management approach that is centrally directedwith decentralized policy-based execution for synchronized operations and defenseof all GIG domainsDynamically coordinating management actions across all GIG domains is a major challengedue to the growing complexity of the GIG and the interdependence of assets under the controlof different Commanders. Managing this environment requires a decentralized, policy-basedapproach for executing in a manner that ensures operators at all levels will be empowered toshare information, collaborate, and take initiative consistent with the Commander’s intent as itis reflected in policy guidance and in automated, policy-based management mechanisms. Distributed control capabilities will be needed to complement increased situational awarenessand enable Commanders and operators to implement needed changes to GIG configurations ina timely manner. Commanders must have the ability to decide: (1) which decisions are to bedelegated, and (2) the content of the policy under which delegated decisions will be carried out. In some cases, the policies will be embedded in the systems being controlled. Somecommercial technologies are available to enable distributed, automated, policy-based decision-making, but it will also be necessary to look for and exploit new and emerging technologies.It is equally important that NetOps have the ability to educate and inform Commanders aboutthe resources that they cannot change. For instance, there are certain aspects of networkrouting that a Commander could change; however doing so might isolate their network orPage 15DoD NetOps Strategic Vision10unknowingly isolate some other organization’s network from critical resources andcapabilities. Automated, net-enabled, centralized direction of shared assets and decentralizedexecution of commands will require major technical, organizational, and cultural changes.

However, the result will be more agile, resilient, and responsive GIG support to all missions. 4.2.3 Objective: Develop and adopt consistent and coordinated tactics, techniques, andprocedures for NetOpsThe GIG is a federation of heterogeneous domains that crosses multiple areas of responsibilityand chains of command. Successful command and control of the GIG requires that unity-of-command and unity-of-effort be maintained through improved information sharing,collaboration, and conformance to the Commander’s intent. However, ensuring coordinationand synchronization of NetOps actions also requires a level of interoperability across differentdomains. This demands consistent tactics, techniques, and procedures (TTPs) that enableoperators to work together. Tabletop and live exercises, modeling and simulation, andoperational analyses should be used to rationalize existing TTPs and to develop new oneswhere necessary to support a unified and Net-Centric approach to NetOps. Rationalization ofTTPs is particularly important for the support of Joint operations. Beyond establishing basic NetOps policy through the development and promulgation ofdirectives, instructions, and manuals, the Department must also develop the doctrine and TTPsnecessary to “fight” more effectively by using the GIG as a fully integrated component of Jointwarfighting. To meet this end, as the Department implements the National Military Strategyfor Cyberspace Operations, synchronization and integration of NetOps becomes even morecritical to successful joint operations in the cyberspace domain. 4.3 Goal 3: Institutionalize NetOps Institutionalize NetOps across DOTMLPF to ensure DoD requirements, acquisition,budgeting, and management processes can be influenced to achieve the NetOps vision. 4.3.1 Objective: Define, develop, and deploy time-phased NetOps capability increments Achieving the envisioned NetOps target state requires the development of a NetOps transitionthat is consistent with and supportive of the Defense Information Enterprise Transition Plan(DIETP) and the Capability Delivery Increments (CDI)7 associated with the Net-Centricportfolio. In the past, NetOps capabilities have many times been added to a system as anafterthought (often as a standalone capability) or left out entirely in favor of added“functionality.” This approach has resulted in a basic lack of management and controlcapabilities, which significantly limits the ability of existing NetOps organizations to fullysupport the warfighter. Therefore, it is imperative that as Net-Centric capabilities are defined,developed and deployed, their associated NetOps capabilities are concurrently defined,developed, and deployed. Addressing associated NetOps capabilities is, therefore, a mandatorycomponent for each new Net-Centric capability increment. 7 Joint Net-Centric Operations, Capability Delivery Increments; Version 2.0, 19 March 2008Page 16DoD NetOps Strategic Vision114.3.2 Objective: Develop and implement a standardized GIG ConfigurationManagement processOne of the problems that DoD continues to wrestle with is the lack of a common approach andset of processes for capturing and maintaining configuration management of GIG resourceswhich impacts both GIG security and operational performance. For the Department to realizethe full value of the GIG, will require a concerted effort across DoD to develop, implement,and most importantly enforce a comprehensive program of GIG Configuration Management.4.3.3 Objective: Implement and oversee a NetOps governance structure that supportsother Net-Centric strategies. A governance structure has been introduced in Department of Defense Instruction, NetOps forthe GIG. It establishes policy and assigns responsibilities for implementing and executingNetOps. A critical aspect of the proposed NetOps governance structure is the creation ofimplementation plans that respond to this NetOps Strategic Vision by defining the path andsteps necessary for NetOps transformation. These plans will ensure that the defined NetOpsvision is incorporated into the various stages of NetOps evolution, each of which will bedefined, discussed, and agreed upon by the stakeholders, under the oversight of an appropriategoverning body. 5Next Steps Implementing this Strategic Vision will require that NetOps Implementation Plans bedeveloped and executed at all levels across the Department to address planning, defining,funding, acquiring, and operating NetOps capabilities. These plans will be shaped by theNetOps requirements for each Net-Centric capability increment, and developed and executedto meet the timing of the Net-Centric capability increment’s

deployment. Approaching theimplementation of NetOps incrementally will enable developers and policy makers at all levelsto focus their efforts. Policies, architectures, implementation strategies, and deploymentschedules can be established to meet specific capabilities that have been identified for eachincrement. This more focused approach will result in better and timely results.Future NetOps Implementation Plans must address three key areas: governance throughdirection and guidance; implementation plans for applying the DoD Net-Centric Data andServices Strategies to NetOps; and NetOps metrics for monitoring, affirmation, andremediation. 6Conclusion The Department of Defense must embark upon a coordinated effort to conceive, design,implement, and operate the full range of NetOps capabilities that will be needed to operate anddefend the GIG for today and tomorrow. To achieve a GIG that is operated and defended in away that supports the warfighting, business and intelligence users in any operationalenvironment or mission scenario will require active participation from across a broad cross-section of the DoD. The Department must place increased emphasis on developing andimplementing policy and governance to enforce the adoption and implementation of thePage 17DoD NetOps Strategic Vision12capabilities required to achieve the NetOps Strategic Vision. It is intended that this NetOpsStrategic Vision will continue to be refined as the GIG continues to evolve toward a seamless,collaborative, and Net-Centric environment.==========This is the html version of the file http://thedocs.hostzi.com/EATransitionStrategy.pdf.Google automatically generates html versions of documents as we crawl the web.Page 1Department of DefenseEnterprise Architecture Transition Strategy Version 2.029 February 2008Prepared by the DoD CIO Enterprise Architecture Congruence Community of PracticePage 2i Record of Changes from DoD EA Transition Strategy 28 Feb2007 Change No.Date of ChangeDate EnteredName of PersonEntering Change1. Changed versionnumbers and dates ofrelevant DoD documents31 December 200731 December 2007Marilee Cunningham,IDA2. Added User’s GuideSection 18 January 200818 January 2008Marilee Cunningham,IDA3. Updated Introduction andNCE Sections with changesfrom the 2007 version31 December 200731 December 2007Marilee Cunningham,IDA4. Added relevant topics toCurrent Status Section,including expandeddiscussion of Net-Centricand other DoD Strategies31 December 200731 December 2007Marilee Cunningham,IDA5. Updated TargetCapability View section withGIG Architectural Visioncontent31 December 200731 December 2007Marilee Cunningham,IDA6. Updated TransitionStrategy Analysis section,using analysis of 65 DoD IT300 Exhibit investments asthe sample set31 December 200731 December 2007Marilee Cunningham,IDA7. Deleted RemediationSection and moved contentto Current Status section,and added SummarySection. 31 December 200731 December 2007Marilee Cunningham,IDAPage 3ii Table of Contents RECORD OF CHANGES FROM DOD EA TRANSITION STRATEGY 28 FEB 2007........................................ IUSERS’ GUIDE...................................................................................................................................................................1SECTION 1. INTRODUCTION.......................................................................................................................................2PURPOSE OF THE DEPARTMENT OF DEFENSE (DOD) ENTERPRISE ARCHITECTURE (EA) TRANSITION STRATEGY .....2INTENDED AUDIENCE........................................................................................................................................................2APPROACH TO DEVELOPMENT OF THE DOD EA TRANSITION STRATEGY.....................................................................2SECTION 2. DOD NET-CENTRIC ENVIRONMENT (NCE)...................................................................................5DESCRIPTION OF THE

NCE ...............................................................................................................................................5SECTION 3. CURRENT STATE.....................................................................................................................................9INTRODUCTION................................................................................................................................................................10THE GLOBAL INFORMATION GRID ARCHITECTURE ......................................................................................................10THE GIG AS A VISION, ENTITY, AND ARCHITECTURE..................................................................................................11DOD STRATEGIES ...........................................................................................................................................................14DoD Strategic Plan ........................................................................................................................................14DoD EA Federation Strategy.........................................................................................................................15DoD Portfolio Management...........................................................................................................................17Joint Capabilities Areas .................................................................................................................................18Joint Network Operations ..............................................................................................................................19GIG Governance Structure Current and Planned........................................................................................19DoD CIO Policies...........................................................................................................................................21The GIG Architecture Drives Departmental Processes...............................................................................22DOD NET-CENTRIC STRATEGIES ...................................................................................................................................23DoD Net-Centric Data Strategy ....................................................................................................................24DoD Net-Centric Services Strategy...............................................................................................................26DoD Information Sharing Strategy ...............................................................................................................27DoD Net-Centric Information Assurance (IA) Strategy...............................................................................28DoD Net-Centric NetOps Strategy ................................................................................................................28DoD Net-Centric Spectrum Management Strategy ......................................................................................28DoD Computing Infrastructure Strategy.......................................................................................................29DOD INTERNET PROTOCOL VERSION 6 (IPV6) TRANSITION PLAN..............................................................................29NET-CENTRIC ENTERPRISE SOLUTIONS FOR INTEROPERABILITY (NESI) ....................................................................30ALIGNMENT WITH THE FEDERAL ENTERPRISE ARCHITECTURE....................................................................................31INFORMATION SHARING ENVIRONMENT AND HOMELAND SECURITY PRESIDENTIAL DIRECTIVE -12 .......................32SEGMENT ARCHITECTURE ..............................................................................................................................................32Business Mission Area....................................................................................................................................32Business Transformation Transition Plan ....................................................................................................33Defense Information Enterprise Architecture...............................................................................................33Warfighting Mission Area ..............................................................................................................................33Intelligence Mission

Area...............................................................................................................................34CROSS-AGENCY INITIATIVE SUMMARY.........................................................................................................................34Cross-Agency Initiative Tables ......................................................................................................................35OMB ASSESSMENT FRAMEWORK AND DOD EA ANNUAL PLAN ................................................................................39DOD EA TRANSITION STRATEGY PROCESS AND ANNUAL UPDATE............................................................................40SUMMARY .......................................................................................................................................................................41SECTION 4. TARGET CAPABILITY VIEW.............................................................................................................42INTRODUCTION................................................................................................................................................................42Page 4iii OVERVIEW OF THE TARGET GIG....................................................................................................................................45THE OPERATIONAL BENEFITS OF ACHIEVING THE TARGET GIG .................................................................................45SECTION 5. DOD EA TRANSITION STRATEGY CONCEPT AND COMPONENTS ....................................57INTRODUCTION................................................................................................................................................................57DOD EA TRANSITION STRATEGY COMPONENTS..........................................................................................................58SECTION 6. DOD EA TRANSITION STRATEGY ANALYSIS.............................................................................61INTRODUCTION................................................................................................................................................................61COMPILED ANSWERS TO DOD EA TRANSITION STRATEGY QUESTIONS.....................................................................62PERFORMANCE INFORMATION ANALYSIS THAT SUPPORTS DOD EA TRANSITION PLANNING ..................................68ANALYSIS OF STRATEGIC GOALS LINKED TO INVESTMENTS........................................................................................69SUMMARY .......................................................................................................................................................................69SECTION 7: DOD EA TRANSITION STRATEGY SUMMARY ..........................................................................71REFERENCES ..................................................................................................................................................................73APPENDIX A: DOD EA ANNUAL PLAN...............................................................................................................A-1APPENDIX B: DOD IT300 EXHIBITS’ MINI-TRANSITION STRATEGIES .................................................B-1APPENDIX C. DOD IT300 EXHIBITS INVESTMENTS’ NET-CENTRIC CAPABILITIES PER NET-CENTRIC MATURITY MODEL:.............................................................................................................................. C-1APPENDIX D: DOD IT300 EXHIBIT INVESTMENTS’ PERFORMANCE INFO ANALYSIS .................. D-1APPENDIX E: CHART OF DOD IT300 EXHIBITS INVESTMENTS’ MISSION AREA, DOMAIN, LOBTO DOD STRATEGIC GOALS...................................................................................................................................E-1APPENDIX F: ARMY EA 2008 MINI-TRANSITION STRATEGY ...................................................................F-1APPENDIX G: NAVY EA TRANSITION PLANNING ........................................................................................G-1APPENDIX H: BUSINESS MISSION AREA SEGMENT ARCHITECTURE OVERVIEW .........................H-1APPENDIX I: DEFENSE INFORMATION ENTERPRISE SEGMENT ARCHITECTURE OVERVIEW..I-1APPENDIX J: WARFIGHTING MISSION AREA SEGMENT ARCHITECTURE

OVERVIEW ................ J-1Page 5iv Table of Figures FIGURE 1 – DOD EA RELATIONSHIP TO OMB FEA..........................................................................................................13FIGURE 2 – FEDERATION ACROSS DOD COMPONENTS......................................................................................................16FIGURE 3. DOD INFORMATION ENTERPRISE .....................................................................................................................17FIGURE 4 – THE GIG LIFECYCLE........................................................................................................................................22FIGURE 5. DOD BUSINESS PROCESS WORKFLOW.............................................................................................................27TABLE 1. PMA E-GOV INITIATIVE/LINE OF BUSINESS (LOB) ..........................................................................................35TABLE 2. OTHER CROSS-AGENCY INITIATIVE LINE OF BUSINESS (LOB) ........................................................................39FIGURE 6 – THE GIG ARCHITECTURE (THE DOD ENTERPRISE ARCHITECTURE) ............................................................44FIGURE 7 – TRANSITION FROM GIG ARCHITECTURE BASELINE TO GIG ARCHITECTURAL VISION ...............................44FIGURE 8 – THE GIG AND NET-CENTRIC OPERATIONS.....................................................................................................47FIGURE 9 – INFORMATION SHARING WITHIN THE TARGET GIG.......................................................................................48FIGURE 10 – SYSTEM VISION OF THE TARGET GIG ...........................................................................................................49FIGURE 11 – GIG INTERNETWORKING CONVERGENCE LAYER.........................................................................................50FIGURE 12 – GIG COMMUNICATIONS INFRASTRUCTURE ..................................................................................................51FIGURE 13 – CONCEPTUAL VIEW OF AN E2E GIG WITH A BLACK CORE.........................................................................54FIGURE 14 – GIG FEDERATED ARCHITECTURE APPROACH (NOTIONAL).........................................................................55FIGURE 15 – GIG ARCHITECTURE V1.0, TRANSITION ARCHITECTURES (GIG V2.0, NET CENTRICITY, AND SOA) AND THE “TARGET” ARCHITECTURE (AS DESCRIBED BY THE GIG ARCHITECTURAL VISION) ......................................57 FIGURE 16 – DOD EA TRANSITION STRATEGY IN THE IT LIFECYCLE FRAMEWORK .....................................................58FIGURE 17 - CONCEPTUAL ENTERPRISE SEQUENCING PLAN.............................................................................................59FIGURE 18 – NET-CENTRIC PROGRESS BY FY AND QUARTER FOR DOD IT 300 EXHIBIT INVESTMENTS ......................66FIGURE 19 – RESPONDENTS NET-CENTRIC STATUS ..........................................................................................................67FIGURE 20. EXAMPLE USING ARMY WARFIGHTER AND ENTERPRISE INFORMATION ENVIRONMENT (EIE) MISSIONAREA INVESTMENTS. ...............................................................................................................................................E-1FIGURE 21. EXAMPLE USING ARMY BUSINESS MISSION AREA INVESTMENTS...............................................................E-2Page 61 Users’ Guide The DoD Enterprise Architecture (EA) Transition Strategy 2008 follows the outline in theFederal Practice Guidance, November 2007, for developing a Transition Strategy andmeeting the criteria for the OMB EA Assessment. To help the reader to understand thedocument, a description of

the sections and their content follows: ▪ Section 1. Introduction. This section describes the purpose, intendedaudience, and approach to developing the DoD EA Transition Strategy. ▪ Section 2. The DoD Net-Centric Enterprise. This section addresses theMission and Change Drivers of DoD and by outlining the Quadrennial DefenseReview (QDR) goals for transformation and the inherent need for a transitionstrategy to track progress toward the future Net-Centric Environment (NCE). ▪ Section 3: Current State. This section describes the progress the Departmenthas made architecting the complex Global Information Grid (GIG) and ongoingefforts. It includes the current status and summary content of the GIGArchitecture; DoD strategies and policies; GIG Governance; Mission AreaSegment Architectures; Internet Protocol v6; a cross-agency initiative summary;portfolio and capability management; and transition planning processes ▪ Section 4: Target Capability View. This section describes the GIGArchitectural Vision, the vision for the DoD “target” architecture for the Net-Centric Environment (NCE). This is updated from the GIG Capstone descriptionin the DoD EA Transition Strategy 2007. ▪ Section 5: DoD EA Transition Strategy Analysis Concept and Components.This section .includes the what, why, and how as well as the elements of theDoD EA Transition Strategy. ▪ Section 6: DoD EA Transition Strategy Analysis. This section includes ananalysis of Mini-Transition Strategies, Net-Centric Maturity Models, andperformance information. The 65 DoD Component IT300 initiatives were used asa sample set to represent DoD transition planning. ▪ Section 7: DoD EA Transition Strategy Summary. This section restates theoutline of the document, ties together the sections, and presents the overallpicture that the DoD EA Transition Strategy is intended to convey.Page 72 Section 1. Introduction This section describes the purpose, intended audience, and approach to developing theDoD EA Transition Strategy.Section 1 Contents: ▪ Purpose of the Department of Defense (DoD) Enterprise Architecture (EA)Transition Strategy ▪ Intended Audience ▪ Approach to Development of the DoD EA Transition StrategyPurpose of the Department of Defense (DoD) Enterprise Architecture (EA)Transition StrategyThe DoD EA Transition Strategy serves as the foundation to modernize and transformactivities by describing DoD’s plan to migrate from its 'baseline' architecture asdescribed in the federated GIG architecture to its 'target' architecture as outlined in theGIG Architectural Vision, by defining projects, programs, timelines and milestones in thecontext of transition and sequencing plans. Development of a DoD EA TransitionStrategy is mandated by the Office of Management and Budget (OMB) guidance whichtakes its authority from OMB Circular A-11, IT.300 Exhibits, OMB Circular A-130;Government Performance and Results Act (GPRA); the Clinger-Cohen Act, and the E-Government Act and good management practice.Intended AudienceThe primary audience for the DoD EA Transition Strategy includes DoD executives andmanagers at all levels to include portfolio managers, strategic planners, resourcesplanners, strategic enterprise architects, internal organizations with cross-DoDcapability relationships, external organizations with cross-agency relationships with DoDprograms and projects, including OMB and the Government Accounting Office (GAO).Approach to Development of the DoD EA Transition Strategy Transformation is not only a goal for the Department of Defense to become moreeffective and efficient but it also connotes the continuous process improvement thatdoes not end with a set of specific accomplishments. The approach to development of the DoD EA Transition Strategy is to: ▪ educate and maintain currency of DoD community with regard to all aspects(policies, strategies, definition, etc) of EA; ▪ document required as-is, to-be, and associated transition strategies; ▪ require and monitor performance metrics;Page 83▪ utilize periodic analyses of the aforementioned to realize continuous processimprovement and update of EA.The DoD EA Transition Strategy is an annual report that describes and updates all DoDefforts toward this continuous improvement process. The basic content reflects theOMB criteria for a transition strategy as outlined in the Federal Enterprise ArchitecturePractice Guidance, November 2007, and the DoD version, A Practical Guide forBringing Enterprise Architecture Value to the Mission, May 2007. In addition, OMB,through the OMB EA Assessment Framework, requires a

transition strategy as a part ofthe DoD EA. Because of the large and complex Department of Defense with its multiple missions, theDoD EA Transition Strategy encompasses a federated approach to its development. For example, the Business Transformation Agency (BTA) 2007 Enterprise Transition Plan (ETP) focuses specifically on the Business MA (BMA) and meets the criteria for an agency transition plan. The Enterprise Information Environment Mission Area (EIE MA)will publish an EA in January 2008 and plans to develop a Segment Architecture andTransition Strategy derived from the EA. The Warfighting MA (WMA), DefenseIntelligence MA (DIMA), and Intelligence MA (IMA) are also in the process of developingEAs and their related segment architectures and transition strategies. Projectedcompletion for the WMA and DIMA EAs is in late FY 2008/early FY 2009. Internet Protocol v6 (IPv6), has also developed a transition strategy, the IPv6 Transition Plan V2.0, June 2006. In addition, as a sample set to exemplify DoD Components’ transition planning, the 65 current Exhibit 300 investments have submitted Mini-Transition Strategies to be used as a basis for analysis in this DoD EA TransitionStrategy,Using the DoD EA Annual Plan (embedded in Appendix A), a plan for that addressesEA progress as a guide, the DoD EA Transition Strategy accomplishes the following: ▪ Provides a repeatable process for creating, maintaining, and managing the DoDEA Transition Strategy, including processes for performing gap analysis,alternatives analysis, and the management of projects over time. ▪ Provides a mechanism for identifying opportunities for consolidation or reuse andgaps between the “baseline” and “target” architecture. ▪ Documents defined programs and projects and sequencing plans in support of itstarget architecture. ▪ Addresses priorities and performance objectives identified in the 2006 QDR. ▪ Includes initiatives with milestones for at least one segment architecture, theBusiness EA (BEA) for DoD’s Business Mission Area. ▪ Demonstrates clear linkage between Net-Centric capabilities in the TransitionStrategy and investments in the DoD investment portfolio.Page 94▪ Includes defined and measurable performance milestones that indicate theDepartment’s success in achieving performance targets and has processes andtools in place to track performance. ▪ Identifies timelines for implementing net-centric attributes with supportingartifacts for investments in the IT300 Exhibit. The approach for developing this DoD EA Transition Strategy to address the complexDoD environment and meet the criteria for the OMB EA Assessment Framework,includes the following steps: ▪ Describe associations with the DoD transformation goals from the 2006 QDR ▪ Describe the status of DoD EA as a federated baseline architecture and thestatus of ongoing transformation efforts ▪ Describe the GIG Architectural Vision and related artifacts that comprise thefederated objective (target) architecture ▪ Analyze representative DoD IT300 Exhibit investments’ transition strategies andtheir performance measures to document transformation progress. Summarizefindings. ▪ Recommend an approach for continuous process improvement, including theDoD EA governance process and a DoD federated process that makes DoD Net-Centric transformation information visible, accessible, and understandable.Page 105 Section 2. DoD Net-Centric Environment (NCE) This section addresses the Mission and Change Drivers of DoD and by outlining theQuadrennial Defense Review (QDR) goals for transformation and the inherent need fora transition strategy to track progress toward the future Net-Centric Environment (NCE). Section 2 Contents: ▪ Description of the NCEDescription of the NCEThe DoD EA Transition Strategy links to the strategic goals of the Department asrepresented in the QDR 2006. These strategic goals cannot be accomplished without astrategy to transition from the existing environment represented by stove-piped systemsand islands of information to the desired NCE, and a commitment to the changesnecessary to accomplish the capabilities of the transformational NCE. The DoD leadership envisions the NCE as the underpinning of the many changesforeseen in the QDR 2006, which is a top-down look at US defense strategy, taking intoaccount the world environment, threats, current forces and programs, and the resourceslikely to be available. The Department foresees the need for continuous change, whichbuilds on the ever changing world in which the warfighter operates. The QDR maps

theway ahead for the next 20 years as the Department confronts current and futurechallenges and continues its transformation for the 21st century. To characterize the nature of the Department’s transformation, it should be viewed as ashift of emphasis to meet the new strategic environment. Examples of this shift inemphasis include:1From a peacetime tempo To a wartime sense of urgencyFrom a time of reasonable predictabilityTo an era of surprise and uncertaintyFrom single-focused threats To multiple, complex challengesFrom nation-state threatsTo decentralized network threats fromnon-state enemiesFrom conducting war against nations To conducting war in countries we are notat war with (safe havens)From “one size fits all” deterrenceTo tailored deterrence for rogue powers,terrorist networks and near-peercompetitorsFrom responding after a crisis starts(reactive)To preventive actions so problems do notbecome crises (proactive)From crisis responseTo shaping the futureFrom threat-based planning To capabilities based planning 1 2006 Quadrennial Defense ReviewPage 116 From peacetime planningTo rapid adaptive planningFrom a focus on kinetics To a focus on effectsFrom 20th century processesTo 21st century integrated approachesFrom static defense, garrison forces To mobile, expeditionary operationsFrom under-resourced, standby forces(hollow units)To fully-equipped and fully-manned forces(combat ready units)From a battle-ready force (peace) To battle hardened forces (war)From large institutional forces (tail)To more powerful operational capabilities(teeth).From major conventional combatoperations – To multiple irregular, asymmetricoperationsFrom separate military Service concepts ofoperationTo joint and combined operationsFrom forces that need to de-conflict To integrated, interdependent forcesFrom exposed forces forwardTo reaching back to CONUS to supportexpeditionary forcesFrom an emphasis on ships, guns, tanksand planes To focus on information, knowledge andtimely, actionable intelligenceFrom massing forcesTo massing effectsFrom set-piece maneuver and mass To agility and precisionFrom single Service acquisition systemsTo joint portfolio managementFrom broad-based industrial mobilization To targeted commercial solutionsFrom Service and agency intelligenceTo truly Joint Information OperationsCentersFrom vertical structures and processes(stovepipes) To more transparent, horizontal integration(matrix)From moving the user to the dataTo moving data to the userFrom fragmented homeland assistance To integrated homeland securityFrom static alliancesTo dynamic partnershipsFrom predetermined force packages To tailored, flexible forcesFrom the U.S. military performing tasksTo a focus on building partner capabilitiesFrom static post-operations analysis To dynamic diagnostics and real-timelessons learnedFrom focusing on inputs (effort)To tracking outputs (results)From Department of Defense solutions To interagency approachesThis shift in emphasis depends on the changes enabled by the NCE. Harnessing thepower of information connectivity defines Net-Centricity and serves as an underpinningof all other transformations. By enabling critical networked relationships betweenorganizations and people, the Department will be able to accelerate the speed ofbusiness processes, operational decision-making and subsequent actions due to better,more timely information. The collection and dissemination of information should bemanaged by portfolios of capabilities that cut across legacy stove-piped systems. Thesecapability portfolios require the identification of capability increments to measurePage 127 progress toward the NCE and to address gaps, redundancies, and opportunities forreuse. The foundation for Net-Centric operations is the GIG, the target architecture describedin the GIG Architectural Vision that includes a globally interconnected, end-to-end set oftrusted and protected information networks. The GIG will enable the secure, agile,robust, dependable, interoperable data sharing environment for the Department wherewarfighter, business, and intelligence users share knowledge on a global network thatfacilitates information superiority, accelerates decision-making, effective operations, andNet-Centric transformation.The Department has made steady progress implementing Net-Centric systems andconcepts of operation. It has deployed an enhanced land-based network and newsatellite constellation as part of the Transformational Communication Architecture

(TCA)to provide high-bandwidth, survivable internet protocol communications. Together, theysupport battle-space awareness, time-sensitive targeting and communicationscapabilities on the move. Deployed terminals – from command and control (JointTactical Radio System) to very large bandwidth ISR systems – are extending thecommunications “backbone” down to the smallest tactical unit in the field. Another foundation for Net-Centric operations is the DoD Net-Centric Data Strategyenabling the fusion of information from any platform or terminal. Pulling all this together,the revised Unified Command Plan has assigned U.S. STRATCOM lead responsibilityto operate and protect the GIG. To move closer toward this vision and build on progressto date, the Department will: ▪ Strengthen its data strategy – including the development of common datalexicons, standards, organization, and categorization – to improve informationsharing and information assurance, and extend it across a multitude of domains,ranging from intelligence to personnel systems. ▪ Increase investment to implement the GIG, defend and protect information andnetworks and focus research and development on its protection. ▪ Develop an information-sharing strategy to guide operations with Federal, state,local and coalition partners. ▪ Shift from Military Service-focused efforts toward a more Department-wideenterprise Net-Centric approach, including expansion of the Distributed CommonGround System. ▪ Restructure the Transformational Satellite (TSAT) program to “spiral develop” itscapabilities and re-phase launches accordingly, and add resources to increasespace-based relay capacity. ▪ Develop an integrated approach to ensure alignment in the phasing and pacingof terminals and space vehicles. ▪ Develop a new bandwidth requirements model to determine optimal network sizeand capability to best support operational forces.Page 138 Most of the Department’s goals are enabled by this NCE and chances of them beingrealized are enhanced because of it. For example, DoD’s efforts for fighting the longwar against terrorism are enabled by the NCE because trusted relevant information isavailable to the war fighters as they carry out the mission of the enterprise. Similarlymaking operational the national defense and national military strategies depend on theNCE to make available ubiquitous high quality information that enhances decisions. Rapidly reorienting capabilities and forces depends on the ability to make better andfaster decisions based on information about forces, capabilities, and threats. Withoutthe new defense NCE, it would be next to impossible to reshape the defense enterpriseand develop the total force ready and capable for achieving unity of effort in the 21stcentury. However, any attempt to predict the future security environment of 2025 is inherentlydifficult. Given the dynamics of change over time, the Department must develop a mix ofagile and flexible capabilities to mitigate uncertainty. The NCE directly contributes tothis need. To meet the key challenges in this period, the department must: shape andsustain its Armed Forces to most effectively fight the War on Terrorism, transform “instride” during wartime, strengthen our joint war fighting, and improve the quality of lifeof our Service members and their families. Finally, it is important to note that the NCE is only one step of the continuum oftransformation in the Department. Its purpose is to help shape the process of change toprovide the United States of America with strong, sound and effective war fightingcapabilities in the decades ahead. The QDR is the DoD’s strategic plan that documentsthese ideas and provides a roadmap for the transformation from the legacy environmentof today to the transformed Defense enterprise of tomorrow. The DoD EA Transition Strategy is a reflection of these Net-Centric transformationalgoals of the QDR. Policies and guidance are in place or are being developed and/orreviewed to guide DoD executives and managers in the documentation and facilitateimplementation of the Net-Centric transformation capabilities. Section 6 of thisdocument outlines in more detail recommendations to evolve the process for the DoDEA Transition Strategy to all DoD programs in an incremental and federated manner.Page 149 Section 3. Current State This section describes the progress the Department has made architecting the complexGlobal Information Grid (GIG) and ongoing efforts. It includes the current status andsummary

content of the GIG Architecture; DoD strategies and policies; GIGGovernance; Mission Area Segment Architectures; Internet Protocol v6; a cross-agencyinitiative summary; portfolio and capability management; and transition planningprocessesSection 3 Contents: ▪ Introduction ▪ The Global Information Grid Architecture ▪ The GIG as a Vision, Entity, and Architecture ▪ DoD Strategies - DoD Strategic Plan - DoD EA Federation Strategy - DoD Portfolio Management - Joint Capabilities Areas - Joint Network Operations - GIG Governance Structure Current and Planned - DoD CIO Policies - The GIG Architecture Drives Departmental Processes ▪ DoD Net-Centric Strategies - DoD Net-Centric Data Strategy - DoD Net-Centric Services Strategy - DoD Information Sharing Strategy - DoD Net-Centric Information Assurance (IA) Strategy - DoD Net-Centric NetOps Strategy - DoD Net-Centric Spectrum Management Strategy - DoD Computing Infrastructure Strategy ▪ DoD Internet Protocol Version 6 (IPv6) Transition Plan ▪ Net-Centric Enterprise Solutions for Interoperability (NESI) ▪ Alignment with the Federal Enterprise Architecture ▪ Information Sharing Environment and Homeland Security Presidential Directive -12 ▪ Segment Architecture - Business Mission Area - Business Transformation Transition Plan - Defense Information Enterprise Architecture - Warfighting Mission Area - Intelligence Mission Area - Cross-Agency Initiative Summary - Cross-Agency Initiative Tables ▪ OMB Assessment Framework and DoD EA Annual Plan ▪ DoD EA Transition Strategy Process and Annual UpdatePage 1510▪ Summary IntroductionNet-Centric transformation is key to the DoD defense strategy to meet the challenges ofthe dangerous and uncertain security environment of the 21st Century. There are manyinitiatives in the Department of Defense that are in the planning stage or beingimplemented to transform how the military fights and how the Department doesbusiness. To set the stage for transformation, it is important to know the current statusof DoD in regard to the “as-is” or federated baseline of the DoD EA as well as theprogress made by the Department since the publication of the GIG Architecture andduring calendar year 2007. The content of each part and sub-part of this section comprises the overall DoDapproach to transformation through the use of architecture, net-centricity, and portfoliomanagement. The following provides a description of the DoD GIG architecture, briefdescriptions of DoD’s relevant strategies, and a discussion of how the Department usesthe architecture to drive the three primary Departmental processes – 1) capability andderived requirements, 2) budget, and 3) acquisition – to deliver an environment thatsupports our 21st Century mission.The Global Information Grid Architecture The GIG is the organizing construct for achieving Net-Centric operations and warfare inthe Department of Defense. The GIG2consists of information capabilities –information3, information technology (IT), and associated people and processes thatsupport DoD personnel and organizations in accomplishing their tasks and missions –that enable the access to, exchange, and use of information and services throughoutthe Department and with non-DoD mission partners4. The principal function of the GIGis to support and enable DoD missions, functions, and operations. Therefore, the waythat DoD warfighters, business and intelligence personnel operate must drive the waythe GIG is designed, developed, acquired, implemented, and operated. The current GIG is characterized by organizational and functional stovepipe systemswith varying degrees of interoperability and constrained access to needed information. It does not sufficiently exploit the potential of information age technologies, and doesnot fully support the operational imperative for the right information at the right time. Inaddition, the current GIG is static rather than dynamic; it cannot quickly adapt to satisfyunanticipated needs and users. Most importantly, the current GIG is not suited to 2 See DoD Directive 8100.1, GIG Overarching Policy, September 19, 2002, for full GIG definition. 3 In this document, the term ‘information’ includes the term ‘data’, as commonly used in the foundationdocuments used to develop this document. 4 Mission partners are non-DoD individuals and organizations that exchange information with DoD users. Examples include allies, coalition partners, civilian government agencies, and non-governmentalagencies and organizations including international organizations.

Page 1611 support NCO – it does not support the ability of warfighters and business andintelligence operators to leverage the power of information.The current GIG (people, processes, and technology) must be transformed to enableand support DoD missions and operations in a net-centric environment (NCE). The NCE with its attributes and characteristics is the operating environment in which allDoD missions and operations will take place. Major improvements in situationalawareness, interoperability, combat operations cycle time, agility, collaboration and theability to self-coordinate in a NCE enhance military effectiveness and, most importantly,save lives.The GIG as a Vision, Entity, and Architecture The GIG as a vision is described in Section 4, Target Capability View, which describesthe GIG Architectural Vision.As an entity, the GIG comprises many systems that interoperate to provide the rightinformation to the right places when needed. Thus the GIG could be consideredanalogous to a secured World Wide Web (WWW): many systems distributed worldwidethat interoperate to allow vast amounts of information to be readily pulled by anyone oranything; anywhere, anytime; if appropriately authorized. In the same manner that theWWW has transformed industries and societies on a global scale, the GIG will supportthe transformation of our warfighting and business practices. The GIG includes all owned and leased communications and computing systems andservices, software (including applications), data, security services, and other associatedservices necessary to achieve Information Superiority. It also includes National SecuritySystems as defined in section 5142 of the Clinger-Cohen Act of 1996. The GIGprovides capabilities from all operating locations (bases, posts, camps, stations,facilities, mobile platforms, and deployed sites). The GIG provides interfaces tocoalition, allied, and non-DoD users and systems. The GIG includes any system, equipment, software, or service that meets one or moreof the following criteria: ▪ Transmits information to, receives information from, routes information among, orinterchanges information among other equipment, software, and services. ▪ Provides retention, organization, visualization, information assurance, ordisposition of data, information, and/or knowledge received from or transmitted toother equipment, software, and services. ▪ Processes data or information for use by other equipment, software, or services. Non-GIG IT is stand-alone, self-contained, or embedded IT that is not and will notbe connected to the enterprise network.Page 1712 The GIG is also a well-established and documented architecture that serves as theenterprise level ‘blueprint’ for information environment. As such, the architecturerepresents the structure of GIG components, their relationships, and the principles andguidelines governing their design, operation and evolution over time. The responsibilityfor GIG development and maintenance is shared among several OSD and DoDComponents with the Assistant Secretary of Defense for Networks and InformationIntegration (ASD(NII))/DoD Chief Information Officer (CIO) providing direction,oversight, affirmation, and remediation. The DoD CIO will appoint a GIG Chief Architectto develop and manage the infrastructure and processes to govern the development,maintenance, and use of the GIG Architecture and to establish and implement GIGArchitecture configuration control processes.5 Draft DOD Directive 8010.aa, GlobalInformation Grid (GIG) Overarching Policy provides the oversight and governancestructure. GIG Architecture v1.0, the “as-is” architecture, was published in 2003 followed by GIG“to-be” Architecture v2.0, published in 2005. GIG Architecture v2.0 identified theinformation services needed by the Secretary for decision making in the 21st Centurybased on various scenarios that seemed likely at the time and was the first attempt todescribe a macro view of a Service Oriented Architecture (SOA). From this work flowedthe Net-Centric Operations and Warfare Reference Model (NCOW RM), the Net-CentricEnterprise Services (NCES) Program, and the experimental work at DefenseInformation Systems Agency (DISA) on the SOA foundation, all of which reflect updatesto the federated baseline architecture and shows progress toward the target Net-Centricenvironment, represented in a federated objective architecture. Each of the Service’s major Net-Centric transformation initiatives; the Army’sLandWarNet, Air Force’s C2 ConstellationNet and the Department of the Navy’sForceNet initiative are currently developing architectures that are required by

theDepartment to be in conformance with the GIG Architecture. In addition, critical coreenabling programs such as the Air Force’s Transformational Communications System,and DISA’s NCES programs must also conform to the GIG Architecture. The Joint TaskForce architecture developed by the Joint Forces Command provides a constructagainst which Service, Agency, and Combatant Commander programs and initiativesare measured for operational sufficiency. As a result of the work done on the GIG Architecture, the Department is makingprogress on several programs/efforts key to the NCE, including a program to provide anintegrated communications layer within the GIG that increases connectivity andeliminates bandwidth as a constraint programs to provide the basic infrastructure andprotection services required to effectively operate the GIG. The Department is alsomaking progress for determining when other significant Information Technology (IT)initiatives, especially in storage, applications, or computing, will advance or takeadvantage of net centric capabilities. 5 Draft DODI 8240.aa, GIG Configuration Management and DODI 8210.aa Global Information Grid (GIG) Architecture Development, Maintenance, and UsePage 1813 Department TierMission AreaComponentProgram CapstoneCapability IncrementsDoD EA RMDoD Transition StrategyPolicyDoDAF, DISR, CADMDoD EA BRM DescriptionTransition StrategiesComponent EAsProgram Architecture ArtifactsRequired in JCIDS, CJCSI’s ,and DAS (ISP) Related to FEA: TargetFEA RMSegmentSegment ArchitectureIT 300References Related to DoD EA: DoD EATIERS Department TierMission AreaComponentProgram CapstoneCapability IncrementsDoD EA RMDoD Transition StrategyPolicyDoDAF, DISR, CADMDoD EA BRM DescriptionTransition StrategiesComponent EAsProgram Architecture ArtifactsRequired in JCIDS, CJCSI’s ,and DAS (ISP) Related to FEA: TargetFEA RMSegmentSegment ArchitectureIT 300References Related to DoD EA: DoD EATIERS The Department is working to extend these transformations to our allies, initially usinglegacy systems, but including them in our transformation as quickly as we can viaMultinational Information Sharing initiatives. Segment architectures that represent DoD mission areas are in various processes ofdevelopment. As previously discussed, the BEA is the segment architecture for theBMA. The other mission areas of the Department are building on the success andlessons learned by the BMA and are developing similar segment architectures thatconform to and become a part of the GIG. For example, the EIEMA has developed anarchitecture development structure similar to that used for the BEA and has drafted theComputing Infrastructure segment. The WMA has formed an initial governancestructure and is in the process of creating its architecture development structure. DIMAis in process of developing an EA this year. The common approaches employed byeach segment will enhance the Department’s ability to integrate architectures and avoidunnecessary duplication of effort. DoD segments are incorporating those elementsacross all DoD Component architectural development efforts to ensure that the resultingproducts are supportive of and extensions to the GIG Architecture. As this DoD EATransition Strategy is being developed, DoD is phasing out some of the concepts suchas Mission Area IT Portfolio Management in order to align with a DoD-wide capability-based concept initiated by the 2005 Quadrennial Defense Review (QDR). This newconcept is described in the Portfolio Management portion of this DoD EA TransitionStrategy in the Current Status section. Because this new concept is still in the evolutionphase, the remainder of the document will describe the current status of Mission Areasfor IT Portfolio Management. Figure 1 shows the relationship between the OMB layers or tiers and the DoD tieredapproach, as shown in Draft DODI 8210.aa, Global Information Grid (GIG) ArchitectureDevelopment, Maintenance, and Use and the DoD GIG Architecture Strategy. Figure 1 – DoD EA Relationship to OMB FEAPage 1914 In addition, a snapshot of the federated GIG Architecture may be captured at any pointin time as reflected in the DoD EA taxonomies that align information extracted from thefederated GIG Architecture and maps that information to the Federal EnterpriseArchitecture Reference Models (FEA RMs). The relationship of DoD EA with the FEARMs is described later in this section.To summarize,

considerable progress has been made since GIG Architecture v1.0 andthe Department is now institutionalizing this progress through new policies andredefined processes. From a policy standpoint the DoD Architecture Framework (DoDAF), has an interimupdate (v1.5, April 2007), which is a transitional version applying essential net-centricconcepts6 and addressing the immediate net-centric architecture development needs ofthe Department while maintaining backwards compatibility with DoDAF v.1.0. Asdescribed in the DoDAF Progress Update of January 2008, the DoDAF will evolvefurther towards architecting a Net-Centric environment for a SOA in v2.0, scheduled forcompletion in November 2008.From a process standpoint, the DoD EA Summit, led by ASD(NII)/Architecture &Interoperability (A&I) Directorate, provides the primary cross component governanceand integration of architectures across the Department and among the IntelligenceCommunity. Finally, The Department has implemented enterprise-wide systems engineering via theDraft DoDI 8230.aa, Global Information Grid Enterprise Engineering, to ensure thatprograms technically comply with the GIG Architecture and its supporting elementsnoted above. This system engineering activity is being complemented with a GIG end-to-end evaluation (test bed) facility at the Joint Warfighting Center. This facility will beused to ensure that systems being developed by DoD components meet GIGArchitectural requirements and its associated Technical Standards as contained in theDoD IT Standards Registry (DISR). The Net Centric Implementation Document (NCID)suite addresses transport, services, data, applications, computing infrastructure, IA, andNETOPS.DoD Strategies DoD Strategic PlanDoD’s information vision empowers users through easy access to information anytimeand anyplace, with attendant security. To do this, the Department provides acomprehensive information capability that is global, robust, survivable, interoperable,secure, reliable, and user driven. This is the enabling foundation for the Department’sDefense Strategy. 6 NetCentric Concepts are: 1) Populate the Net-Centric Environment, 2) Utilize the Net-Centric Environment, 3) Accommodate the Unanticipated User, 4) Promote the Use of Communities of Interest (COI), 5) Support SharedInfrastructure.Page 2015 1. The ultimate achievement of this vision depends on the development,deployment, and integration of an effective GIG. Achieving this vision requireschanges in doctrine, organization, training, materiel, leadership/education,personnel and facilities (DOTMLPF). The current DoD CIO Strategic Plan 2006,sets nine focus areas for the Department:The 2006 DoD CIO Strategic Plan identifies actions that are critical to transforming DoDoperations from platform/organization-centric to Net-Centric. The strategy encompassesdoctrine, organization, training, materials, leadership and education, personnel, andfacilities (DOTMLPF) implications for making information available on a reliable andtrusted network populated with new and dynamic information. The Draft Information Management and Information Technology (IM/IT) Strategic Plan,currently in the review process, will supersede the 2006 DOD (CIO) Strategic Plan V1.0as described above as well as the June 2004 DoD CIO Strategic Plan for InformationResources Management.The IM/IT Strategic Plan is being developed collaboratively with the CIOs of the MilitaryDepartments (MILDEPS), Defense Information Agency (DISA), National SecurityAgency (NSA), United States Strategic Command, and Joint Chiefs of Staff to provide acommon understanding of shared vision, mission, and governing principles for IM andIT. The plan identifies six specific goals and objectives to guide the net-centrictransformation of the Defense information enterprise during the period 2008-2009. Italso defines key performance indicators for assessing progress toward meeting thegoals and objectives that will move the Department’s net-centric transformation fromconcept to reality. Goal 5: Return on Investment in the Draft IM/IT Strategic Plan is to “institutionalize ITPfM and EA to maximize the contribution of IT investments to national security anddefense outcomes”. The related objectives in the IM and IT Plan are: ▪ All IT investments are aligned with DoD’s overall outcome goals andpriorities, and warfighter requirements ▪ Processes systematically maximize the value of IT investments, andassess and manage the risks of IT acquisitions. ▪ The IT investment environment is performance- and results-based. ▪ A federated DoD

EA facilitates management and planning of ITinvestments to achieve improved mission performance.DoD EA Federation StrategyThe development of a DoD Federated EA will be conducted in accordance with bothDoD and Federal policy on the development and use of enterprise architectures. Theapproach to federation in the GIG Architecture Federation Strategy of 01 August 2007closely follows DoD policy and directives on Net-Centric data management. Net-Centricreferences, including the Net-Centric Strategies; DoD Directive 8320.2, Data Sharing ina Net-Centric Department of Defense; OMB EA Assessment Framework 2.2; andPage 2116 Federal Enterprise Architecture Data Reference Model (FEA DRM) 2.0 will be consultedto ensure compliance with policy.7Figure 2 – Federation across DoD ComponentsThe DoD Federated EA directly relates to the development of transition plans as bothutilize the federated approach to information sharing. Net-Centric principles for the DoDFederated EA that must be adhered to, including visible, accessible, understandable,and trusted data assets, enabled to support interoperability, require the same types ofpolicies and processes needed for an effective DoD EA Transition Strategy. The GIG Federation Strategy recommends that agreements be reached within the DoDEA Community of Interest (COI) or Community of Practice (COP) on the structure andsemantics of data elements used for data asset discovery, linking, exchange, andintegration. Metadata elements needed to support the EA user services describedherein are defined and proposed for DoD EA COI/COP acceptance as the standard forNet-Centric federated EA services. Figure 2 is a high-level view of the DoD information enterprise. Figure 3 decomposesthe high-level view and depicts the interdependencies at all levels of the enterprise. This federated approach enables effective and efficient executive-level decision-making. 7 DoD Federation Strategy, 16 October 2006 BusinessPfMWarfighterPfM DefenseIntelligencePfMEIEMA PfM BusinessPfMWarfighterPfM DefenseIntelligencePfMEIEMA PfM 4THESTATE4THESTATEAIRFORCEAIRFORCE NAVYNAVYARMYARMY Need to Federateacross the EnterpriseNeed to Federateacross the EnterpriseFederation across DoD ComponentsThe PfM isdependentuponFederatedDataThe PfM isdependentuponFederatedDataThe PfM isdependentuponFederatedData Content DirectionPage 2217 Figure 3. DoD Information Enterprise DoD Portfolio ManagementThe DoD IT portfolio management policy8 and the GIG Architecture support theDepartment’s budget process, directly guiding the resource allocation for ITinvestments. The GIG Architecture will be used to define critical interrelationshipsamong portfolios and to determine which IT investments within and across portfoliosshould be supported. Other criteria include: 8 DODD 8115.01, IT Portfolio Management (10 Oct 2005) and DODI 8115.02 (30 Oct 06) Information Technology Portfolio Management Implementation.Page 2318▪ relevance of an IT proposal to the Department’s core mission, priorities, andstrategic planning goals ▪ support to functional area goals and objectives ▪ return on investment for business initiatives ▪ soundness of plans for managing, mitigating or diversifying risks ▪ optimization of resources through eliminating stove-piped development andredundant services and systemsThe DoD IT portfolio is comprised of investments in the four areas of DoD: WMA, BMA,IMA, and EIEMA. For the WMA, for example, a set of Joint Capabilities Areas (JCAs)have been defined as of January 2008 to provide a mechanism to manage portfoliosacross domains within the WMA. They are providing the foundation for the WMAArchitecture which, as part of the federated GIG Architecture, will provide authoritativeinformation to the DoD EA RMs. The four Mission Area EAs are discussed further inthe Segment Architecture section of this document.There are nine JCAs in Tier 1 with related Tier 2 and 3 JCAs. The Joint C2 portfoliocontains warfighter and user applications to support C2, logistics, and battlespaceawareness. This portfolio includes programs such as the Net-Enabled CommandCapability (NECC) and the Global Command and Control System (GCCS). In addition to supporting the

Department’s budget process, analysis of applicationswithin the C2 Portfolio (C2 Data Pilot) has resulted in a proposal to strengthen the NR-KPP by including data exposure criteria and service exposure criteria.9As the DoD EA Transition Strategy is being developed, DoD has begun phasing outsome concepts such as Mission Area IT Portfolio management in order to align with aDoD-wide capability-based concept initiated by the 2005 Quadrennial Defense Review(QDR). Concurrently, DoD has introduced the concept of the Defense InformationEnterprise as an organizing construct to differentiate the network infrastructure roles ofASD(NII) from the broader, more encompassing information management role of theDoD CIO. A description of the evolution from Mission Area IT Portfolio Management tocapability-based Portfolio Management is included in the paragraph below, GIGGovernance Structure Current and Planned.Joint Capabilities Areas JCAs were first proposed in the 2003 Joint Defense Capabilities Study, also referred toas the Aldridge Study. It called for dividing the Department’s capabilities intomanageable capability categories as an essential early step to implementing acapabilities-based approach. The study recommended dividing capabilities alongfunctional or operational lines and favored functional categories. Functional categoriesminimize redundancies in capability decomposition, provide clearer boundaries toassign weapon systems, and improve management ability to develop and implementcapabilities planning. 9 Proposal is before the JROC (Dec 2007)Page 2419 In 2005, the Joint Force Capabilities Assessment sub-study (Part of the OperationalAvailability-05 Analytic Agenda) developed the initial 21 Tier 1 JCAs, and developeddraft Tier 2 JCA candidates. A subsequent Secretary of Defense memo approved themfor “use as appropriate”, and referred to them as “the beginnings of a common languageto discuss and describe capabilities across many related Department activities andprocesses.” Two separate JCA refinement efforts were conducted, and resulted in the24 Aug 06 Joint Requirements Oversight Council (JROC) approval of the first JCAtaxonomy and lexicon which comprised 22 Tier 1 JCAs and 240 subordinate JCAs.The JROC also approved a deliberate way forward to enhance the nascent JCAs’ utilityacross the Department. Recognizing the current JCAs were devised mostly on theoryand without benefit of practical JCA application, the JROC agreed a baselinereassessment was necessary. Although the JCAs have been through severalrefinement cycles, the basic JCA framework has only changed on the margins. Thisbaseline reassessment affords the opportunity to holistically improve the JCAs byapplying lessons learned from their use in numerous department processes.The most recent version of the JCAs was approved by the JROC and by the DAWG inJanuary 2008; the set of JCAs is included in the Consolidated Taxonomy_4 Jan 2008. Joint Network OperationsJoint Network Operations (JNO) is another ongoing effort that focuses on key Programsof Record that have the most impact on providing capability to the war-fighters. TheJNO Capability Portfolio Manager (CPM) develops architecture products that supportanalysis and risk assessment efforts needed by CPM decision makers. The architecturefactors in Transport infrastructure, Information Assurance, Network Mgt, and EnterpriseServices. The architecture products are developed through specific tools that are able tointerface with a relational database and other input mechanisms. The database is usedto define data models and relationships that ensure data integrity. Products areexported in formats such as NetViz views (dynamic and static), as well as othercommon formats such as PowerPoint, Excel and bitmap images.The architecture products developed along with the analysis and risk assessmentprocesses have been instrumental in providing decisioning products to support the POMand other processes. GIG Governance Structure Current and Planned Portfolio management responsibility for the Department is currently in four logicalmanagement areas – the WMA, BMA, IMA, and EIEMA. Managing these horizontallyand vertically requires a federated approach and the Department has a portfoliomanagement approach across the four mission areas and across DoD Components. This is the initial step toward development of a NII/CIO Governance Structure that willprovide an overarching integrated approach and a management process that places theGIG under configuration control. To

continue toward a governance framework, a longterm process is being established and socialized to accomplish the following:Page 2520▪ Organize and focus NII/CIO direction for IT development by promulgating agovernance process through policy and institutionalized processes. ▪ Communicate to DoD Components what is needed. ▪ Empower DoD Components and then hold them accountable for implementation. ▪ Discipline GIG development.An Enterprise-wide approach is being pursued to ensure that the Department’sinformation and information technology management initiatives are planned andmanaged in a rational way that respects the culture, laws and authorities, such as theTitle 10 authorities of the Military Departments and the Goldwater Nichols Act, whichgave authorities to the Joint Chiefs of Staff to prepare the force to fight jointly. Together, these authorities establish a matrix organization with the Secretary setting atits head to mediate disputes, build consensus, and provide direction to both the verticalorganizations and the horizontal organizations represented by the Mission AreaManagers.This year DoD has introduced the concept of the Defense Information Enterprise as anorganizing construct to differentiate the network infrastructure roles of ASD(NII) from thebroader, more encompassing information management role of the DoD CIO. TheDefense Information Enterprise comprises the information, information resources,assets, and processes required to achieve an information advantage and shareinformation across the Department and with mission partners. Concurrently, DoD has begun phasing out some concepts such as Mission Area ITPortfolio management in order to align with a DoD-wide capability-based conceptinitiated by the 2005 QDR. DoD has piloted Capability Portfolio Management (CPM)and has specified a structure whereby all DoD investments (not just IT) will be managedin a series of portfolios. As part of this structure, the ASD(NII) has begun managing theNet-centric capability portfolio focused on IT infrastructure. The DoD CIO supports allCPM portfolios by continuing to specify policies and architectures, and is now alsoenhancing policy alignment mechanisms.As a consequence, ASD(NII)/DoD CIO is realigning some management constructs. Thecurrent two IT portfolio management efforts (EIEMA and Joint Network Operations) willmerge into a Net-centric CPM structure. That portfolio will encompass IT infrastructureinvestments across all DoD Components. In parallel, the DoD CIO will lead a broadenednet-centric review process spanning all programs delivering IT capability (across allportfolios), and focused on ensuring that each IT investment provides visible,accessible, understandable, and trusted net-centric information. In this vein, the Defense Information Enterprise Architecture (DIEA) now provides acommon foundation to support accelerated Department of Defense (DoD)transformation to net-centric operations and establishes priorities to address criticalbarriers to its realization. DIEA 1.0 highlights the key principles, rules, constraints andPage 2621 best practices drawn from collective policy to which all applicable DoD programs,regardless of Component or portfolio, must adhere in order to enable agile, collaborativenet-centric operations. Note: For the purpose of this DoD EA Transition Strategy, the DoD Mission Areaconcept is included as the current configuration for DoD IT Portfolio Management. Anoverview of the Defense Information Enterprise and the DIEA 1.0 as an embeddeddocument is incorporated into this Transition Strategy in the Segment Architectureportion to provide information on the evolution of this concept. Future versions of theTransition Strategy will reflect the detail of changes to the capability-based concept andthe evolution of the Defense Information Enterprise versus the EIEMA concept. DoD CIO Policies The current DoD EA Strategic Plan is being updated to the InformationManagement/Information Technology Strategic Plan, to be released in early 2008. TheIM/IT Plan is discussed in more detail above. Continuous process improvement (CPI) is a DoD transformation initiative highlighted bythe words of the Deputy Secretary of Defense Gordon England’s statement, “TheSecretary and I expect that every DoD organization is focused every day on improvingthe effectiveness of our support to the Warfighter”. DoD published the Continuous Process Improvement Transformation Guidebook, 12 May

2006, for implementing the continuous improvement activities that accomplish this goal. In conjunction with the Governance Structure, the NII/CIO is in the process of updatingseveral DoD CIO series 8000 policies in the areas of control, content, coordination, andcompliance to both consolidate existing policies in a logical configuration and to makenecessary changes to reflect current linkages to DoD CIO goals and objectives. Therelevant DoD 8000 Series are being updated in a collaborative process and arecurrently in the SD-106 review process. These policies, in addition to existing policies,include direction for DoD organizations and entities in regard to enterprise architecturedevelopment, maintenance, and measuring processes, such as the IT300 and OMB andGAO EA assessment. Existing DoD CIO policies address all areas of EA and processes and include the DoDSeries 8000 guidance and Mission Area (MA) EAs, such as the Business EnterpriseArchitecture (BEA) and the Enterprise Information Environment MA Architecture(EIEMAA). Additionally, DoD follows the Office of Management and Budget (OMB) A-11 guidance and has institutionalized the IT300 submission process and the OMB EAAssessment process. The DoDD 4630.5 and DoDI 4630.8, Information and Supportability of InformationTechnology and National Security Systems, is also currently being updated from May2004. There are two levels of updates, one scheduled for Fall 2008 and one for Spring2009.Page 2722 The intent of updating the policies is to provide the foundation for organizing, focusing,and articulating what the NII/CIO does (GIG management, governance, oversight) andwhat the Components do (develop GIG capabilities – content) in accordance with broadpolicy direction. The policy will then establish processes for the NI/CIO governance roleand the Components’ accountability requirements.The DoD EA Transition Strategy uses the elements of the Governance Structure as partof the entire lifecycle of a DoD portfolio. The identification of the GIG CapabilityIncrements and the related milestones are critical to bring the GIG vision into reality. Figure 4 details the GIG Lifecycle.Figure 4 – The GIG LifecycleThe GIG Architecture Drives Departmental Processes As previously stated, architecture plays an increasing role in three of the Department’sprimary business processes: capability setting, budget and acquisition. In fact, therequirements and acquisition processes have recently been reengineered to makebetter use of architectures for decisional purposes. The requirements process, Joint Capabilities Integration and Development System(JCIDS), uses the GIG Architecture description of information technology as theauthoritative view of interoperability and information assurance for use in defining Jointcapabilities. The mandatory Net-Ready Key Performance Parameter (NR-KPP)increases the Department’s emphasis on information assurance and datainteroperability through the NCOW RM in formulating specific NR-KPPs for newprograms. Compliance with the NR-KPP requires the proposed capability be able toenter and be managed in the network and exchange data in a secure manner. NCOWPage 2823 RM terminology must be included within architectural views provided with thecapability.10 The NR-KPP is a key part of the IT and NSS Interoperability andCertification process. These associated architecture products in JCIDS documentsprovide the details to conduct detailed traceability analysis which feed decisions onprograms.Joint Functional Concepts (JFCs) and Joint Integrating Concepts (JICs) providetargeted guidance for capability development. The NCE JFC provides a framework forfull human and technical connectivity and interoperability that allow all DoD users andmission partners to share the information they need, when they need it, in a form theycan understand and act on with confidence; protecting information from those whoshould not have it. The Net-Centric Operating Environment (NCOE) JIC definescoherent application of seamless, integrated Net-Centric capabilities to the forwardedge of the battlespace enabling full spectrum dominance. In the DoD Acquisition Process, the GIG Architecture is recognized as the underpinningfor all mission and capabilities architectures developed by the Services and DoDAgencies.The Department also requires the development of GIG-conformantInformation Support Plans (ISPs) that detail information

interoperability and contentneeds and dependencies of individual programs. These ISPs are also used to evaluateprogram interoperability and lifecycle management.DoD Net-Centric StrategiesThe OMB Assessment Framework for the Department of Defense for FY07 noted thatthe DoD Net-Centric Strategies need to be completed for overall maturity of the DoDEA. The intent of the Net-Centric Strategies is to provide important overall guidance tomanagers on how to include these areas in their program plans, goals, and objectivesthat will help to develop transition plans that comply with DoD Net-Centric goals andobjectives.The Senior Enterprise Services Governance Group (SESGG) is a governancemechanism for Joint Data and Enterprise Services, co-chaired by the DoD ChiefInformation Officer (CIO) and the Director National Intelligence (DNI) CIO. The SESGGdefines the required measurement and control mechanisms to ensure DoD-wide andIC-wide implementation of the Data Strategy and Enterprise Services. The SESGGalso identifies and develops necessary policy changes, including measurement andcontrol responsibilities, to ensure consistent implementation of the Data Strategy andenterprise services. Lastly, the SESGG establishes oversight forums to enable the DoDCIO and the DNI CIO to review implementation progress. The SESGG membersinclude representatives from the Army, Navy, Air Force, U.S. Marine Corps, DISA,Defense Intelligence Agency, and BTA.This section captures the overarching DoD CIO strategy, casts the historical contextthat proved the impetus for the subsequent strategy documents, and highlights the 10 CJCSI 6212.01D, Table D-2Page 2924 intent and the salient points of the various DoD strategy documents’ guidance thatsupport a pragmatic approach to IT implementation of the respective strategy. Historically, IT resources and software-based capabilities have been acquired andmanaged as stand-alone systems; namely, system-to-system connections are defined,engineered, and implemented one pair at a time – an approach that focuses on systemor platform capabilities rather than on mission capabilities. With respect to data, thetraditional DoD approach was data administration; namely, to standardize and controldata definitions and structures across the department. With respect to sharing, thesupply and demand for information continually triggers the inter-related processes ofinformation collection, processing, analysis, and integration to make informed toincrease situational awareness and to make informed timely decisions. With respect toNetOps, a set of stove-piped disparate and manual processes breed limited informationsharing and integration, non-standard configuration management and metrics, andrelatively static configurations. As a result, DoD promotes and encourages ‘new’paradigms that expose capabilities, establish data visibility and accessibility, and fostersinformation sharing as well as synchronization in its information sharing initiatives andinvestments throughout the Department. With respect to network protocol, in the GIG, IP is the common network protocol thatallows all types of data to move seamlessly on the GIG’s diverse transport layer whichincludes landline, radio, and space-based elements. The current version of InternetProtocol (IP), IPv4 has limitations that inhibit the end-to-end paradigm of the internetand achievement of DoD’s vision of net-centric operations. The numerous “fixes” andextensions implemented to overcome IPv4 limitations often have increased networkcomplexity and slowed network performance. Finally, a fully connected environment -specifically, an implementation of highly integrated wireless architectures and spectrumdependent technologies (weapons, sensors, geo-locators, etc) – that instruments andnetworks the battle-space must fit within the context of these new paradigms whichsignificantly increase the war-fighters dependence on spectrum.DoD Net-Centric Data Strategy The DoD Net-Centric Data Strategy 09 May 2003 describes a vision for a net-centricenvironment and the data goals for achieving that vision. It defines approaches andactions that DoD personnel will have to take as users—whether in a role as consumersand producers of data or as system and application developers. The strategy reflects a“...many-to-many exchange of data, enabling many users to leverage the same data –extending beyond...focus on standardized, predefined, point to point interfaces... andwithout having to anticipate...use in the development cycle...” More pointedly, thestrategy defines a modified paradigm for data management.Data implies all data assets (e.g., file systems, databases, documents, images,

audiofiles, web sites, etc). The goal is to post before processing; i.e., make visible andaccessible raw data. In the Net-Centric Data environment authorized users andapplications have immediate access (via “pull” as needed). Users and applicationsPage 3025 providing data post and tag the data assets with metadata to enable discovery on theEnterprise’ shared space. Key components of the data vision are Communities of Interest (COI), Metadata, andGIG Enterprise Services (GES). COIs are collaborative groups of users with sharedgoals, interests, missions, or business processes and therefore must have sharedvocabulary for the information they exchange. Metadata is data about data and canenhance the value and usability of data assets as well as aid in the advertisement of thedata asset within the enterprise. Types of metadata are discovery (summarizes keyattributes and concepts), vocabularies, taxonomic structures, interface specifications,and mapping tables. Various mechanisms are utilized to store the various types ofmetadata including registries, catalogs, and shared spaces. Definition, how to use, andwhen to use each mechanism is described in the data strategy. GES provides basiccomputing capabilities to the enterprise. The GES capability is the DoD MetadataRegistry based on ISO 11179 Specification and currently incorporates the extant DDDSand DoD XML Registry with planned integration of ontology, transformation services,and messaging formats. Approaches to achieve the Data Strategy Goals are detailed in the strategy. Allapproaches should be coordinated with IA and GIG infrastructure; COIs should beutilized to prioritize system and data transition and eliminate redundancy.To enable the DoD Data Strategy and to provide capabilities for Communities of Interest(COIs) to accomplish its goals, the DISA PEO-GES provides tools, techniques, andperformance standards at the DoD Metadata Registry (MDR) website, https://metadata.dod.mil/mdr/documents.htm. The website hosts the DoD MDR as well as briefings, documents, Metadata Working Group archives, and supporting NCESinitiatives information. The DoD MDR Version 6.1 is an implementation of the Data Strategy per the 24 Oct2003 DoD CIO Memorandum DOD Net-Centric Data Strategy: Visibility – Tagging andAdvertising Data Assets with Discovery Metadata and the DoDD 8320 .02 of May 2004,Data Sharing in a Net-Centric Department of Defense, which directs the use ofresources to implement data sharing among information capabilities, services,processes, and personnel interconnected within the GIG.The DISA PEO-GES, in support of Component planning and implementation to achievedata visibility provides the following on the website: ▪ A description of the functions and the concepts of operations for DoDEnterprise Discovery including specific implementation details and guidance ondiscovery of Services, Content, Metadata, and Persons. This whitepaper willprovide sufficient detail to enable DoD Components to understand EnterpriseDiscovery capabilities and factor them into transition planning. ▪ A set of specifications (including required service levels) that describeEnterprise Discovery functions and their interfaces to enable federation withPage 3126 Component discovery capabilities. These interfaces should incorporate the DoDDiscovery Metadata Specification. ▪ A reference implementation of the interfaces provided in Action (b) thatexemplifies how Community of Interest Discovery capabilities can federate withEnterprise Discovery. A July 2007 briefing, DoD Information Sharing Metadata Efforts by Dr. Glenda Hayes, of the DISA PEO-GES, gives explicit examples of realizing the DoD Data Strategy goalsincluding an animated detailed Federated Search Use Case for information sharingwithin and between programs of record (PORs) and COIs. Finally, illustrations of onlinetutorials are included; specifically, Registering Metadata and Version 6.1 DoD MetadataRegistry (MDR) functionality.DoD Net-Centric Services Strategy The DoD Net-Centric Services Strategy 04 May 2007 describes the DoD’s vision forestablishing a Net-Centric Environment (NCE) and expands upon the DoD Net-CentricData Strategy by connecting services to the Data Strategy goals. The commercial worlddefines business processes as workflows that consist of specific business functions thatare supported by the delivery of software-based services over networks. Thesesoftware-based services deliver reusable business functionality as standardized buildingblocks on

an enterprise network. A simplified workflow for a DoD business process, inventory management, is depicted inFigure 5. The function, “Check Forward Supply” is implemented using software buildingblocks or services (e.g., a Get Inventory Count service) and provides a distinct elementof functionality that can be used in other processes by Military Services, Agencies,Commands, or mission partners. When a new mission capability is required (e.g.,needing a new business process for logistics planning for a mission planningapplication), the Get Inventory Count building block can be quickly used to respond tothis new or changing mission need.Page 3227 Figure 5. DoD Business Process WorkflowThis approach lies at the core of a Service Oriented Architecture (SOA). As theDepartment transforms towards net-centric operations, the DoD NCE will increasinglyleverage shared services and SOAs that are supported by the required use of a singleset of standards, rules, and a common, shared secure infrastructure provided by theEnterprise Information Environment Mission Area (EIEMA) and populated withappropriately secure mission and business services provided and used by each MissionArea. Of the four goals, “provide services” is the most user focused. Specifically, as theNCE evolves, users will provide their information and functional capabilities to theenterprise as services. Providers of services must register their services in theenterprise service registry (i.e., publish the metadata describing their services). CoreEnterprise Services (CES) are a small set of services to be provided by EIEMA. DoD Information Sharing Strategy DoD Information Sharing Strategy 04 May 2007 documents the common vision to synchronize information sharing initiatives and investments throughout the DoD in orderto leverage information as a strategic asset in achieving the DoD mission. Informationsharing is the means by which information is shared ranging from face-face interactionsto real-time voice communications and beyond across trusted networks. The strategyguides the information sharing within the DoD as well as with Federal, State, local,tribal, coalition partners, foreign governments, and private sector. Of the fivetouchstones of information sharing, Technology and Infrastructure are the most relevantfor realizing the technology focus of the DoD transition strategies. A companion DoDInformation Sharing Strategic Implementation plan describes the specific roles, actions,responsibilities and milestones.Page 3328 Goals which rely on technology are ‘strength agility’ and ‘ensure trust’ by implementingadaptive technologies and accommodating different levels of trust, respectively. Approaches to achieving the goals that rely on technology are ‘forge informationmobility’ and ‘promote a federated information sharing community/environment’ byrequiring trusted (authenticated, confidential, non-repudiated, and integrity) informationto be visible, accessible, and understandable and includes trust mechanisms,standards, procedures, and audit regimes, respectively. Finally, implementationconsiderations information delivery, collaboration, and information and knowledgemanagement advances as well as current and innovative standards based (i.e., complywith the DoD and Federal Enterprise Architectures) technology will enable informationsharing in the Technology and Infrastructure domains.DoD Net-Centric Information Assurance (IA) StrategyThe bulk of the DoD Net-Centric Information Assurance (IA) Strategy circa 2004addresses the strategic approach to network IA and has six goals and severalassociated objectives. In general, secure engineering should be consistent with the IAarchitecture, policies, standards, and implementation guides. In remaining consistentwith the purpose of this section, the ‘Protect Information’ goal is highlighted here. ‘Protect Information’ stresses that one cannot rely on simple transport/link encryptiongiven that a net-centric concept means information flows in and out of the network atnumerous access points. Hence, a secure labeling and marking of data (“tagging”) isnecessary to ensure agility for dynamic access control decisions. This includes strongbuilt-in authentication and authorization considerations so that devices that can bereconfigured for security or functionality purposes without human intervention. DoD Net-Centric NetOps StrategyThe DoD NetOps Strategy, 14 December 2007, defines NetOps, its provisions, andintent. NetOps is the “…Department-wide

operational, organizational, and technicalconstruct for operating and defending the GIG and provides commanders with GIGsituational awareness and C2 capabilities. The intent is to establish a net-centriccapability for dynamically operating and defending the GIG as a unified, agile enterpriseto enable rapid mission-oriented decisions at appropriate levels across domains. NetOps integrates Enterprise Management, Net Defense, and Content managementand assures the availability, protection, and integrity of DoD networks, systems,services, and information. Effectively NetOps results in routine, rapid, and accuratereallocation or reconfiguration of GIG resources in a protected information assuredenvironment. Finally, NetOps records strategic goals and associated objectives andnext steps. With respect to next steps, identified requirement is the development andexecution of NetOps Implementation plans at all levels across DoD that address threekey areas: governance, implementation, and metrics for monitoring, affirmation, andremediation.DoD Net-Centric Spectrum Management StrategyThis DoD Net-Centric Spectrum Management (SM) Strategy - 3 August 2006 introducesthe vision for this new term which describes an objective capability for the managementPage 3429 and use of electromagnetic spectrum within a net-centric environment. The strategyrecords the vision, goals and methods for achieving, responsibilities and challenges toNet-Centric Spectrum management. A subsequent directive will detail specific actionsand responsibilities to achieve the vision. In essence, the Net-Centric SM vision is spectrum access on demand enabled throughthe use of planning, standards, SM protocols, and software agents that will capture thetype and amount of spectrum in use and support the most effective use of availablespectrum. Goals reflect on-the move access, mitigation of harmful interference,decentralized SM, and autonomous performance throughout the network. Methods forachieving include but not limited to common SM standards and protocols and ‘contextaware’ use (i.e., determine amount of spectrum needed for specific use then select theappropriate spectrum parameters).DoD Computing Infrastructure StrategyThe DoD Computing Infrastructure Strategy (Draft Final, March 2007) is currently beingreviewed. DoD Internet Protocol Version 6 (IPv6) Transition Plan The Internet Protocol v6 (IPv6) Enabling Program has a transition plan in place, the DoD IPv6 Transition Plan v.2. The Defense IPv6 Transition office (DITO) coordinated with DoD Components to develop a DoD-wide, consolidated IPv6 implementationschedule for major DoD networks and programs. The integrated implementationschedule of 4 October 2007 includes specific system IPv6 transition milestones as wellas the schedule for accomplishing critical supporting tasks. The DoD Components willupdate and maintain internal schedules (as part of the DoD Component IPv6 TransitionPlan) on a continual basis.The ASD(NII)/DoD CIO June 9, 2003 memo established a goal to transition DoDnetwork systems to IPv6 by FY 2008. In the August 2, 2005 memo “Transition Planningfor Internet Protocol Version 6 (IPv6),” the Office of Management and Budget (OMB) setJune 2008 as the date by which all agencies’ infrastructure (network backbones) mustbe using IPv6 and agency networks must interface with this infrastructure. Theimplementation schedule defines activities that can be accomplished by the FY 2008time frame based on three milestone objectives and identifies programs and networkstransitioning beyond the FY 2008 goal.The planning emphasis for FY 2008 has been on transitioning the core DoD networkInfrastructure; a timeline for implementation with DoD Teleport is graphically describedin the IPv6 Transition Plan. The DoD IPv6 Transition Plan June 2006 “…describes the overall strategy for IPv6transition, identifies roles and responsibilities, outlines transition governance, milestoneobjectives, and foundation for more in-depth efforts…” Internet Protocol Version 6(IPv6) is the next-generation network layer protocol for the internet and the DepartmentPage 3530 of Defense (DoD) Global Information Grid (GIG). Sensors, platforms, and weapons arebeing built as ‘net-ready’ nodes incorporating IP-based protocols. Key elements of theplan highlighted here are governance and technical transition. Salient pertinent detailsof the plan include: ▪ The most important IPv6 features and associated attributes that facilitate DoDnet-centric operations; namely, improved end-

end security, Quality of Service(QoS) flexibility, improved mobility, simplified network management, and‘unlimited’ address availability; ▪ DoD components’ responsibilities of developing an IPv6 transition plan thatincludes network transition strategies, transition activities, and timelines andidentifying, re-sourcing, engineering, and fielding pilot IPv6 implementations; ▪ Joint Staff IPv6 key operational and technical items that must be successfullydemonstrated for IPv6 transition; all of which are further decomposed intotestable and verifiable measures of performance in DoD IPv6 Generic Test PlanVersion 3; ▪ Key IPv6 documentation to be utilized to facilitate DoD IPv6; ▪ List and expanded treatment of nine IPv6 Transition ElementsFinally, to manage the security challenges and associated risks, the DoD hasestablished a set of milestone objectives; namely, provide DoD Components theauthority to operate using IPv6 within approved isolated network domains (enclaves),across cooperative multi-domain environments (transport), and the capability ofaccepting, routing, and processing IPv6 protocol traffic while providing parity to IPv4. With respect to milestone objective 2, guidance for the transition stage (i.e., when IPv4and IPv6 are utilized simultaneously) includes architectural, functional, and securityrequirements as well as recommendations and configuration guidance to implement theaforementioned requirements.9A July 2007 article in CrossTalk magazine, Spiraling Information Demands – The Way Ahead with IPv6, was written by the DoD IPv6 Transition Office and outlines IPv6 status and challenges. Net-Centric Enterprise Solutions for Interoperability (NESI) Net-Centric Enterprise Solutions for Interoperability (NESI) 12 October 2007 provides, for all phases of the acquisition of net-centric solutions, actionable guidance that meetsDoD Network-Centric Warfare goals. NESI provides specific technical recommendationsthat a DoD organization can use as references. Stated another way, NESI serves as areference set of compliant instantiations of various directives, policies and mandatessuch as the Net-Centric Operations and Warfare Reference Model (NCOW RM)[R1176] and the ASD(NII) Net-Centric Checklist. As currently structured, the NESIimplementation covers architecture, design and implementation, compliance checklists,and a collaboration environment that includes a repository. More specifically, NESI is abody of architectural and engineering knowledge that guides the design,implementation, maintenance, evolution, and use of the Information Technology (IT)Page 3631 portion of net-centric solutions for military application. The guidance in NESI is in linewith commercial best practices in the area of enterprise computing. Initial authority for NESI is per the Memorandum of Agreement between Commander,Space and Naval Warfare Systems Command (SPAWAR); Navy Program ExecutiveOfficer, C4I & Space (now PEO C4I); and the United States Air Force ElectronicSystems Center (ESC), dated 22 December 2003, Subject: Cooperation Agreement forNet-Centric Solutions for Interoperability (NESI). The Defense Information SystemsAgency (DISA) formally joined the NESI effort in 2006.Alignment with the Federal Enterprise ArchitectureThe Department of Defense aligns with and leverages the Federal EnterpriseArchitecture RMs (FEA RMs) in several ways. First, the Department maps the FEA RMtaxonomies to the four DoD Mission Areas (Business, Warfighter, Intelligence, andEnterprise Information Environment) using DoD architecture and other related artifactsas resources. For example, the activities of the BEA in the BMA are mapped to theFEA BRM Lines of Business (LOB). These DoD taxonomies serve as the business,performance, technical, data, and service component common taxonomies for the DoDArchitecture Repository System (DARS), as indicated in the DoD EA FederationStrategy. The use of these taxonomies provides the common terms of reference toachieve internal and external regulatory compliance, interoperability, and net-centricityand ultimately acts as a foundation for improved decision making within and acrossmission areas. The DoD taxonomies are updated as new DoD resources, such as newversions of an architecture, are released. The draft DODI 8210.aa, Global InformationGrid (GIG) Architecture Development, Maintenance, and Use, currently in the DoDDirectives Program Coordination (SD Form 106) process, mandates the use of commontaxonomies. Second, DoD has developed the DoD EA Consolidated Reference Model (DoD EACRM) that aligns with FEA categories but uses actual data

from DoD investments. Theactual data (LOB, mission area, service component, performance information, technicalstandards and specifications) is derived from the Exhibit 300 input, rather than thegeneric FEA or DoD taxonomies. The DoD EA CRM therefore serves as a snapshot ofthe federated GIG architecture by mission area for a sample set of DoD investments. Ittracks the line of sight from strategic goals through actual results and can identify gapsand redundancies as well as research, development, and cost sharing opportunities. Third, DoD leverages the requirements for data from external sources, such as theOMB Circular A-11 guidance for Exhibit 300 and 53 submissions and the OMB EAAssessment Framework, to review and analyze DoD enterprise managementinformation to make recommendations that contribute to more effective and efficientdecisionmaking Department-wide. Lastly, the Segment Architecture aligns with the FEA RM structure and is a way toabstract the business, performance, service component, technical, and data informationabout a segment or, in the case of DoD, a Mission Area. The Segment ArchitecturePage 3732 guidance from OMB, The FEA Practice Guidance, and DoD’s, A Practical Guide forBringing Enterprise Architecture Value to the Mission, also provides guidance fordeveloping transition strategies and sequencing plans. Information Sharing Environment and Homeland Security Presidential Directive -12The Information Sharing Environment (ISE) and Homeland Security PresidentialDirective 12 (HSPD-12) are examples of initiatives in which DoD participates with otherfederal agencies. The ISE is in the EIE MA; the Line of Business (LOB) is InformationTechnology and Management and the LOB Sub-Function is Information Sharing.HSPD-12 is in the EIE MA; the Line of Business (LOB) is Information Technology andManagement and the LOB Sub-Function is Information Systems Security. The ISE consists of multiple sharing environments designed to serve five communitiesof interest (COIs): intelligence, law enforcement, defense, homeland security, andforeign affairs. The ISE represents a trusted partnership between all levels ofgovernment, the private sector, and foreign partners, to detect, prevent, disrupt,preempt, and mitigate the effects of terrorism against the territory, people, and interestsof the US. The ISE will provide a distributed, secure, and trusted environment fortransforming terrorism information sharing into actionable information for community-wide sharing. The ISE managing partners and cabinet-level Departments and Agencies collaborateand make agreements that influence investments in the set of IT Exhibit 300s (knownhereafter as the IT portfolio). The ISE community is currently discussing how to affectthe investments in FY09 budget and have begun the necessary planning to accomplishthe desired results using the ISE EA Profile and ISE Functional Standard (FS) Suspicious Activity Reporting (SAR). HSPD-12 directs mandating adoption of a common identification standard (HSPD-12)for all Federal employees and contractors. HSPD-12 is currently being executed. DoDis working with other agencies on follow-up actions, including participation oninteragency boards for technical issues, and on the Federal Identity CredentialingCommittee for policy issues. Segment ArchitectureBusiness Mission Area The BMA has a mature Business Enterprise Architecture (BEA) and an EnterpriseTransition Plan, which together comprise the BMA segment architecture. The BusinessTransformation Agency (BTA) further delineates the architectures, transition strategy,governance, cost savings, IPv6, EA value, and other information to provide artifacts asevidence of Completion, Use, and Results for the OMB EA Assessment. The BMASegment and all relevant artifacts are included in the BMA EA Self-Assessment as apart of the overall DoD EA Self-Assessment. The high-level descriptions of scope,Page 3833 vision, change drivers, performance goals, and funding strategy are included inAppendix H.Business Transformation Transition Plan The DoD 2007 Enterprise Transition Plan (ETP) of September 2007 is an importantelement of the DoD Transition Strategy as it describes DoD’s overall businesstransformation approach and defined key elements of that approach to include well-defined priorities supported by key systems and initiatives. It aligns transformationpriorities to a set of “business value-added measures” to ensure investments arearticulated and measured against tangible

business value to the Department. Featuresof the ETP include new and refocused programs that fill operational gaps; rebaselinedschedules that reflect revised urgency and adaptation to unplanned delays; and a morecomplete performance management framework that charts the course toward plannedtransformation outcomes.11 Future versions of the ETP will continue to track actualprogress toward achieving improvements. Defense Information Enterprise ArchitectureThe Defense Information Enterprise Architecture (DIEA) unifies the concepts embeddedin the many DIEA-driven net-centric strategies into a common vision, providingrelevance and context to existing policy. DIEA highlights the key principles, rules,constraints and best practices drawn from collective policy to which applicable DoD ITprograms, regardless of Mission Area, Component or portfolio, must adhere in order toenable agile, collaborative net-centric operations. In today’s information environment,the DIEA rules clearly apply within the persistently-connected Internet Protocol (IP)boundaries of the Global Information Grid (GIG). Outside of these boundaries, theprinciples still should be considered, but the rules of the DIEA must yield to the state oftechnology, and the needs and imperatives of the Department’s other Mission Areas. Core principles and rules are organized around five key priorities where increasedattention and investment will bring the most dramatic and immediate progress towardsrealizing net-centric goals. The DIEA v1.0 is currently scheduled for publication in January 2008. Appendix I in thisDoD EA Transition Strategy includes V1.0 of the DIEA. The content of the DIEA and thefollowing high-level descriptions of the scope, vision, change drivers, performancegoals, and funding strategy, as defined in the FEA Practice Guidance for transitionstrategy development, comprise the DIEA Segment Architecture. The high-leveldescriptions of scope, vision, change drivers, performance goals, and funding strategyare included in Appendix I. See the GIG Governance Structure Current and Planned inthis Current Status section for more information on the Defense Information Enterprise.Warfighting Mission AreaThe WMA EA Segment Architecture is currently in development in conjunction with theWMA EA. The WMA EA v1.0 is scheduled to be completed in February 2009. To date, 11 DoD Business Transformation Agency, 2006 Enterprise Transition Plan, Sep 28, 2006.ibidPage 3934 the WMA Segment Architecture includes a Project Plan and GANTT Timeline fordevelopment as well as Executive Summary and other artifacts. These artifacts providean interim deliverable that shows progress toward the full WMA Segment Architecture inFebruary 2009. To provide content for the DoD EA Transition Strategy, the high-leveldescriptions of scope, vision, change drivers, performance goals, and funding strategyare included in Appendix J. . Intelligence Mission AreaThe Defense Intelligence Mission Area (DIMA) EA is in process of development underthe auspices of USDI; Segment Architecture development will progress in conjunctionwith the EA development. DIMA as an organization currently is working on itsfundamental structure, purpose, and direction. The DIMA Vision, Mission, Goals, andObjectives are being rewritten; the DIMA governance structure is being redrafted; thereis a pending realignment of DIMA within USDI from DUSD Warfighter Support to DUSDAcquisition, Resources, & Technology that is awaiting a GO/SES-level decision;relationships with ODNI and DIA are evolving; and there is discussion about changingthe DIMA’s Enterprise Architecture concept to a Business Architecture. DIMA alsoplans to synchronize efforts with those of the other Mission AreasThe Intelligence Community (IC) EA currently has a Business RM, v1.1 and a ServiceComponent RM v0.8 being developed under the Director of National Intelligence (DNI). The DIMA EA and IC EA development are coordinated efforts. Cross-Agency Initiative SummaryThe Department participates in the President’s Management Agenda (PMA) E-GovProgram, which includes a variety of Cross-Agency Initiatives. The following tablesdescribe initiatives in which the Department participates and illustrates the alignment ofthe initiatives with FEA Lines of Business (LOB) and Sub-Functions by DoD MissionArea. The mapping of the FEA LOB and sub-functions by DoD EA Mission Area arederived from the DoD EA Business Reference Model (BRM). The tables below (Table 1 and Table 2) provide a view of the Cross-Agency Initiativesthat reflect the implementation of common solutions with DoD participation.

Page 4035 Cross-Agency Initiative Tables Table 1. PMA E-Gov Initiative/Line of Business (LoB)PMA E-GovInitiative /Line ofBusiness(LoB)E-Gov Initiative / LoBDescriptionDoD MissionArea FEA BRM LOBFEA BRM LOBSub-FunctionE-RulemakingE-Rulemaking is a Federal-wide electronic system topromote public access to theregulatory process. Allowscitizens and organizations tosearch and commentelectronically on rulemakinginformation.EIERegulatoryDevelopment Public CommentTrackingBusinessGatewayBusiness Gateway is theofficial resource to helpbusinesses quickly findcompliance information,forms and contacts frommultiple gov websites.EIEAdministrativeManagementWorkplacePolicyDevelopmentandManagementGrants.govThe E-Government Initiative,Grants.gov provideselectronic functionality forapplicants and grantees, andreduces the paper-basedprocesses that currentlychallenge the Federal grantsenvironment.BusinessAdministrativeManagementWorkplacePolicyDevelopmentandManagementIntegratedAcquisitionEnvironment(IAE) IAE is a suite of E-GOVprojects that provideinformation on centralcontractor registration,performance andsubcontract reporting,Federal businessopportunities, technical datasolutions, onlinerepresentations andcertifications application.BusinessSupply ChainManagementGoodsAcquisitionE-AuthenticationE-Authentication providesvalidation services formultiple forms of identitycredentials to e-Govinitiatives and other Federalelectronic service deliveryprocesses by providing acommon, unifiedauthentication service forgovernment-wide use.EIEInformation andTechnologyManagementInformationSystemsSecurityPage 4136 FinancialManagementLoB (FMLoB)FMLoB goals are to enhancecost savings in for future FMsystems, providestandardization of businessprocesses, promoteseamless data exchangeamong Agencies andstrengthen internal controlsin financial and subsidiarysystems.BusinessFinancialManagementReporting andInformationHumanResources LoB(HR LoB)The vision of the HR LoB isto create a framework forGovernment-wide, modern,cost effective, standardized,and interoperable HRsolutions that providecommon core functionality tosupport the strategicmanagement of humancapital.BusinessHuman ResourceManagementHR StrategyE-TrainingE-Training's vision is tocreate an environment thatsupports development of theFederal workforce throughsimplified and one-stopaccess to high quality e-Training products andservices, and, thusadvances theaccomplishment of agencymissions.BusinessHuman ResourceManagementEmployeeDevelopmentandPerformanceManagement RecruitmentOne-Stop(ROS)ROS will provide a singleapplication point for agencyrecruitment needs andsupport strategic humancapital management andaffirmative action planningwithin the legal andregulatory framework andlabor managementobligations.BusinessHuman ResourceManagementStaff AcquisitionEnterpriseHumanResourcesIntegration(EHRI)EHRI will eliminate paperrecords and enableelectronic benefits reportingand electronic transfer of HRdata throughout the Federalemployee’s life cycle. It willstreamline and improveworkforce reporting, dataanalyses and claimsprocessing.BusinessHuman ResourceManagement BenefitsManagementPage 4237 E-PayrollThe vision of e-Payroll is toaccomplish transformation ofFederal payroll to provide"Simple, easy to use, costeffective, standardizedintegrated e-HR/Payrollservices to support themission and employees ofthe Federal Government".BusinessHuman ResourceManagement)CompensationManagementGrantsManagementLoB (GM LoB)GM LoB is a multi-agencyinitiative to develop agovernment-wide solution tosupport end-to-end grantsmanagement activities thatpromote citizen access,customer service, andagency financial andtechnical stewardship.BusinessAdministrativeManagementWorkplacePolicyDevelopmentandManagementFederal HealthArchitecture(FHA) FHA is a collaborativeenvironment for Federalagencies to identify commonFederal health businessrequirements andprocesses, and recommendhealth data standards forindustry to use in buildinghealth IT products.BusinessHealthHealth

CareDeliveryServicesInformationSystemsSecurity LoB(ISS LoB)ISS LoB will improveeffectiveness andconsistency of informationsystems security across theFederal Government byaddressing those areas ofinformation security whichare common to all agencies.EIEInformation andTechnologyManagementInformationSystemsSecurityGeospatial LoB Geospatial LoBrecommends a set ofcommon Government-widesolutions to serve theinterest the Nation andFederal agencies throughmore effective and efficientdevelopment, provisioningand interoperability ofgeospatial data andservices.EIEInformation andTechnologyManagementInformationManagementPage 4338 BudgetFormulationand ExecutionLoB (BFELoB) BFELoB will build futurebudgets employingstandards and technologiesfor electronic informationexchange to link budget,execution, performance andfinancial informationthroughout all phases of theannual budget formulationand execution cycle.BusinessFinancialManagementFunds ControlInformationTechnologyInfrastructureLoB (ITILOB)ITILOB will identifyopportunities for ITinfrastructure consolidationand optimization, anddevelop government-widecommon solutions.EIEInformation andTechnologyManagementIT InfrastructureMaintenancePage 4439 Table 2. Other Cross-Agency Initiative Line of Business (LoB)Other Cross-AgencyInitiativeLine ofBusiness(LoB)Other Cross-AgencyInitiative / LoB DescriptionDoD MissionAreaFEA BRM LOBFEA BRM LOBSub-FunctionInformationSharingEnvironmentLOB (ISE LOB)The ISE LOB consists ofmultiple sharingenvironments designed toserve five communities ofinterest (COIs): intelligence,law enforcement, defense,homeland security, andforeign affairs. The ISE willprovide a distributed, secure,and trusted environment fortransforming terrorisminformation sharing intoactionable information forcommunity-wide sharing.EIEInformation andTechnologyManagementInformationSharingHomelandSecurityPresidentialDirective 12(HSPD-12)Presidential directivemandating adoption of acommon identificationstandard (HSPD-12)for all Federal employeesand contractors. HSPD-12has been mandated andimplementation plan is currently being executedDoD is working with otheragencies on follow-upactions, includingparticipation on interagencyboards for technical issues,and on the Federal IdentityCredentialing Committee forpolicy issues.EIEInformation andTechnologyManagementInformationSystemsSecurity OMB Assessment Framework and DoD EA Annual Plan The OMB Assessment Framework, on an annual basis, requests a self-assessment todetermine DoD EA completion and use for results and recommends actions that willimprove effectiveness of the EA and therefore, improve the effectiveness and efficiencyof DoD performance. Due to the visibility of these efforts, it is important to theDepartment that this assessment accurately reflects DoD’s accomplishments as it mayhave a direct bearing on future budget requests and score on the DoD EA portion of thePresident’s Management Score Card.Page 4540 The OMB Assessment Framework outlines the specific requirements for an effectiveTransition Strategy; the DoD EAC Community of Practice (CoP) providesimplementation guidance for DoD managers to help them develop their transition andsequencing plans in accordance with the OMB Assessment requirements. Sequencingplans create the historical context from which we can see how well our improvedprocesses influence our programs to meet their targets, provide benefits andaccomplish outcomes. Note: the OMB emphasis on documentation and artifactsactually has an adverse effect in that it encourages a proliferation of documentsregardless of process effectiveness.The DoD EAC CoP develops a DoD Annual Plan to address and leverage therecommendations of the OMB Assessment, improve DoD EA processes, and use as astructure to measure progress toward maturity based on OMB guidance. The DoDAnnual Plan sets quarterly goals that incrementally address the weaknesses noted inthe Assessment. By addressing the weaknesses noted, we abate risk and mange theeffectiveness of our programs. The quarterly report of the DoD EA Annual Plan isTreviewed with OMB and adjusted as necessary as goals are realized and other goalsand objectives are added. These

quarterly reports are also used to satisfy therequirements for EA quarterly reporting for the President’s Management Score CardIn addition, the GAO assessment process (EAMMF) includes a periodic review of DoDEA and delivers a maturity model assessment that is designed to help the Departmentto better address weaknesses in their EA program. The DoD EAC CoP leads thedevelopment of a DoD plan to document, prioritize and implement the GAOrecommendations in a consistent manner. The OMB and GAO assessments have defined timelines whereby DoD hasresponsibility to respond and provide documentation on a quarterly and annualschedule. The DoD EAC CoP is developing a process to identify and consolidate theinformation and processes required by OMB and GAO and therefore facilitate DoDexecutive efforts to not only provide this information in a timely manner but to also use itto affect the major decision processes of the department concerning DoD EA. DoD EA Transition Strategy Process and Annual UpdateFuture versions of the DoD EA Transition Strategy process will follow a similarmethodology to this version, which includes collection of DoD IT300 Exhibits’ transitionand sequencing plans, an expanded collection of other major and related DoD initiativesand programs, and the compilation and analysis of transition and sequencing plans withrelated performance measures. Guidance to DoD managers to compile and submit thisinformation will be provided. Also, the results of the analysis will be leveraged for use inthe DoD EA RMs where appropriate, particularly in the Performance Reference Model. In addition, the DoD EA Transition Strategy will continue to align as necessary withother DoD processes, policies, and governance efforts, including the 8000 seriespolicies, the GIG Architectural Vision and the DoD EA Federation Strategy, and to workPage 4641 with the EDFWG for alignment of strategic statements throughout the DoD andcontribute to fill identified gaps. The DoD EA Transition Strategy will also strive to leverage all internal work to developcommon capability definitions and Capability Increments as a critical need for DoD toprovide a base for transition planning. The OMB and GAO Assessments will alsocontinue to be leveraged to improve DoD performance thus capturing the value of EA toenhancing mission performance. The DoD EA CRM provides guidance to DoD executives for identification anddocumentation of metrics to measure projected and desired outcomes. The Departmenthas documented its performance measurement process as shown in the DoD EA CRM,and analyzed the performance measures from the DoD EA CRM with the performancemeasures of the IT 300 initiatives as shown in Appendix D, DoD IT300 ExhibitsInvestments’ Planned Improvements for 2006 to the Actual Results for 2007. Integrationof EA measures with other processes such as the Systems Development Lifecycle(http://akss.dau.mil/dag/) and Information Resources Management (DoD IRM Plan)have also occurred. The DoD performance measurement process is documented in theDoD - Blueprint for Establishing Risk-based Governance of IT investments. These twodocuments are posted on core.gov.The Defense Acquisition Guidance states the goal of establishing outcome-basedperformance measures and that the performance measurement indicators andprocesses are monitored measured and updated as they progress through theacquisition milestone lifecycle.12Further, performance measurement indicators andprocesses are monitored, measured, and updated on a regular basis; the results ofwhich can be seen in the DoD Performance and Accountability Report. SummaryService, Agency, and Component Commander strategic visions and architectures arebeing developed in consonance with, and as extensions to, the GIG Architecture and inaccord with their Title 10 responsibilities are supporting DoD mission area managersdevelop their extensions to the GIG Architecture. The Department’s vision, architectureand supporting elements and policies are providing the unifying thread for each Serviceand Mission Area. Building from a common architectural foundation, the systems thatthe Services are acquiring will become part of the GIG as they are developed anddelivered. This enterprise architecture work greatly increases our nation’s ability to conducteffective, responsive operations. Our capabilities are being strongly enhanced becauseof major improvements in situational awareness, Joint Force interoperability, reductionsin operational cycle times, ability to dynamically and continuously plan operations, abilityto perform effects-based

operations, and ability to rapidly adapt to battlefield conditions. 12 Defense Acquisition GuidebookPage 4742 Section 4. Target Capability View This section describes the GIG Architectural Vision, the vision for the DoD “target”architecture for the Net-Centric Environment (NCE). This is updated from the GIGCapstone description in the DoD EA Transition Strategy 2007. Section 4 Contents: ▪ Introduction ▪ Overview of the Target GIG ▪ The Operational Benefits of Achieving the Target GIG IntroductionA major element of DoD transition planning is the progress toward the target GIG. Asummarized version of the GIG Architectural Vision will be described in this section ofthe DoD EA Transition Strategy. The target GIG vision is for an agile, responsive, and unified GIG that enables theDepartment to fully leverage the power of information and collaboration across theEnterprise to the forward edge of the battlespace. The GIG Architectural Vision, V.1.0,of June 2007 describes the target GIG in a short, high level, understandable way. Thisversion of the GIG Architectural Vision describes a target GIG that is not static but onethat is characterized by its ability to rapidly and effectively incorporate operational,systems, and technical change. Through the development of a series of time-phasedGIG Capability Increments, today’s GIG will evolve towards the target GIG described inthis Vision. The articulation of capability increments and spirals in an evolutionary cyclewill combine with the GIG Architectural Vision and other architecture resources, such asthe DoD Architecture Registry System (DARS), DoD IT Standards Registry (DISR), DoDIT Portfolio Repository (DITPR), and OMB’s Select and Native Programming Data InputSystem- IT (SNaP-IT), to comprise and document the DoD “target” architecture. The GIG Architectural Vision is a critical document for DoD executives and managers touse as a high-level target capability view for developing their individual transitionstrategies. The GIG Architectural Vision e will provide the framework for implementingthe overall DoD EA Transition Strategy in an evolutionary manner. For purposes of describing the target capability view in this document, this sectionextracts from and summarizes the GIG Architectural Vision v1.0, 27 June 2007,particularly in how it relates to the DoD EA Transition Strategy. The GIG ArchitecturalVision can also be found at http://www.defenselink.mil/cio-nii/docs/GIGArchVision.pdfPage 4843 GIG Architectural Vision Introduction The centerpiece of today's Defense transformation to net-centric operations (NCO) is tobecome more agile in response to the security challenges of the 21st century. Greaterlevels of agility are achieved by leveraging the power of information. The GIGArchitectural Vision is key to creating the information sharing environment and will becritical to transformation to NCO.Part of this transformation to the future GIG will be the way the GIG supports theexchange and management of information and services. The future GIG will enablevisibility, accessibility, sharing, and understanding of all information and services amongall DoD users, as well as mission partners through well-defined interfaces. A keyelement of the future GIG will be its ability to extend that visibility, accessibility, andsharing to unanticipated users. The future GIG will provide mission assurance; that is,both information sharing and information assurance on trusted, interoperable networks. As a result, the GIG will support and enable highly responsive, agile, adaptable, andinformation-centric operations characterized by: ▪ An increased ability to share information ▪ Greatly expanded sources and forms of information and related expertise tosupport rapid, collaborative decisionmaking ▪ Highly flexible, dynamic, and interoperable communications, computing, andinformation infrastructures that are responsive to rapidly changing operationalneeds ▪ Assurance and trust that the right information to accomplish assigned tasks isavailable when and where needed, that the information is correct, and that theinfrastructure is available and protectedAdvances in technology and corresponding innovations in operational concepts andoperating practices provide improved information capabilities. These improvedinformation capabilities are the foundation for evolving the current GIG to the target GIG– a dynamic, agile, and robust GIG that meets or exceeds the information requirementsof the Department by enabling information and decision superiority. Figure 6 shows all components of the GIG Architecture and the relationship amongthose components. The DoD

Architecture Baseline describes the current DoDenvironment and the existing GIG capabilities that support operations in today’senvironment. The DoD Transition Strategy includes an Enterprise-level transition planbuilt from Mission Area, Joint Capability Area, and DoD Component portfolio transitionplans and GIG Capability Increments. The GIG Capability Increments describe future,required operational (warfighting, business, and Defense intelligence) capabilities andthe GIG capabilities required to support them. GIG Capability Increments are time-phased as determined by functional owners and GIG capability developers.Page 4944DoDTransitionStrategyDoDObjectiveArchitecture A descriptionof futurecapabilities andenvironmentA sequencing plan thatestablishes timelines forcapability delivery Enterprise -LevelTransition Plan (The Plan to achieve GIGCapability Increments) GIGCapability IncrementsPortfolioTransition Plans Portfolio Management and its interaction with JCIDS, PPBE, and DASGIG Governance and Configuration ManagementEnterprise -Wide Systems Engineering (GIG Enterprise Engineering) DoD Transition ProcessesDoDArchitectureBaseline A descriptionof currentcapabilities andenvironment FederatedArchitectureBaseline * Constructed from architecturesand architecture data developedby Mission Area, Joint Capability,and DoD Component Portfolios,and other technical data. Alignedwith the DoD EA ReferenceModels (BRM, SRM, DRM, TRM,PRM). * GIGArchitecturalVision NCOWReference ModelNet-CentricStrategies Figure 6 – The GIG Architecture (The DoD Enterprise Architecture)The GIG Architectural Vision, in combination with other, more detailed descriptions(Net-Centric Operations and Warfare (NCOW) Reference Model and the net-centricstrategies), provides the focus for the development of the GIG Capability Increments.Figure 7 illustrates this concept (with notional dates). GIGArchitectureBaseline GIGArchitecturalVision GIGCapabilityIncrement 1GIGCapabilityIncrement 2GIGCapabilityIncrement 3GIGCapabilityIncrement 4 201020122016Today Time -Phased Measurable and Achievable“To-Be” StateTarget GIG Figure 7 – Transition from GIG Architecture Baseline to GIG Architectural VisionThe GIG Architecture is described through a set of artifacts that document operationalactivities, information flows, data requirements, services and applications, ITinfrastructure, and technical standards.The GIG Architecture, which is the DoD Enterprise Architecture, is achieved through afederated approach to ensure an integrated, coherent transition to the target GIGthrough time-phased incremental capabilities. This federated approach applies to thedevelopment of architectures at the Department, Mission Area, Component andPage 5045 Program levels. The GIG Architecture description provides the detailed informationneeded to both capture the baseline and define the target envisioned in this document. The GIG Architectural Vision was developed using various DoD documents as itsfoundation. These documents also serve as the foundation for the DoD EA TransitionStrategy. The GIG Architectural Vision complements the GIG Technical Foundationwith an integrated overview across the multiple modules of the foundation - fromoperational to technical. The Target GIG Overview of the Target GIGThe target GIG allows all DoD users13 (and their external mission partners14) to find andshare the information they need, when they need it, in a form they can understand, use,and act on with confidence; and protects information from those who should not have it. GIG capabilities are effectively aligned to enable a dynamic and responsive end-to-endoperational environment, (1) where information is available (2) the means to produce,exchange, and use information are assured and protected; and (3) where resourcessuch as bandwidth, spectrum, and computing power are dynamically allocated based onmission requirements and implemented through the use of precedence, priority andresource allocation techniques. The Operational Benefits of Achieving the Target GIGSome examples of the operational benefits this information sharing environmentprovides include: ▪ Increased Shared Situational Awareness and Understanding on the battlefield, inbusiness processes, and intelligence operations through near–real-timeinformation sharing and collaboration. Users can relate the information to theirparticular situations

and perspectives; draw common conclusions; makecompatible decisions; and take appropriate action related to the overall situation. ▪ Increased Speed of Command through the real-time availability of qualityinformation for decision making and the ability to rapidly and effectivelydisseminate direction including the Commander’s intent. 13 DoD users include information providers and (anticipated/unanticipated) information consumers, whether fixed or on the move, deployed or at fixed installation, human or software/hardware. 14 Mission partners generally participate through a secure gateway. These gateways permit members to be authenticated, produce and consume information services, and collaborate. However, the GIG andassociated services also must allow unclassified information to be exchanged with uncleared civil-military partners outside the boundaries of the DoD Enterprise.Page 5146▪ Greater Lethality results from the real-time availability of trusted, reliableinformation at widely dispersed locations with different classification levels,improved command and control, and enhanced collaboration. ▪ Greater control of Tempo of Operations by depending on networked environment(and global reach) to support dynamic planning and redirection. ▪ Increased Survivability through improved situational awareness. ▪ Streamlined Combat Support by providing users access to the latest, mostaccurate, most relevant information (e.g., re-supply order status and tracking). ▪ Effective Self-Synchronization through shared situational awareness,collaboration, and understanding of the Commander’s intent. ▪ Effective Self-Organization of support organizations through shared situationalawareness and collaboration, including understanding of the warfighter’schanging and present needs. ▪ Increased Agility & Efficiencies across DoD business operations throughinteroperability of business systems/applications and establishment of commonbusiness services, where appropriate. Over time, the dramatically improved information capabilities, provided by the targetGIG, enable new concepts of operations, new tactics, and new processes/procedures insupport of warfighting, business, and Defense intelligence missions and operations.Page 5247 Operational Vision of the Target GIG This section examines the target GIG from the operational perspective of the users whocan be information consumers, information producers or providers, managers oroperators of the GIG.As shown in Figure 8, the target GIG supports a wide variety of DoD human andautomated information consumers and providers, as well as their mission partners whoaccess the GIG through secure gateways. Figure 8 – The GIG and Net-Centric OperationsFrom a user perspective, access to and use of the target GIG is natural, seamless,persistent, secure and reliable (even under attack) and provides transport, computingand information services at all classification levels. Figure 9 illustrates information sharing in the target GIG from the perspective of thoseexecuting warfighting, business, or intelligence missions. All DoD and Mission PartnerGIG users (depicted in the lower part of the figure), with the appropriate authority andtrust level, are reliably interconnected to enable them to produce and discoverPage 5348 shareable information and services (depicted in the upper part of the figure). Access toshared information and services are not restricted by chain of command, location, ornetwork limitations.Figure 9 – Information Sharing Within the Target GIGInformation is the key commodity in the target GIG, and vast amounts of data areavailable in near-real time to information consumers. Sharing information is enhancedthrough a set of automated activities and capabilities and by the formation of ad hocCommunities of Interest (COIs) focused on sharing information for specific jointmissions/tasks. Finally, users explicitly trust the availability, authenticity, confidentiality,non-repudiation, integrity, and survivability of the information, assets, and services ofthe assured target GIG.Page 5449 Systems Vision of the Target GIG This section describes the system functionality that enables the information-centric GIGdiscussed in Section 3. As depicted in Figure 10, the systems vision of the

target GIGis characterized by two major functional components (infrastructure and the mission-specific applications, services and information) that are operated and defended byNetOps to support user needs. Figure 10 – System Vision of the Target GIGThe heterogeneous GIG infrastructure, globally unified through federation, enablesusers, including mission partners, to agily transport, store, find, access, process, andsecure information across the Department. The communications, computing, CoreEnterprise Services (CES), and IA infrastructures of the target GIG are included in theassociated domains of the Enterprise Information Environment (EIE) Mission Area(EIEMA) portfolio.Page 5550 All the major elements of the target GIG in Figure 6 may be reviewed in detail in theGIG Architectural Vision at http://www.defenselink.mil/cio-nii/docs/GIGArchVision.pdf. The IP-based communications infrastructure is particularly related to the target GIG andis therefore a major element of the DoD EA Transition Strategy. As depicted in Figure11, an IP-based network15 infrastructure is the foundation of end-to-end interoperabilityin the target GIG. All types of information such as telephony, multimedia services,video, and data are converged over this universal network.16Figure 11 – GIG Internetworking Convergence LayerUnderlying this internetworking convergence layer, all types of DoD-relevant physicaltransport media and technologies are supported. For instance, this includes coppercable, optic-fiber cable, SATCOM, and tactical wireless (RF and optical). This enables adeployed tactical user to collaborate in real time (without a priori communicationsplanning) with an intelligence analyst in CONUS through mobile ad hoc networks,theater networks, SATCOM, and terrestrial fiber networks (all on a transaction-based,variable trust level).The IP-based communications infrastructure includes terrestrial, space based, airborne,and wireless segments, instantiated in several key DoD communications programs. Figure 12 depicts the interconnected nature of these segments in the GIG for DoDusers (connections to mission partners are not depicted). 15 Also referred to as “IPv6 and beyond” to reflect the communications capabilities needed to support the target GIG. 16 Gateways may still exist between converged IP and tactical environments.Page 5651 Figure 12 – GIG Communications InfrastructurePage 5752 Technical Vision of the Target GIG The technical vision of the target GIG identifies a set of complex technologies17 that arecritical to achieving the system functionality of the target GIG described in the previoussection. This section identifies key technologies that enable the functions, systems andservices in the target GIG. The relationships among evolving technologies, systemsolutions, and operational needs are clearly understood and managed in the target GIG.Key target GIG technologies include: ▪ IPv618 technologies (and beyond) that support an assured, reliable, end-to-end,scalable, and survivable mesh transport infrastructure. ▪ SOA Infrastructure technologies that provide the tools, capabilities, processes,and methodologies to deploy an SOA-enabled DoD enterprise. ▪ Mobile Ad-hoc NETworks (MANETs) and sensor technologies that support thebuilding of ubiquitous, assured, and agile tactical networks that are federatedwith the non-tactical domains of the target GIG. Mobile and sensor technologiesenable (1) users, appliances, intelligent agents, and other edge devices, wired orwireless; (2) universal access; and (3) exchange of video, voice, and datainformation of any kind, from anywhere. These networks are self-healing andallow for reconfiguration around failed nodes. ▪ Human computer interaction (HCI) technologies that (1) address methodologies,processes, and techniques for designing, implementing, and evaluating humancomputer interfaces, and (2) provide descriptive and predictive models andtheories of interaction. The long-term goal of HCI is to design systems thatminimize the barrier between the human's cognitive model of what they want toaccomplish and the computer's understanding of the human's task. ▪ Semantic Web technologies that enable user agents to process and sharemetadata-tagged, actionable information. This includes the automated metadatatagging and discovery technologies that support information sharing. ▪ Ubiquitous RFID tagging for tracking of products, components, and humansthroughout the target GIG. As with any GIG

capability, the extent that tracking ofhumans is allowed is governed by law and DoD policy. ▪ Very large scale data storage, delivery, and transmission technologies thatsupport the need to index and retain streaming video and other informationcoming from the expanding array of theater airborne and other sensor networks. The target GIG supports capacities exceeding exabytes (1018 bytes) and possiblyyottabytes (1024 bytes) of data. ▪ High performance computing technologies that will enable the full implementationof Grid computing and services. 17 The target GIG will incorporate these technologies via the associated set of technical, open standards. 18 IPv6 (Internet Protocol version 6) represents a large set of advanced internetworking capabilities that will mature in the target GIG timeframe. IP will require more advanced mesh technologies to reach thereliability expected in the target GIG.Page 5853▪ Grid computing technologies that provide support and manage an assuredfederation of heterogeneous computing, storage, and communications assetsavailable from the GIG infrastructure, and managed as Grid Services by NetOps. The physical characteristics of grid services are generally transparent to usersand applications. Grid services provide the necessary qualities of service andprotection to enhance NCO. Grid services enable the sharing of these assetsacross DoD administrative, organization, and geographic boundaries. ▪ Agent technologies provide autonomous support throughout the Net-CentricEnvironment (e.g., in applications for disconnected users, tactical users, andenterprise management). ▪ IA technologies that enable transaction-based access control, informationsharing across security domains, protection of information and resources, andmaintenance of Situational Awareness in the target GIG. ▪ Black core enabling technologies that support end-to-end protection ofinformation exchanged among users and services located anywhere in the targetGIG. The ‘core communications infrastructure’ of the GIG is the set of diversenetworks and connections owned and managed by different DoD services andorganizations. A black core is a set of core components where all data trafficmoving among these components is encrypted end-to-end. A black core thatextends out to the tactical environment to include user networks and devices willsupport mobility, security, and survivability in the target GIG.19Black coreenabling technologies will address, for example, scaleable routing, quality ofservice, and discovery capabilities that will be provided in the target GIG. Blackcore supports the evolution of the GIG from a system-high perimeter protectionmodel to a transaction-based Enterprise IA protection model. Figure 13 providesa conceptual view of an end-to-end GIG with a black core. ▪ Digital Policy Enabling Technologies. In the target GIG, operational activities,system and service functions, and resources such as applications, services, andnetworks, are governed by automated rules derived from DoD policy. Automatedrules are structured as conditions and actions for managing activities andresources in the context of specific realms such as mission areas, domains,cross-domains, and COIs. An example of a current digital policy-based capabilityis a network management application that dynamically manages IP addressesand QoS at the network level. An example of an emerging digital policy-basedtechnology is Directory Enabled Networking (DEN) which implements policy-based networking to automate the control of large, complex networks. 19 A. De Simone, J. Tarr, "Defining the GIG Core", draft-gig-defining-the-core-desimone-tarr-051030.pdf, October 2005, www.ietf.org.Page 5954 Figure 13 – Conceptual View of an E2E GIG with a Black CoreThe complex target technologies identified above contain both sustaining and disruptivecomponents. As the Department has effectively integrated the benefits of disruptivetechnologies such as the World Wide Web, it will also effectively integrate the benefitsof the disruptive components of these target technologies in the future. Technologies will continue to increase in complexity. Innovations will occur with greaterfrequency and be adopted in shorter time frames. Continued Department-wide earlyvalue determination and adoption of technologies, along with the co-evolution oftechnologies and operational capabilities, is essential for evolution to the target GIG. The next section discusses the transformation necessary for achieving the

target GIGand beyond.Page 6055 Achieving the Target GIG The federated DoD Enterprise Architecture (EA) is a key element in achieving thistransition. This approach provides an enterprise-wide common lexicon to support thenumerous decisions related to strategy and IT investments needed for success. Thefederated DoD EA exists as a set of architectures that are linked and aligned viamission, function, and domain taxonomies from the DoD Reference Models (RMs).Individual contents are accessible, visible, and understandable to DoD process decisionmakers, including those operating and defending the GIG. The DoD EA provides thesingle source for descriptions of operational processes, GIG Capability Increments, andcurrent and planned IT investments to realize those Increments. It also provides theanalytical data source for investment decisions. Enforcement, through architecturegovernance and existing processes, is the key to success. The vision for architectingthe target GIG is a federated architecture approach. Figure 14 is a notional example ofarchitecture artifact distribution throughout the federated architecture. See Figure 3 inCurrent Status, Federation Strategy section for depiction of current DoD EnterpriseArchitecture. Figure 14 – GIG Federated Architecture Approach (Notional)Page 6156 This federated architecture approach is described in more detail in the GIG Architecture Federation Strategy V1.2, 01 August 2007. This approach provides a framework for enterprise architecture development, maintenance and use that aligns, locates, andlinks disparate architectures and architecture information via information exchangestandards to deliver a seamless outward appearance to users. A FederatedArchitecture aligns activities, services, systems, and infrastructure with federationstandard taxonomies. They also conform to a common context established by rule setsor mappable standards across autonomous Mission Areas, DoD Components, andPrograms, thereby minimizing the uniqueness among these autonomous elements. GIG federation across all DoD Components and with mission partners is critical toachieve a collaborative information sharing capability. This capability must support allphases of conflict, as well as humanitarian assistance and disaster relief. In the targetGIG, policies and processes to support this federation – and the ability to dynamicallyestablish appropriate organizational relationships – are in place. Some processes (e.g.,Certification and Accreditation, Configuration Management) evolve to better reflect theintegrated nature of this target GIG. Information for emerging and existing GIGcapabilities will be available and shared through enterprise-wide implementation of theDoD Net-Centric Data Strategy (in concert with the architectural approach justdiscussed). Finally, realization of the operational benefits of the target GIG in enabling NCOrequires the development and implementation of new concepts of operations, tactics,business processes, and organizational changes for the Department. Training andexperimentation are critical in identifying and validating the benefits and risks ofinformation sharing, as well as its impact on NCO.Page 6257 Section 5. DoD EA Transition Strategy Concept andComponents This section includes the what, why, and how as well as the elements of the DoD EATransition Strategy.Section 5 Contents: ▪ Introduction ▪ DoD Transition Strategy ComponentsIntroductionThe DoD strategy for migrating from its “baseline” architecture to its next “target”architecture is to create an NCE as described by the GIG Architectural Vision and otherrelated DoD resources and to evolve the NCE as information and informationtechnology management changes. A graphical description of the “baseline” to the “target” architecture is shown in Figure15. Figure 15 – GIG Architecture v1.0, Transition Architectures (GIG v2.0, netcentricity, and SOA) and the “Target” Architecture (as described by the GIGArchitectural Vision)The IT Lifecycle Framework is comprised of three phases – Architecture, Investment,and Implementation – which extend across the entire IT lifecycle. Figure 16 shows howthe DoD EA Transition Strategy fits into the IT Lifecycle Framework.Page 6358 Figure 16 – DoD EA Transition Strategy in the IT Lifecycle FrameworkThe DoD EA Transition

Strategy addresses the multi-year timeframe for which theDepartment’s “target” architecture is defined. The detail and completeness of the GIGArchitecture v1.0 was at the level necessary for it to serve as the starting point for thistransition strategy. Also, both the “baseline” EA, (GIG Architecture v1.0) and theprevious “target” EA (GIG Architecture v2.0) have already been documented in the DoDArchitecture Repository (DARS). DARS includes content retrieved from those sourcesor from Mission Area Architectures as part of the federated GIG Architecture, which isthe Department's EA.As the Department progresses toward its “target” architecture and the GIG ArchitecturalVision, it will be able to express that “target” in the form of GIG Capability Increments.Periodically, the DoD EA Transition Strategy will be updated to reflect progress throughvarious interim targets toward the “target” described by the GIG Architectural Vision andexpressed in Capability Increments. The DoD EA Transition Strategy is comprised of content extracted from the federatedGIG Architecture as described in Section 3 and the GIG Architectural Vision and relatedNet-Centric artifacts as described in Section 4. DoD EA Transition Strategy ComponentsThe FEA Practice Guidance and the OMB EA Assessment 2.2 describes thecomponents of an effective EA transition strategy. The DoD Transition Strategyincludes links to the following components from the Framework as part of the analysiseffort: ▪ Redundancy and Gap Analysis. The purpose of performing redundancy and gapanalysis is to identify opportunities for consolidation or reuse in the “baseline”architecture and to identify gaps between the “baseline” and “target”architectures. ▪ Defined Programs and Projects. The projects and programs used in the analysisare the major DoD IT 300 Exhibits presented to the White House in thePage 6459 President’s budget. Programs and projects analyzed in this section provide thelink between EA and the investment management process. For the purposes ofthis section, a program is shown at the level of an IT 300 Exhibit. Each showaccurate dependencies on produced or consumed Net-Centric capabilities. ▪ Enterprise Sequencing Plan. The enterprise sequencing plan provides anorganization-wide view of programs and projects across the Department at thelevel of the Department’s IT portfolio, as reported in the President’s budget, andgives leadership the visibility to use the EA for organization-wide planning. TheEnterprise Sequencing Plan analysis enables high-level impact assessment ofinvestment decisions and programmatic changes on the overall plans for movingtoward the target decisions and programmatic changes. The effects of thosechanges on other projects and programs can be identified and dealt with asneeded. A conceptual enterprise sequencing plan is shown in Figure 17, and thekey elements of the sequencing plan are defined below. Figure 17 - Conceptual Enterprise Sequencing Plan ▪ Linkage to the investment portfolio. A primary output from the agency EATransition Strategy is a proposed IT investment portfolio that can be traced backto a business-approved architectural portfolio. Once projects and programs arearchitected, agency planners should use these projects as proposed investmentsto the investment management process (i.e. Select Process). The EA TransitionStrategy should include clear linkage between proposed investments andinitiatives identified in the business-approved architecture. ▪ Impact Assessment and Performance. The programs identified in the TransitionStrategy should be linked to specific program performance metrics. Coupled withthe dependency relationships in the sequencing plan, this provides the ability toassess the performance impact of changes across programs. For example, oneprogram has its budget modified – the dependency between this program andPage 6560 another program shows the impact this budget adjustment will have on the abilityof the second program to meet a planned performance objective.As the Transition Strategy is updated each year, the success in achieving performancemilestones will be assessed against the previous year’s plan.Page 6661 Section 6. DoD EA Transition Strategy Analysis This section includes an analysis of Mini-Transition Strategies, Net-Centric MaturityModels, and performance information. The 65 DoD Component IT300 initiatives wereused as a sample set to represent DoD transition planning. Section 6

Contents: ▪ Introduction ▪ Compiled Answers to DoD EA Transition Strategy Questions ▪ Performance Information Analysis That Supports DoD EA Transition Planning ▪ Analysis of Strategic Goals Linked to InvestmentsIntroductionThis section further contains information and analyses that contribute to the content ofthe DoD EA Transition Strategy as well as meet the criteria for several areas of theOMB EA Assessment. The approach to development of the Strategy sets amethodology in place for future transition strategy development. For the purpose of this analysis, projects, programs, timelines, and milestones formodernization and transformation activities identified by the DoD IT300 Exhibitinvestments that serve as a sample set, were collected, compiled, reviewed, andanalyzed. The information was collected by way of the IT300 Exhibit content and the Mini-Transition Strategy input, including the Net-Centric Maturity Model (NCMM). Guidancefor developing the transition strategies was provided in the Mini-Transition Strategy Guidance sent to all the investment managers. The Guidance includes a set of questions that relate to overall transition planning and the level of maturity of net-centricdata and services attributes. The set of questions align with criteria in the OMB EAAssessment 2.2 in addition to meeting the criteria recommended for development of atransition strategy in the FEA Practice Guidance. The answers to the questions, inconjunction with IT300 Exhibit input from this sample set, were used as a basis for theanalysis of transition planning, net-centric sequencing planning, and performanceinformation and as a foundation for an overall DoD EA Transition Strategy. Thiscompilation of information is the first step in an evolutionary process to develop atransition strategy for an organization as complex and diverse as the Department ofDefense. The individual Mini-Transition Strategies are listed in Appendix B with links to eachstrategy. The 2008 Army EA Transition Strategy is at Appendix F. The Department ofthe Navy (DON) Transition Planning document is at Appendix G.Page 6762 Compiled Answers to DoD EA Transition Strategy Questions As part of the Mini-Transition Strategy Guidance, a sample set of IT300 Exhibitinvestments completed a series of questions designed to represent DoD transitionplanning. Of the total of 65 investments, a total of 54 investments completed thequestions; the Army CIO G-6 and the DON also submitted separate papers describingtheir transition planning from the portfolio perspective. The information was compiled,reviewed and analyzed to excerpt general observations and specific instances torepresent a picture of transition status for the sample set of investments. The followingdescribes the type of information collected and an analysis and general observationsabout the information. Transition Strategy Overview. Description of investment’s or GIG enabling program’sSequencing Plan in the context of the DoD Baseline Architecture (“As-Is”) and theTarget Architecture (To-Be”) architecture. Use graphics to present the timelines andsequencing plans. The overview and enterprise sequencing plans are unique to each investment. All ofthe investments that responded described their own sequencing plans in the Mini-Transition Strategies. Some of the investments describe their enterprise sequencingplans in terms of a capability roadmap, project plan, or implementation plan. See eachMini-Transition Strategy for details on sequencing plans or equivalent. See Appendix Fand G for the 2008 Army and DoN overviews and links. Status of IT300 Exhibit Investment. Phase of the acquisition process and/or JCIDS(ICD, CDD, CPD, IOC/Milestone A/B/C, etc.)The current milestone/phase is important. Net-Centric Checklist assessments includethe status of planning and implementation of data and services attributes and arecompleted in conjunction with the milestones. The current milestone reflects the level ofnet-centricity and acquisition documents provide the artifacts for evidence. The analysisshows that the majority of the investments are either at Milestone C or in thedeployment or sustainment phase. Several investments are in multiple stagesdepending on the number of projects within the investment. The length of time theinvestments have been in the deployment/sustainment phase likely explains why somemay not include the same level of net-centric implementation as newer investments. Location of Artifacts. Location of your acquisition process artifacts (URL, documents).All of the IT300 Exhibit investments have posted their artifacts online. Most of them areavailable for

public access; several require permissions from the investment managers. See the individual Mini-Transition Strategies for locations of their documents.Page 6863 Joint Capability Areas (JCA). JCA(s) supported.Of the IT300 Exhibits in this sample set, all of the Tier 1 JCAs were represented. EachIT300 Exhibit investment link to the JCAs; therefore the IT300 Exhibit investment linksto DoD capabilities and strategic goals. Appendix E, Chart of DoD IT300 ExhibitsInvestments’ Mission Area, Domain, LOB to DoD Strategic Goals, further shows thealignment of strategic goals, mission areas, and domains with investments. Risks. Effects and impacts the investment or GIG enabling program has on netcentricity and adverse impacts on the DoD Net Centric Enterprise if the program orinvestment is cut, delayed or otherwise not executed according to plan.Twelve investments reported a variety of risks if the program were cut or delayed,ranging from loss of support to the warfighter to specific risks to otherinvestments/programs. Some examples include: ▪ Defense Information System network (DISN): risks to communications transportcapability; ▪ Enterprise Information Decision Support (EIDS) investment: risks to medical anddental readiness and medical surveillance ▪ Defense Message System (DMS): risk to secure, accountable, and interoperableexchange of information ▪ Global Combat Support System (GCCS)-COCOM-JTF: risk to continuouslyavailable data in a secure environment ▪ Navy and Marine Corps Intranet (NMCI): risk to Continuity of operations (COOP)and disaster recovery in addition to IT support to Navy and Marine Corpswarfighter and business functions ▪ Public Key Infrastructure (PKI): risk to authenticated and higher assurancecredentials for DoD electronic transactionsDependencies. Dependencies on Net-centric Enabling Capabilities to accomplish yourmajor outcomes (computing and communications, enterprise services.. As may be expected, Enabling Programs are reported as critical dependencies to manyof the other investments. Transport and net-centric services, specifically NCES, werenoted most often. Managers of investments need concrete information in regard totimelines and capability increments for implementation of the Enabling Programcapabilities in order to set dates for implementing their own capability increments andtherefore be able to develop their own accurate transition and sequencing plans. Asubstantive number of investments have dependencies internal to their program orrelated programs. Each investment transition strategy in Appendix B includes a sectionon dependencies where specific dependencies are discussed.Page 6964 COI Dependencies. COIs dependent upon for net-centric enabling capabilities and anyrisks related to these dependencies.Most of the respondents to this question indicated similar dependencies as listed in theDependencies question, many of the COI dependencies are within their own programsor Components. A comment from several investments was that risks related to COIdependencies are associated with ability to apply sufficient resources to maintain COIinvolvement.Milestone Alignment. Milestones are aligned with those of related programs.A majority of the respondents indicated that their milestones are aligned with those ofrelated programs.Larger programs reported that they may not know all thedependencies on their program or changes to other programs may be invisible to them. Performance Improvement./Achievement of Performance Milestones. Costreduction and performance improvement goals, including interim performancemilestones. Milestones were/were not achieved from the previous year’s (2006) IT300Performance Information Table or were completed later than originally scheduled.Performance improvement was measured by an analysis of the IT300 Exhibit input inthe Performance Information Table for Planned Improvements for 2006 to the ActualResults for 2007. This analysis is presented in the Performance Information Analysisbelow and in Appendix D. Additionally, the responses in the Mini-Transition Strategies reflected that mostinvestments did achieve their scheduled performance results. Many of the respondentsindicated that they were not required to set performance results for 2007; therefore theywere not liable to report results for this cycle. Note: the analysis of the Mini-Transition Strategies reflects the information receivedfrom those investments who responded to the questions. The IT300 Exhibit analysiswas directly taken from the Performance

Information Table in the IT300. There aredifferences in the results because of the different sources of the information. Net-Centric Maturity ModelThis analysis was based on the results of the information reported by the investments inthe Net-Centric Maturity Model (NCMM) Analysis. Guidance to complete the NCMM isin the Mini-Transition Strategy Guidance. Appendix C contains two embedded NCMMspreadsheets, one with the data collected from the investments and the other with thecompiled results, as well as additional graphics derived from the data. The NCMM measures the data and services attributes as described in the Net-CentricData and Services Strategies. Each investment must note the date (year and quarter)of implementation, the level of net-centric maturity based on defined levels provided inthe Guidance, and artifacts, such as current phase acquisition documents; net-centricPage 7065 assessments; planning and program documents; registries; and other similardocumentation. Information on the planned use of the DoD Metadata and NCESServices Registries; contact information for Program Managers, Transition Strategypreparers, and Mission Area Managers, are also included in the NCMM. Six of theArmy investments completed the NCMM because they completed net-centricassessments in accordance with their acquisition phase. The analysis of the NCMM shows that most investments have implemented the level ofnet-centricity necessary for the milestone/phase required by their acquisition process. The planned implementation ties to the unique schedules and requirements of eachinvestment. The level of Net-Centricity achieved is planned to be progressively higherover the next few years with most data and service capabilities coming online betweenQuarter 4, Fiscal Year (FY) 2007 and Quarter 4, FY 2010. The data and servicesattributes are roughly on the same schedule per investment. Additional observationsinclude the following: ▪ A Component with a significant number of programs reported that some of itsprograms not documented via the IT Exhibit 300 process have achieved a levelof Net-Centricity. ▪ Because the need for net-centric capabilities is recognized, some newprograms/investments include a net-centric integration framework to concurwith the Net-Centric Data Strategy. For example, the Deployable JointCommand and Control (DJC2) System program was “born Net-Centric” in themidst of evolving Net-Centric requirements. Figure 18 shows the timeline of net-centric attribute planning/implementation for thesample set. The horizontal bars indicate the quarter and fiscal year of implementationfor the net-centric data and services attributes as the investments move from Quarter 4FY02 through FY12. For more detailed data for the quarter and fiscal year for eachinvestment, see the NCMM Analysis spreadsheet in Appendix C,Page 7166 Netcentric Progress By FY Quarter05101520253035Q4 FY02Q1 FY06Q4 FY07Q3 FY08Q4 FY09Q4 FY11 No. Investments Netcentric Progress By FY Quarter05101520253035Q4 FY02Q1 FY06Q4 FY07Q3 FY08Q4 FY09Q4 FY11 No. Investments Figure 18 – Net-Centric Progress by FY and Quarter for DoD IT 300 ExhibitInvestments The results provide some insight into the general progress toward the targetenvironment. Figure 19 shows the levels of net-centricity as of FY07. Of the 60% thatresponded, approximately 50% are at Level 3. A description of Level 3 follows: Level 3 – Defined: Structured approach to net-centricity“To Be” vision is being promoted via policies, procedures, broadening set of DoDcompliant standards, and identification of common problems. Re-engineering projectsand pilots are being conducted to identify and foster improvements. There areperformance metrics for selected programs only. Redundancy reduced data is availablecentrally with developed and enforced metadata and equally shared managementresponsibilities. Data has documented structural and semantic meaning such that anypotential customer can comprehend and determine how to utilize reliably. Metadata iscompletely developed. Internal components are mapped to well-defined externalinterfaces. Unique Web Services built utilizing DoD standards. Estimates of Serviceusage have been developed. Continuity of Operations Plan has been considered. Offered service dependencies have been determined. Protocols and standards todisseminate service management information considered.Page 72

67 Respondent Netcentric Status2% 4%31%48%7%8%Level 0Level 1Level 2Level 3Level 4Level 5 Figure 19 – DoD IT Investments’ Net-Centric Status The results show that there is significant progress from the “as is” to the near term net-centric target as the Department transitions to its target capabilities of 2025. As thetarget capabilities evolve, attributes to the analysis in future cycles will further detail andclarify the transition to the Net-Centric environment and guide managers in theirdevelopment of transition plans that will then contribute to refinements of the DoD EATransition Strategy. Milestones Consistent with Project Plans. Milestones for net-centricity in yourTransition Strategy/Sequencing Plan consistent with those identified in business casesand project plans for investments.Twelve respondents answered yes to this question; sixteen did not answer the question. Analysis is that the investments in the latter group may not document the milestone-to-project plan consistency or that it is inherent in their planning and sequencing plans. Data Assets. Data assets in a shared warehouse or other enterprise resource. Sharedassets with other COIs.The majority of the investments responded Yes on this question, although most datasharing is to internal or external Communities of Interest, including at the Joint andComponent-level. In some cases, data is classified and therefore can only be sharedwith a narrowly-defined set of users.DoD Metadata Registry and NCES Service Registry. Detailed plans to registerstructural metadata in the DoD Metadata Registry and services metadata into theServices Registry.Page 7368 The majority of investments plan to register metadata and services when the capabilityto do so is available, and according to DoD CIO guidance to implement by October2008. Widespread use of the DoD Metadata Registry may depend primarily on theavailability of and knowledge about the mechanics of metadata creation and publishingand the question of how to handle data interdependencies when allinvestments/programs are not yet entering metadata. The Net-Centric Data andServices Strategies are a necessary and desirable step toward information sharing andreuse. Internet Protocol v6. Status, plans, schedules, and implementation of IPv6, and/ordependencies on IPv6 development and implementation by other investments of IPv6 inregard to your investment.Most investments have individual IPv6 implementation plans to migrate from IPv4 toIPv6 and/or IPv6 plans are built-in to their program plans. Most investments report adependence on commercial vendors and some stated the need to await test bed resultsbefore migration is possible. Performance Information Analysis That Supports DoD EA Transition PlanningAppendix D, DoD IT300 Exhibit Investments’ Performance Information Analysisgraphically describes the first two areas of analysis below. Appendix E graphicallydescribes the third analysis.Alignment of DoD Investments to Performance Measurement Groupings The data for the first analysis was derived from the IT300 Exhibit PerformanceInformation Table where the 65 investments identified the Measurement Grouping fromthe FEA CRM as it related to their project. For the purpose of this analysis, only theinput for the Technology Measurement Area was reviewed as the assumption was thatarea would most represent net-centricity. The set of Measurement Groupings that totalmore than ten in the Technology Measurement Area for all 65 investments are asfollows: ▪ Availability: 42 ▪ Functionality: 36 ▪ Reliability: 23 ▪ Interoperability: 15 ▪ External Data Sharing: 13 ▪ Data Standardization or Tagging: 11 ▪ IT Composition: 10Of these groupings, only two of the top six Groupings reflect a net-centric attribute:External Data Sharing and Data Standardization or Tagging. The largest grouping,Availability, continues to represent the traditional system (vs. data); for example, howmany systems are installed at a base and are available to users: 99.9% of systemPage 7469 availability. Similarly Functionality is employed to reflect the traditional systemfunctionality (vs. service),for example, provide Line of Sight communications.Analysis of performance outcomes – “Planned Improvements” for 2006 to “ActualResults” for 2007 (from the IT Exhibit 300 Performance Information Table)For the second analysis, input to the IT300 Performance Information Section wasreviewed and analyzed to determine the level of success from the plannedimprovements that were

identified for 2006 to the actual results noted in 2007. Appendix D contains the results of this analysis. Analysis of Strategic Goals Linked to Investments Graphical representation of the mapping of the investments to the Mission Areas,Domains, and Strategic Goals (from the Exhibit 300s) The graphical representations in Appendix E are an example from the Armyinvestments that align the Strategic Goals with the investment by Mission Area andDomains. This information is available from the DoD EA CRM data derived from SNaP-IT. The benefit of this data is to be able to visualize where the investments fall bymission and domain, what major goals are being realized, and therefore be able to seethe big picture of DoD investment status.SummaryThe analyses show that the Department has defined programs and projects in supportof the NCE, has documented these programs and projects, and has defined the linkagebetween the strategic goals and objectives and the initiatives in the DoD’s FY09 ITPortfolio. The findings from the analysis indicate that there is some degree of Net-Centricity being realized in current IT investments, as represented by 53 of the 65 IT300Exhibits initiatives; however, there is more work to be accomplished in the collectionand analysis of the data. More participation from the IT53 investments in addition to theIT300 investments is needed to better represent net-centric feature of the DoD ITportfolio. Additionally, the information requested from investments for input to the DoDEA Transition Strategy must be tailored to allow for unique investment information aswell as to reflect the comprehensive transition planning that Components aredeveloping for their portfolios. Further, the measurement of net-centric maturity via theMini-Transition Strategies and Net-Centric Maturity Models is based on a sample set. Each investment has unique needs and schedules and therefore there are peaks andvalleys in the development process that are not reflected in the compiled data – theprioritization of development of particular attributes is not reflected in the results.In the case of the NCMM, the uniqueness of each investment’s schedule and missionneeds must be taken into consideration. For example, this type of assessment of net-centric attributes may not be relevant to the investment or the agency portfolio. Theinvestment may be at the beginning of the acquisition process and has not completed anet-centric assessment. Additionally, some Components may have portfolio planning inPage 7570 place which is not broken down by individual investment. Net-centric attributes areoften embedded in other sets of capabilities and cannot be broken out for the purposeof identifying specifics of timelines and evidence. Net-centric attributes that areembedded in broader capabilities are dependent on other investments to provideinfrastructure and so may be difficult to place on an overall timeline. The essence of the NCMM input, however, was to ascertain whether or not use of orprovisioning of net-centric data and service attributes was planned and when; theinvestments’ have provided artifacts to show that this planning and implementation istaking place and is taking place in accordance with the unique needs of eachinvestment. To summarize the performance analysis, it shows that it is valuable to compare plannedimprovements to actual results as stated by the IT300 input. The results of the analysisgive a clear picture of whether investments need to modify activities to meet theirperformance goals.Page 7671 Section 7: DoD EA Transition Strategy Summary The DoD EA Transition Strategy is a critical component of the DoD EnterpriseArchitecture as it describes the overall plan to achieve the “To Be” or target architecture. The FEA Practice Guidance and the DoD Practice Guidance for Federated SegmentArchitecture and Transition Strategy outline the required content for the DoD EATransition Strategy. This DoD EA Transition Strategy 2008 follows the outline of the Guidance and isstructured and populated to trace the EA from the strategic level of the QuadrennialDefense Review (QDR) 2006 goals to the current status and target description, as wellas to include specific sequencing and transition plans for individual IT investments. With this approach, the DoD EA Transition Strategy results in an overall picture of DoDEA and also serves as a view of DoD IT investments’ plans and implementation levelsfor net-centricity and transformation in general. Since the release of DoD EA Strategic Plan 2007,

much progress has been made inpromoting the EA concepts that lead toward the Net-Centric Environment (NCE). TheCurrent Status section describes updates to DoD strategies and policies as well as theevolution of concepts such as capability-based portfolio management and federation. More attention is being focused on performance management – how to identify metricsand how to track planned improvements to actual results for more effective decision-making. The use of the DoD Metadata Registry, the Net-Centric Enterprise ServicesRegistry, the DoD Consolidated Reference Model, Mission Area Segment Architectures,DoD participation in Cross-Agency initiatives, and use of other DoD repositories andprocesses, facilitates the ability to collaborate and reuse data and services across DoD. The Target Capability View section outlines the GIG Architectural Vision. The Visiondescribes DoD operational, technical, and systems target environments and the specificactions to be taken to achieve the goals to effectively support the Warfighter in the NCE. Finally, the transition planning and implementation data from DoD IT investments werecompiled and analyzed for the DoD EA Transition Strategy Analysis section and showthat DoD progress toward the NCE can be measured and reported as a tool formanagement. In addition to measuring the level of maturity for data and servicesattributes in the Net-Centric Maturity Model, the collected and analyzed data alsoprovides a view of the investments' risks and dependencies, alignment with JointCapability Areas, the status of data sharing and Community of Interest participation, andmilestone status, in addition to use of data and services registries. In summary, the DoD EA Transition Strategy documents the "as-is"(current state) and"to-be" (target state) and samples large IT investments’ progress toward realization ofthe GIG Architectural Vision capabilities to enhance DoD's overall mission performance. The DoD EA Transition Strategy then becomes a management tool for driving theprocess of architecting first, investing second and implementing third. The DoD EAPage 7772 Transition Strategy provides the mechanism to repeat this process and track progressannually. The DoD EA program has made much progress in the last year andcontinues to improve strategies, policies, and processes to achieve the goals outlined inthe QDR 2006 and the GIG Architectural Vision.Page 7873 References Note: All documents listed as mandates are available for download fromOMB E-Government website on the following pages:• Legislation: http://www.whitehouse.gov/omb/egov/e-1-legislation.html• OMB Memoranda: http://www.whitehouse.gov/omb/egov/e-3-memoranda.html• Federal Enterprise Architecture: http://www.whitehouse.gov/omb/egov/a-1- fea.html • Federal Transition Framework: http://www.whitehouse.gov/omb/egov/a-2- EAFTF.html DEPARTMENT OF DEFENSEASD/(NII), GIG Architecture Federation Strategy V1.2, 01 August 2007.ASD/(NII) Briefing, NCOE Gap Methodology Quantitative & Qualitative Analysis Follow-up Brief to PA&E, 27 July 2006.AS&C, Large Data Joint Concept Technology Demonstration (JCTD) Program briefing,October 2006.Blueprint for Establishing Risk-based Governance of IT Investments, https://collab.core.gov/CommunityBrowser.aspx?id=7361. Chairman of the Joint Chiefs of Staff Instruction (CJCSI) 3170.01E, Joint CapabilitiesIntegration and Development System, May 11, 2005.CJCSI 6212.01D, Interoperability and Supportability of Information Technology andNational Security. Systems, 8 March 2006, https://acc.dau.mil/CommunityBrowser.aspx?id=123981. CJCSM 3170.01B, Operation of the Joint Capabilities Integration and DevelopmentSystem, May 11, 2005.CJCS Memorandum, Assignment of Warfighting Mission Area (WMA) Responsibilitiesto Support Global Information Grid Enterprise Services (GIG ES), September 8, 2004.Defense Information Systems Agency (DISA), Joint Interoperability Test Command FortHuachuca Arizona, Department of Defense (DoD) Internet Protocol Version 6 GenericTest Plan, Version 3, July 2007. URL:https://www.opengroup.org/gesforum/ipv6/uploads/40/14290/JITC_IPv6_Generic_ Test_Plan.pdf DISA, DoD Metadata Registry and Clearinghouse, https://metadata.dod.mil/mdrPortal/appmanager/mdr/mdr. DISA, PDM III - Implementing the Net-Centric Data Strategy Progress and ComplianceReport,

https://metadata.dod.mil/mdrPortal/appmanager/mdr/mdr.Page 7974 DISA, PEO-GEA, DoD Information Sharing Metadata Efforts, Dr. Glenda Hayes, July2007.Deputy Secretary of Defense (DepSecDef) Memorandum, Information TechnologyPortfolio Management, March 22, 2004.DepSecDef Memorandum, Capability Portfolio Management Test Case Roles,Responsibilities, Authorities, and Approaches, September 14, 2006.Department of Defense (DoD) Continuous Process Improvement Transformation Guidebook, 12 May 2006 DoD, DoD 2007 Enterprise Transition Plan (ETP), Defense Business TransformationOverview, September 2007.DoD Chief Information Officer (CIO), GIG Architectural Vision V1.0, June 2007.DoD CIO Information Assurance Strategic Plan, Version 1.1, January 2004.DoD CIO Information Sharing Strategy, 04 May 2007.DoD CIO Memorandum, Enterprise Information Environment Mission Area (EIEMA)Domain Owner Designations, July 14, 2004.DoD CIO Memorandum, DoD Net-Centric Data Strategy, May 2003, http://www.dod.mil/cio-nii/docs/Net-Centric-Data-Strategy-2003-05-092.pdf. DoD CIO Memorandum DOD Net-Centric Data Strategy: Visibility – Tagging and Advertising Data Assets with Discovery Metadata 24 October 2003 DoD CIO NetOps Strategy, , 14 December 2007.DoD Directive 5000.1, The Defense Acquisition System, Defense AcquisitionGuidebook, May 12, 2003, http://akss.dau.mil/dag; Defense Acquisition Guidebook,Chapter 7 http://akss.dau.mil/dag/DoD5000.asp?view=functional.DoD Directive 7045.14, The Planning, Programming, and Budgeting System (PPBS),May 22, 1984 (Certified Current as of November 21, 2003).DoD Directive 8115.01, Information Technology Portfolio Management, October 10,2005.DoD Directive 8320.2, Data Sharing in a Net-Centric Department of Defense, December2, 2004.DoD 8320.02-G, Guidance for Implementing Net-Centric Data Sharing, April 12, 2006.DoD Instruction 5000.2, Operation of the Defense Acquisition System, May 12, 2003.DoD Instruction 7045.7, Implementation of the Planning, Programming, and BudgetingSystem (PPBS), May 23, 1984.Page 8075 DoD, DoD Enterprise Architecture Reference Model (RM) v.03, May 2004, and v.04,September 2005, http://www.dod.mil/cio-nii/cio/execsummary.shtml.DoD, Internet Protocol Version 6 Transition Plan v2.0, June 2006.DoD CIO Net-Centric Checklist, https://acc.dau.mil/CommunityBrowser.aspx?id=22203.DoD CIO, Net-Centric Data Strategy, 09 May 2003.DoD CIO Net-Centric Enterprise Information Assurance (IA) Strategy Annex to the DoDIA Strategic Plan (Final Draft).DoD, Net-Centric Enterprise Solutions for Interoperability (NESI), Net-CentricImplementation Framework, V 2.1.0, 12 October 2007 URL: http://nesipublic.spawar.navy.mil/docs/part3/Part3_v2pt1-12Oct07.pdf DoD CIO Net-Centric GIG Capstone, DRAFT v2.2.1. DoD CIO Net-Centric Implementation Document (NCID000), GIG Net-CentricImplementation Document Overview, V1.0, 11 August 2005.DoD CIO, Net-Centric Services Strategy, 04 May 2007.DoD CIO Strategic Plan, v1.0, 2006, http://www.dod.mil/cio- nii/docs/DoDCIO_Strat_Plan.pdf. Investment Review Plan, https://collab.core.gov/CommunityBrowser.aspx?id=7281.Joint Concept of Operations for GIG NetOps, Version 3, 4, August 2006.Joint Staff, Consolidated JCA, 15 January 2008.Joint Staff, Net-Centric Operational Environment Joint Integrating Concept (NCOE JIC),31 October 2005, http://www.dod.mil/cio-nii/docs/netcentric_jic.pdf. GIG Capability Spiral, 12 April 2006.Technology Readiness Assessment Deskbook, May 2005.Quadrennial Defense Review (QDR) 2006. OASISReference Model for Service Oriented Architecture 1.0, 2, August 2006.FEDERALEnterprise Architecture Assessment Framework v2.1 Final, December 2006, http://www.whitehouse.gov/omb/egov/documents/OMB_EA_Assessment_Framework_v21_Final.pdf.Page 8176 OMB A-11.OMB A-11, s.300. FEA Practice Guidance, December 2007.Federal Transition Framework Usage Guide, Pilot Version, June 2006.Federal Transition Framework Metamodel Reference, Pilot Version, June 2006. PUBLIC LAWPublic Law 104-106, Division E, the Clinger-Cohen Act (“The Information TechnologyManagement Reform Act of 1996”), Title 40, United States

Code.Page 82A-1 APPENDIX A: DoD EA Annual Plan DoD Annual Plan for OMB Quarterly Assessments (based on OMB AssessmentFramework v2.2) DoD EA Annual Planand Quarterly MilestonesPage 83A-2Page 84B-1 APPENDIX B: DoD IT300 Exhibits’ Mini-Transition Strategies 0392CITSCOMBAT INFORMATION TRANSPORT SYSTEMAIR FORCE0483ECSSEXPEDITIONARY COMBAT SUPPORT SYSTEMAIR FORCE0487DEAMS-AF DEFENSE ENTERPRISE ACCOUNTING ANDMANAGEMENT SYSTEM-AIR FORCE AIR FORCE1046AOC-WSAIR OPERATIONS CENTER - WEAPON SYSTEM AIR FORCE1826ISPANINTEGRATED STRATEGIC PLANNING ANDANALYSIS NETWORKAIR FORCE1854BCS-F BATTLE CONTROL SYSTEM FIXED AIR FORCE1911TBMCSTHEATER BATTLE MANAGEMENT CORESYSTEMSAIR FORCE5069GCSS-AFGLOBAL COMBAT SUPPORT SYSTEM - AIRFORCEAIR FORCE6170AFMSS AIR FORCE MISSION SUPPORT SYSTEM AIR FORCE6170AFMSS AIR FORCE MISSION SUPPORT SYSTEM _REVIEWIN POWERPOINT AIR FORCE6189JPALSJOINT PRECISION APPROACH AND LANDINGSYSTEMAIR FORCE6191MEECN MINIMUM ESSENTIAL EMERGENCYCOMMUNICATIONS NETWORK AIR FORCE6197BCS-M BATTLE CONTROL SYSTEM - MOBILE AIR FORCE6320CMC/TW-AACHEYENNE MOUNTAIN COMPLEX/TACTICALWARNING-ATTACK ASSESSMENTAIR FORCENOTE: ARMY INITIATIVES ARE REPORTED AS A PORTFOLIO IN APPENDIX F, ARMY EA TRANSITION STRATEGY 2007. THE INITIATIVES MARKED WITH ( N-C) IN THE LIST ARE SEPARATELY DOCUMENTED IN THE NET-CENTRIC MATURITY MODEL IN APPENDIX C.0314GFEBSGENERAL FUND ENTERPRISE BUSINESS SYSTEMARMY0588MBCOTMMOUNTED BATTLE COMMAND ON THE MOVEPROGRAM (N-C)ARMY0688DLSDISTRIBUTED LEARNING SYSTEMARMY1051FCS-ACEFUTURE COMBAT SYSTEM-ADVANCEDCOLLABORATIVE ENVIRONMENTARMY1125FBSFUTURE BUSINESS SYSTEM (N-C)ARMY1191MIRSUS MEPCOM INTEGRATED RESOURCE SYSTEMARMY1631JNNJOINT NETWORK NODE NETWORKARMY1935TC-AIMS IITRANSPORTATION COORDINATORS'AUTOMATED INFORMATION FOR MOVEMENTSSYSTEM IIARMY2166AFATDSADVANCED FIELD ARTILLERY TACTICAL DATASYSTEM (N-C)ARMY2180I3MPINSTALLATION INFORMATION INFRASTRUCTUREMODERNIZATION PROGRAMARMY2213MCSMANEUVER CONTROL SYSTEMARMY5070GCSS - AGLOBAL COMBAT SUPPORT SYSTEM – ARMY (N-C)ARMY6185FBCB2FORCE XXI BATTLE COMMAND BRIGADE ANDBELOW (N-C)ARMY6198WIN-TWARFIGHTER INFORMATION NETWORK-ARMYPage 85B-2TACTICAL (N-C)6298LMPLOGISTICS MODERNIZATION PROGRAMARMY6491GCCS-AGLOBAL COMMAND AND CONTROL SYSTEM -ARMYARMY6963GUARDNETGUARDNET XXI, THE ARMY NATIONAL GUARD'SWIDE AREA NETWORKARMY1794SPS STANDARD PROCUREMENT SYSTEM BTA6312DTS DEFENSE TRAVEL SYSTEM BTA6521DIMHRS DEFENSE INTEGRATED MILITARY HUMANRESOURCES SYSTEM BTA0277CARTS COMMISSARY ADVANCED RESALE TRANSACTIONSYSTEM DECA0555DEBS DECA ENTERPRISE BUSINESS SYSTEM DECA4035DEERS DEFENSE ENROLLMENT ELIGIBILITY REPORTINGSYSTEM DHRA0536NECC NET-ENABLED COMMAND CAPABILITY DISA0595DISN DEFENSE INFORMATION SYSTEM NETWORK DISA0615DMS DEFENSE MESSAGE SYSTEM DISA0881GCCS-J GLOBAL COMMAND AND CONTROL SYSTEM-JOINT DISA0882GCSS GLOBAL COMBAT SUPPORT SYSTEM-COCOM-JTF DISA6456PKI PUBLIC

KEY INFRASTRUCTURE DISA6462TELEPORT DOD TELEPORT DISA6965NCES NET CENTRIC ENTERPRISE SERVICES DISA5090BSM DLA BUSINESS SYSTEMS MODERNIZATION DLA0594DISSDEFENSE INFORMATION SYSTEM FOR SECURITYDSS0342JTRS C5 JOINT TACTICAL RADIO SYSTEM - CLUSTER 5 JPEO JTRS6190JTRS-CLUSTER1 JOINT TACTICAL RADIO SYSTEM - CLUSTER 1 JPEO JTRS6524AMF JTRS AIRBORNE AND MARITIME/FIXED STATION JOINTTACTICAL RADIO SYSTEM JPEO JTRS6587JTRS(JPO) JOINT TACTICAL RADIO SYSTEM (JOINTPROGRAM OFFICE) JPEO JTRSNOTE: NAVY INITIATIVES ARE ALSO REPORTED AS A PORTFOLIO IN APPENDIX G, DON NAVY TRANSITION PLANNING. 0155GCSS- USMC GLOBAL COMBAT SUPPORT SYSTEM - MARINE CORPS NAVY0186NAVY ERP NAVY ENTERPRISE RESOURCE PLANNING (ERP) AND APPENDIX AND TABLE OF QUESTIONSNAVY6046GCCS-M GLOBAL COMMAND AND CONTROL SYSTEM -MARITIME NAVY6310NMCI NAVY MARINE CORPS INTRANET (NMCI) NAVY6555DJC2 DEPLOYABLE JOINT COMMAND AND CONTROL NAVY6946CAC2 COMBINED AIR COMMAND AND CONTROL NAVY1030KMIKEY MANAGEMENT INFRASTRUCTURENSA0332MCPRMILITARY COMPUTER-BASED PATIENT RECORD (INCLUDES #0435 AND 0049)TMAPage 86B-30510EI/DS EXECUTIVE INFORMATION/DECISION SUPPORT TMA0611DMHRSI DEFENSE MEDICAL HUMAN RESOURCE SYSTEMINTERNET TMA0613DMLSS DEFENSE MEDICAL LOGISTICS STANDARDSUPPORT TMA1913TMIP THEATER MEDICAL INFORMATION PROGRAM TMA0178DEAMSDEFENSE ENTERPRISE ACCOUNTING ANDMANAGEMENT SYSTEMTRANSCOM0884GDSS GLOBAL DECISION SUPPORT SYSTEM TRANSCOM0884GDSS GLOBAL DECISION SUPPORT SYSTEM (TABLE) TRANSCOM0884GDSS GLOBAL DECISION SUPPORT SYSTEM (PPT) TRANSCOM1667IGCINTEGRATED DATA ENVIRONMENT/GLOBALTRANSPORTATION NETWORK CONVERGENCE TRANSCOMPage 87C-1 APPENDIX C. DoD IT300 Exhibits Investments’ Net-CentricCapabilities per Net-Centric Maturity Model: Net-Centric Maturity Model (NCMM) Embedded Spreadsheet with Raw Data andCompiled Results. NCMM AnalysisSpreadsheetNCMM Data fromIT300 ExhibitsNCMM MaturityLevels The following graphics shows the timeline and level of net-centricity reported by the ITinvestments in the NCMM: Netcentric Progress By FY Quarter05101520253035Q4 FY02Q1 FY06Q4 FY07Q3 FY08Q4 FY09Q4 FY11 No. Investments Netcentric Progress By FY Quarter05101520253035Q4 FY02Q1 FY06Q4 FY07Q3 FY08Q4 FY09Q4 FY11 No. Investments Net-Centric Progress by FY and Quarter shows that the majority of Net-Centricprogress will occur from Q2 FY08 through Q2 FY10.Page 88C-2 Respondent Netcentric Status2% 4%31%48%7%8%Level 0Level 1Level 2Level 3Level 4Level 5 Respondent Net-Centric Status shows that of the IT investment respondents (54) thatresponded, approximately 50% are at Level 3. Data and NCES Registry Compliance By Quarter00.511.522.5Q3 FY07Q1 FY08Q2 FY08Q4 FY08Q2 FY09Q2 FY10Q1 FY11 (est)Q4 FY12NCES RegistryData Registry The DoD Metadata Registry and NCES Registry Compliance by Quarter shows useof registries is consistent with projected overall net-centric progress by FY quarter.Page 89D-1 APPENDIX D: DoD IT300 Exhibit Investments’ PerformanceInformation Analysis Some Salient PRM Results Technology Area: (8) Lines of Business; 33 initsTechnology Measurement Groupings:2006 -2007 Planned vs. Actual PRM Results LOB 404:10%LOB 405: 12%LOB 103: 62%LOB 118: 1%LOB 401: 1%LOB 403:4%LOB 110:4%LOB 402 : 5%LOB 103- Defens e and National S ecurityLOB 405 - Res haping the Defens e Enterpris eLOB 404- Information and

TechnologyLOB 402- IT Financial M anagement103LOB 110- HealthLOB 403 - Human Res ource M anagementLOB 401- A dminis trative M anagementLOB 118- Trans portation Processes/Activities Observations Entries: 61; 54% TBDs or N/As Quantifiable Improvements: 19 (31% of Total)♉ ♉ ♉ Changed Indicators: 15; with improvement: 6 TBDs , N/As, or Indeterminate Progress: 33♉ Mission/Business Observations Entries: 53; 28% TBDs or N/As Quantifiable Improvements: 30♉ ♉ (57% of Total) Changed Indicators: 28; with improvement: 17 TBDs , N/As, or Indeterminate♉ ♉ Progress: 15 Customer Results Observations Entries: 67; 21% TBDs or N/As Quantifiable♉ ♉ Improvements: 38 (57% of Total) Changed Indicators: 42; with improvement: 22.5 TBDs , N/As, or♉ ♉ Indeterminate Progress: 14 2006 -2007 Technology Observations Entries: 53; 15% TBDs or N/As♉ ♉ Quantifiable Improvements: 35 (66 % of Total) Changed Indicators: 18; with improvement: 11.5♉ ♉ TBDs , N/As, or Indeterminate Progress: 8 Distinguishing Phenomena– 14 MA Changes Availability♉ (42)Interoperability (15)Functionality (36)External Data Sharing (13)Reliability (23)IT Composition (10)Data Standardization or Tagging (11) Note: Click here to enlarge the graphic. This paper reports the salient results from an analysis of the DoD Exhibit 300Performance Information Table, specifically the comparison between PlannedImprovements for 2006 projected by DoD investments in the prior cycle (BY08) and theActual Results reported in 2007 in the current cycle (BY09). The results are depicted forall four Measurement Areas – Technology, Processes and Activities, Mission andBusiness, and Customer Results. There are three salient results for the TechnologyMeasurement Area and one set of results for the remaining Measurement Areas. Technology details are enhanced (on the left side of the figure) because the focus ofthis iteration of the DoD Transition Strategy analysis is information technology (IT).. With respect to the Technology Measurement Area, the three sets of results aredepicted on the left side of the figure to reflect lines of business, measurementgroupings, and FY2006-FY 2007 planned improvements versus actual performanceresults. For the current DoD EA Consolidated Reference Model (DoD EA CRM)Page 90D-2 entries, the Technology Measurement Area has 33 initiatives that address eight lines ofbusiness (LOB) with LOB 103 Defense and National Security representing the mostaddressed line of business. There are seven dominant (with 10 or more entries)Technology Measurement Groupings with Availability and Functionality topping the listand nearly tripling their counterparts in every instance. Note that only two of the sevenmost dominant groupings reflect net-centric attributes and have the lowest number ofentries. The largest grouping, Availability, continues to represent traditional system (vs.data) – example, how many systems are installed at a base and is available to users. Similarly functionality is employed to reflect the traditional system functionality (vs.NCES service) – example, provide LOS communications. The planned versus actualperformance results will be explained subsequently but note the distinguishingphenomena for the Technology MA; specifically, Technology was the only of the fourMeasurement Areas to experience Measurement Area changes (14) from FY2006 toFY2007.The Planned Improvements versus Actual Results for the remaining MeasurementAreas also are recorded (on the right side of the figure). Each Measurement Areasobservation contains recordings with the following headings: ▪ Entries are the number of line items in the DoD EA CRM/SNaP-IT database forthe FY2006 ▪ Quantifiable Improvements reflects the number of all measurement indicators(including changed measurement indicators) that exhibited quantifiableimprovements. ▪ Changed Indicators captures two numbers: one, the number of changedmeasurement indicators; two, the number of changed indicators that exhibitedquantifiable improvements either before or after they were changed. ▪ TBDs, N/As, or Indeterminate Progress’ are the number of results that werereported as ‘To Be Determined’, left blank, or with non-quantifiable progressdescriptions Sample interpretation of Processes/Activities Observations is: ▪ 54% of the measurement indicators showed no progress during the FY2006-FY2007 interim ▪ 31% demonstrated quantifiable improvements during the FY2006-FY2007 interim ▪ 25% of measurement indicators were changed during the FY2006-FY2007interim where only 40% of the changes can be attributed to

successful outcomesin FY2006 (the remaining changes could be attributed to the fact that 2006 wereunattainable and therefore changed to improve success ratio during the nextinterim).Page 91E-1 APPENDIX E: Chart of DoD IT300 Exhibits Investments’Mission Area, Domain, LOB to DoD Strategic Goals Figure 20. Example using Army Warfighter and Enterprise InformationEnvironment (EIE) Mission Area investments.Page 92E-2 Figure 21. Example using Army Business Mission Area investments.Page 93E-3Page 94F-1 APPENDIX F: Army EA 2008 Mini-Transition Strategy 2008 ArmyMini-Transition Strategy The embedded document, the Army 2008 EA Mini-Transition Strategy, discusses theArmy’s emerging approach to Enterprise Architecture and key elements of its targetarchitecture.Page 95G-1 APPENDIX G: Navy EA Transition Planning Navy TransitionPlanning The embedded document, the Navy Transition Plan describes the DON approach to afederated EA that supports the Naval Transformation Roadmap.Page 96H-1 APPENDIX H: Business Mission Area Segment ArchitectureOverview The Business Mission Area (BMA) Segment Architecture Overview provides summary-level answers to selected questions for the segment per the FEA Practice Guidance. The overview describes the scope, change drivers, vision, performance goals andfunding strategy for the segment. The embedded document was submitted by theBusiness Transformation Agency as part of the BMA Segment Architecturedevelopment. BMA SegmentOverviewPage 97I-1 APPENDIX I: Defense Information Enterprise SegmentArchitecture Overview The Defense Information Environment (DIE) Segment Architecture Overview providessummary-level answers to selected questions for the segment per the FEA PracticeGuidance. The overview describes the scope, change drivers, vision, performancegoals and funding strategy for the segment. The embedded document was submittedas part of the DIE Segment Architecture development. DIE SegmentOverviewDIEA v1.0Page 98J-1 APPENDIX J: Warfighting Mission Area SegmentArchitecture Overview The Warfighting Mission Area (WMA) Segment Architecture Overview providessummary-level answers to selected questions for the segment per the FEA PracticeGuidance. The overview describes the scope, change drivers, vision, performancegoals and funding strategy for the segment. The embedded document was submittedas part of the WMA Segment Architecture development. WMA SegmentOverview==================================This is the html version of the file http://nsi.ncirc.gov/documents/NSI_EE.pdf.Google automatically generates html versions of documents as we crawl the web.Page 1Page iiPage 2FINAL REPORT:INFORMATION SHARING ENVIRONMENT (ISE)-SUSPICIOUS ACTIVITY REPORTING (SAR)EVALUATION ENVIRONMENTJANUARY 2010 This project was supported by Grant No. 2008-DD-BX-K480 awarded by the Bureau of JusticeAssistance. The Bureau of Justice Assistance is a component of the Office of Justice Programs, whichalso includes the Bureau of Justice Statistics, the National Institute of Justice, the Office of JuvenileJustice and Delinquency Prevention,

the SMART Office, and the Office for Victims of Crime. Points ofview or opinions in this document are those of the author and do not represent the official position orpolicies of the United States Department of Justice.Page 3Page i TABLE OF CONTENTS Table of Figures .............................................................................................................................. iv Acknowledgments ........................................................................................................................... v Executive Summary ....................................................................................................................... 1 Information Sharing: A National Priority ............................................................................... 1 Multilayered Training .............................................................................................................. 2 Protection of Privacy and Civil Liberties ................................................................................. 3 Technology: A Way Forward ................................................................................................... 4 Collaborative Partnerships to Develop a Nationwide SAR Program .................................... 4 Key Recommendations ........................................................................................................... 5 Next Steps ................................................................................................................................ 6 Project Overview and Background ................................................................................................ 7 ISE-SAR EE Implementation ................................................................................................. 16 Summary of the ISE-SAR Process ........................................................................................ 17 SAR Information Sharing Goals—Complete, Accurate, and Timely .................................... 19 Protection of Privacy Rights and Civil Liberties ................................................................... 21 Technology Solutions ............................................................................................................ 25 System Security ..................................................................................................................... 28 Methodology to Measure, Document, and Evaluate the ISE-SAR EE ................................ 29 SAR Performance Measurement .......................................................................................... 30 Project Governance ............................................................................................................... 33 ISE-SAR Evaluation Environment Observations and Lessons Learned .................................... 37 Leadership ................................................................................................................................ 37 Executive Leadership ............................................................................................................ 37 National Program Management ........................................................................................... 38 SAR Business Process .............................................................................................................. 40 Existing SAR Processes ......................................................................................................... 40 Privacy Policies ...................................................................................................................... 41 Criteria for Entering Data ...................................................................................................... 42 Personally Identifiable Information ...................................................................................... 43 Shared Space Data Entry ...................................................................................................... 43 Shared Space Access ............................................................................................................ 44 Training ...................................................................................................................................... 45 Project-Delivered Training ..................................................................................................... 45 Additional Training ................................................................................................................ 45 Page 4Final Report: ISE-SAR EETable of Contents Page ii Institutionalization of the SAR Process ................................................................................... 47 Analytic Tools and Processes ............................................................................................... 47 Network Configuration .......................................................................................................... 47 Background Checks .............................................................................................................. 48 Outreach .................................................................................................................................... 49 Outreach and Awareness ...................................................................................................... 49 SAR Technical Process ............................................................................................................. 50 System Deployment Planning ............................................................................................... 50 Site System

Software and Hardware ................................................................................... 51 Data Mapping to the ISE-SAR Functional Standard ............................................................ 52 Lack of Structured Data in Legacy SAR Records ................................................................ 53 Site Shared Space Database Design ................................................................................... 54 Deployed Shared Space Applications .................................................................................. 55 System Deployment Process ................................................................................................ 56 Use of Existing Report Forms ............................................................................................... 56 Review of Legacy SAR Data .................................................................................................. 57 Interface With the FBI’s eGuardian and DHS’s Shared Space .......................................... 58 NCIRC.gov Portal User Interface ........................................................................................... 58 Leveraging Promising Practices .................................................................................................. 61 Executive Leadership ............................................................................................................ 61 Shared Space Concept ......................................................................................................... 62 The SAR Vetting Tool ............................................................................................................. 64 Use of National Information Exchange Model (NIEM) and Logical Entity eXchange Specifications (LEXS) ....................................................................................... 64 Leveraging Existing Secure but Unclassified Networks ...................................................... 65 Development of Privacy Policy Templates and Technical Assistance ............................... 65 Development of a SAR Training Program ............................................................................ 66 Analyst Professional Development ...................................................................................... 66 Utilization of Roll Call Training and E-Training Programs ................................................... 67 Liaison Officer Programs....................................................................................................... 68 Community Outreach ............................................................................................................ 69 Institutionalization of Processes for the Handling of SAR Information ............................. 73 Using SAR Information in Agency Decision Making ............................................................ 75 Development of the Terrorism Indicators Database ........................................................... 75 Appendix One: Project Participants ........................................................................................... 79 Project Sponsors and Partners: ............................................................................................ 79 Project Participants: .............................................................................................................. 79 Appendix Two: Project Timeline ................................................................................................. 81 ISE-SAR Evaluation Environment ......................................................................................... 81 Page 5Final Report: ISE-SAR EETable of Contents Page iii Appendix Three: Acronyms and Abbreviations .......................................................................... 89 Appendix Four: Participating Agency Assessments .................................................................. 91 Arizona Counter Terrorism Information Center ....................................................................... 91 SAR Process Report—Post-Implementation Phase ............................................................. 91 Boston, Massachusetts, Police Department .......................................................................... 96 SAR Process Report—Post-Implementation Phase ............................................................. 96 Chicago, Illinois, Police Department ..................................................................................... 101 SAR Process Report—Post-Implementation Phase .......................................................... 101 Florida Department of Law Enforcement ............................................................................. 105 SAR Process Report—Post-Implementation Phase .......................................................... 105 Houston, Texas, Police Department ..................................................................................... 111 SAR Process Report—Post-Implementation Phase .......................................................... 111 Las Vegas, Nevada, Metropolitan Police Department ........................................................ 116 SAR Process Report—Post-Implementation Phase .......................................................... 116 Los Angeles, California, Police Department ......................................................................... 121 SAR Process Report—Post-Implementation Phase .......................................................... 121 Miami-Dade, Florida, Police

Department ............................................................................. 128 SAR Process Report—Post-Implementation Phase .......................................................... 128 New York State Police ........................................................................................................... 133 SAR Process Report—Post-Implementation Phase .......................................................... 133 Additional Comments ......................................................................................................... 138 Seattle, Washington, Police Department ............................................................................. 139 SAR Process Report—Post-Implementation Phase .......................................................... 139 Virginia State Police ............................................................................................................... 144 SAR Process Report—Post-Implementation Phase .......................................................... 144 Washington, DC, Metropolitan Police Department ............................................................ 150 SAR Process Report—Post-Implementation Phase .......................................................... 150 Questions ................................................................................................................................... 155 Page 6Page iv TABLE OF FIGURES Figure 1: NSI Process ............................................................................................................... 14 Figure 2: Overview of Shared Spaces Concept ...................................................................... 26 Figure 3: FDLE, VFC, NYSIC, and BPD Fully Implemented the Requirements to Enable Analysts to Search the ISE-SAR Shared Spaces. ....................................... 31 Figure 4: FDLE, VFC, and NYSIC Showed the Greatest Increase in Users of the ISE-SAR Shared Spaces, Possibly Contributing to the Increase in Search Activity Originating at Those Sites. .......................................................................... 31 Page 7Page v ACKNOWLEDGMENTS The success of any project is dependent upon strong leadership by both individuals andorganizations to ensure that the goals of the project are fully implemented. Leadership wasparticularly important to this project because of the nationwide nature and underlyingactivities. We would like to acknowledge the following individuals and organizations for theircontributions to the success of the ISE-SAR Evaluation Environment.A key component of this project was the development of the report Findings andRecommendations of the Suspicious Activity Report (SAR) Support and ImplementationProject. This report could not have been completed without the leadership of the MajorCities Chiefs Association (MCCA) and, in particular, the work of former Chief Gil Kerlikowski,Seattle Police Department and President of the MCCA; former Chief William Bratton, Los Angeles Police Department; and Sheriff Douglas Gillespie, Las Vegas MetropolitanPolice Department.The Intelligence Commanders from MCCA played a valuable role in developing the findingsand recommendations that served as the foundation for the policies and proceduresimplemented during the ISE-SAR Evaluation Environment. Four agencies volunteered tohave their suspicious activity reporting processes assessed and used as the basis fordeveloping the findings and recommendations. These Intelligence Commanders wereCommander Joan McNamara, Los Angeles Police Department; former Commander DavidSobczyk, Chicago Police Department; former Deputy Superintendent Earl Perkins, BostonPolice Department; and Major Michael Ronczkowski, Miami-Dade Police Department.This project originally started as an effort to connect 3 state fusion centers so that theycould share their suspicious activity reporting with each other. The project later expanded toinclude 9 other major cities, which together made up the 12 participating agencies in theISE-SAR Evaluation Environment. The leadership of these state fusion center directors—Captain Doug Keyer, New York State Police; Lieutenant Lee Miller, Virginia State Police; andChief of Statewide Intelligence Jennifer Cook-Pritt, Florida Department of Law Enforcement—was important to the initial stages of the project. In addition to the agencies mentionedabove, the following persons provided vital leadership in implementing this project: Lieutenant Tom Monahan, Las Vegas Metropolitan Police Department; Lieutenant Robert Montalvo, Houston Police Department; Commander Dan Wells, Arizona Departmentof Public Safety; Lieutenant Ron Leavell, Seattle Police Department; and Director Jeff Wobbleton, Washington, DC, Metropolitan Police Department.Training

was an essential element in the success of the ISE-SAR Evaluation Environment. Three organizations participated in developing three levels of training that were delivered tomembers of the participating agencies. The International Association of Chiefs of Policedeveloped the line officer training, the Major Cities Chiefs Association developed thePage 8Final Report: ISE-SAR EEAcknowledgments Page vi executive training, and the Institute for Intergovernmental Research ® developed the analytictraining.The development of technology and ongoing support for the participating agencies wasessential to the successful implementation of the Evaluation Environment. The IJIS Instituteand Tetrus Consulting provided vital technical support to the project and assisted theparticipating agencies in connecting their existing systems to the ISE-SAR Shared Spaces.The ISE-SAR Evaluation Environment would not have been possible had it not been for thework of a select group of state and local officials who earlier had developed a set ofstandardized data elements that needed to be shared among agencies. These standardswere incorporated into the “Information Exchange Package Document for the SuspiciousActivity Report (SAR) for Local and State Entities.” Key state and local participants and theagencies they represented at the time of this effort were Dan Anderson, Collier County,Florida, Sheriff’s Office; Norm Beasley, Maricopa County, Arizona, Sheriff’s Office; George Bivens, Pennsylvania State Police; Roger Bragdon, Spokane, Washington, PoliceDepartment (retired); Ernest Chambers, Las Vegas Metropolitan Police Department; Bryan Costigan, Montana Department of Justice; Scott Dutton, Georgia Bureau ofInvestigation; Robert Fox, Los Angeles Joint Regional Intelligence Center; Bill Harris,Delaware State Police; Michael Haslip, Blaine, Washington, Police Department; Bart Johnson, New York State Police; Lance Ladines, Washington State Patrol; Lloyd Michaud, Utah Department of Public Safety; Ted Oakley, Ohio Association of Chiefs ofPolice; Lisa Palmieri, Massachusetts State Police; Daniel Perales, Houston, Texas, PoliceDepartment; Russell Porter, Iowa Department of Public Safety; Steven Raubenolt, Ohio LawEnforcement Gateway; Larry Shaw, Florida Department of Law Enforcement; Jim Slater,Massachusetts State Police; Chief Gary Vest, Powell, Ohio, Police Department; Mike Wells,New York State Police; and Gary Williams, Los Angeles, California, Police Department.This project represented a unique partnership between many federal agencies withterrorism related responsibilities and state and local law enforcement agencies. Thecommon desire to protect our communities was tantamount and led to commonunderstandings and protocols for effectively and efficiently sharing terrorism relatedsuspicious activity information. The federal partners involved in the project were: the U.S. Department of Justice (DOJ), Bureau of Justice Assistance (BJA); the Federal Bureau ofInvestigation (FBI); the U.S. Department of Homeland Security (DHS); the Program Manager,Information Sharing Environment (PM-ISE); DOJ’s Global Justice Information SharingInitiative (Global), Criminal Intelligence Coordinating Council (CICC); and the U.S. Departmentof Defense (DoD),Page 9Page 1 EXECUTIVE SUMMARY The design and development of the Information Sharing Environment Suspicious ActivityReporting Evaluation Environment (ISE-SAR EE) stemmed from five key factors: a nationalneed for increased information sharing of suspicious activity; a need for an enhancedtechnology solution to address many of the previous information sharing impediments; arequirement to continuously protect privacy and civil liberties; a recognized need to developa nationwide SAR training program; and a need for the existence of a robust, collaborativepartnership among all federal, state, and local ISE-SAR EE participants to create anationwide SAR program. Combining these factors has created a project that engages 12state and major urban area fusion centers in an all-crimes approach to gathering,processing, reporting, and sharing of suspicious activity based upon behaviors identified tobe reasonably indicative of preoperational planning related to terrorism or other criminalactivity. Beginning October 1, 2008, the ISE-SAR EE initiative initiated several core elementsto prepare for the implementation of the project. These elements included the evaluation ofthe

status of the current SAR environment within the participating agencies, developingrobust business processes for the initiative, and designing and implementing the technologyto support the ISE-SAR EE. At the conclusion of the initiative, September 30, 2009, the ISE-SAR EE had created a dynamic approach to information sharing that leverages existingoperational processes, technology, and policies. This summary provides an overview of thefive key factors and selected lessons learned and recommendations relating to thegathering, processing, and sharing of terrorism-related suspicious activity. INFORMATION SHARING: A NATIONAL PRIORITY The recognized need to advance the sharing of terrorism-related law enforcementinformation was clearly articulated in the Intelligence Reform and Terrorism Prevention Actof 2004 and in several national-level documents, such as the National Strategy forInformation Sharing (NSIS), issued to reinforce, prioritize, and unify our nation’s efforts toadvance the sharing of terrorism-related information among federal, state, and localgovernment entities; the private sector; and foreign partners. The primary purpose of thisinitiative is to identify those behaviors that are reasonably indicative of preoperationalplanning related to terrorism or other criminal activity and coordinate the sharing ofinformation with the appropriate fusion center and the FBI’s Joint Terrorism Task Forces. The NSIS calls for the federal government to support a nationwide capability for thegathering, analysis, and sharing of information, including suspicious activity and incidentreporting related to terrorism, with state and local governments and across the federalgovernment. Consistent with the NSIS and as a priority for the establishment of the ISE, theOffice of the Program Manager for the Information Sharing Environment (PM-ISE); the U.S. Department of Justice (DOJ); the U.S. Department of Homeland Security (DHS); theOffice of the Assistant Secretary of Defense for Homeland Defense and America’s SecurityAffairs, U.S. Department of Defense (DoD); and the Office of the Director of NationalIntelligence (ODNI) have coordinated a comprehensive effort to develop a nationwidePage 10Final Report: ISE-SAR EEExecutive Summary Page 2 network of state and major urban area fusion centers. This network is one of thefoundational pieces of the ISE-SAR EE in identifying fusion centers to participate in theproject.Additionally, the Information Sharing Environment (ISE) Suspicious Activity Reporting (SAR)Functional Standard (ISE-SAR Functional Standard)1 was released by the PM-ISE to buildupon, consolidate, and standardize nationwide aspects of those ISE-relevant activitiesalready occurring at the federal, state, and local levels with respect to the processing,sharing, and use of suspicious activity information. The ISE-SAR Functional Standardcontinues to evolve and provides guidance on a limited end-to-end information sharingprocess. It was developed for the analysis of SARs and includes the business rules forgathering, documenting, processing, and sharing terrorism-related suspicious activityinformation. Ultimately, the ISE-SAR Functional Standard was used to outline the scope,objectives, and goals of the ISE-SAR EE. The ISE-SAR EE project began with the implementation of three state fusion center pilotsites—the New York State Intelligence Center, the Florida Fusion Center, and the VirginiaFusion Center. Additional sites were added to the Evaluation Environment, including the Washington, DC, Metropolitan Police Department; the Seattle Police Department; the Los Angeles Police Department; the Boston Police Department; the Chicago PoliceDepartment; the Miami-Dade Police Department; the Arizona Counter Terrorism InformationCenter; the Houston Police Department; and the Las Vegas Metropolitan Police Department. Additionally, the eGuardian system, designed by the Federal Bureau of Investigation (FBI),participated in the ISE-SAR Evaluation Environment, as well as DHS. eGuardian also servesas the connection between the FBI’s Joint Terrorism Task Force and the ISE-SAR SharedSpaces Servers. Similar to how eGuardian functions as one of the ISE-SAR Shared Spaces,SAR information from DHS will function as an ISE-SAR Shared Space. MULTILAYERED TRAINING The design and implementation of a cohesive national ISE-SAR training program were vitalparts of the final project design. The training component was developed through therecognition that the ISE-SAR EE must provide a consistent, nationwide message concerningthe handling of SARs. To reinforce the tenets of

the project, three separate but coordinatedtraining efforts were developed targeting law enforcement professionals with varying dutiesand responsibilities―agency executives, analytic/investigative personnel, and line officers. The executive-level training was developed by the Major Cities Chiefs Association (MCCA)and focuses on executive leadership, policy development and privacy and civil libertiesprotections, agency training, and community outreach. The analyst/investigative-leveltraining was developed by the Bureau of Justice Assistance (BJA) and focuses on the SARprocess, with an emphasis on review and vetting of information to ensure compliance with 1See http://www.ise.gov/pages/sar-initiative.aspx.Page 11Final Report: ISE-SAR EEExecutive Summary Page 3 the ISE-SAR Functional Standard; privacy and civil liberties protections; terrorism indicators,including recent trends in terrorism, stages of terrorism, and behaviors tied to the ISE-SARCriteria Guidance; and resources and tools. The line officer training was developed by theInternational Association of Chiefs of Police (IACP) and focuses on understanding the criticalrole line officers have in the effective implementation of the SAR process. The goal of thetraining efforts is to facilitate agency implementation of the SAR process and to enhance thenationwide SAR capability. PROTECTION OF PRIVACY AND CIVIL LIBERTIES The third critical aspect of this initiative is the continuous need to emphasize the importanceof protecting privacy rights and civil liberties. Integral to this project, which often includessensitive personal information, is the protection of Americans’ privacy, civil rights, and civilliberties. In addition to the U.S. Constitution, many laws and policies protect these importantrights, including the Privacy Act of 1974; the E-Government Act of 2002; and other federallaws, executive orders, and policies, as well as state, local, and tribal constitutions, laws,and policies. During September 2008, the PM-ISE—in consultation with the Civil Libertiesand Privacy Office of ODNI, the Office of Privacy and Civil Liberties of DOJ, the DHS Office ofPrivacy, and the Legal Issues Working Group of the ISE Privacy Guidelines Committee—prepared the Initial Privacy and Civil Liberties Analysis of the ISE-SAR EE. Based on thisanalysis, the ISE-SAR Evaluation Environment Privacy, Civil Rights, and Civil LibertiesProtection Policy Template was finalized and approved for distribution to the EE participantsin January 2009. Based on the work of DOJ’s Global Justice Information Sharing Initiative’s(Global) privacy document, Fusion Center Privacy Policy Development: Privacy, Civil Rights,and Civil Liberties Template, the template was designed to cover all ISE-SAR EE activitiesconducted by participating pilot sites, including source, submitting, and use agencies. It wasdesigned in such a manner that participating agencies can make any necessarymodifications to include the requirements of their state constitution, executive orders, courtdecisions, statutes, rules and regulations, and local codes/ordinances as they develop theirindividual agency privacy policies. The policy template requires each participating agency toaddress specific items: purpose specification, collection limitation, data quality, uselimitation, security safeguards, openness, individual participation, and accountability. Priorto participating in the ISE-SAR EE and sharing information, all agencies had to develop andimplement a privacy framework that met the minimum guidelines provided in the privacytemplate. The ISE-SAR EE was designed, in accordance with the ISE-SAR Functional Standard, toconsider privacy throughout the SAR process. The ISE-SAR Functional Standard requires afour-part review before any SAR information can be shared in the ISE-SAR Shared Spaces. This review process includes an analytic judgment as to the information’s relevance toterrorism, identification of specified activity, reliability, and validity. In addition to andcompliant with the direction of the project sponsors, extensive training regarding thecriticality of the protection of privacy and civil liberties has been provided to the participatingPage 12Final Report: ISE-SAR EEExecutive Summary Page 4 agencies whose role requires analysis of suspicious activity and the ultimate determinationas to the level of sharing of that information. TECHNOLOGY: A WAY FORWARD The second key factor of the project is the ability to enhance

information sharing through thecreative use of technology. Throughout the law enforcement community, the need to shareinformation is generally accepted and understood; however, the technology used for manyinformation sharing initiatives often fails to gain wide support due to its failure to meet theexpectations of the law enforcement agencies. Some of these expectations include theability to self-populate the data that is shared, the ultimate control and disposition of theagency’s data, and the ability to utilize the existing legacy records management system. TheISE-SAR EE was designed to utilize a unique technology configuration that allows datasharing through a distributed model in compliance with the National Information ExchangeModel (NIEM) standards, which emphasize the importance of maintaining the originatingagency’s ownership of the data. Additionally, this technology solution leveraged existingstate and local systems as well as national information sharing platforms, minimizing theneed to develop a new system or database. Technology is often seen as an impediment to information sharing due to the stand-alonenature of many law enforcement records management systems. The ISE-SAR EE utilized a unique technology approach by implementing a “shared space” environment. Thistechnology solution provides a distributed data model to make SAR information availablethrough Common Terrorism Information Sharing Standards, applications, and services. TheISE-SAR Shared Spaces allow authorized users to securely search the ISE-SAR data locatedon local agency-controlled servers from one central location—the National CriminalIntelligence Resource Center. The ISE-SAR Shared Spaces integrate the NIEM standard andthe ISE-SAR Functional Standard into a standardized process to efficiently and effectivelyshare information. Each state and major urban area can develop a plan for the sharing ofSARs based upon the technology that it decides best meets its operational needs. COLLABORATIVE PARTNERSHIPS TO DEVELOP A NATIONWIDE SAR PROGRAM The final key to this initiative is the collaborative and dynamic partnerships among thefederal sponsors and state and local sites. Through conference calls, user group meetings,and site visits, the ISE-SAR EE partners maintained an aggressive project timeline andcommitment to establish the project at each site. Moreover, it was the supportive aspectsof this partnership, such as cross-agency collaboration, that ultimately made the project asuccess. The federal partners—PM-ISE, DOJ, BJA, DoD, the FBI, and DHS—worked togetherto develop the foundational elements of the project. The involvement of multiple federalagencies in this coordinated effort will help ensure that relevant pieces of information thatmay be indicative of a terrorist event or activity are shared.Page 13Final Report: ISE-SAR EEExecutive Summary Page 5 This project created new and enhanced existing partnerships among the state and local ISE-SAR EE participant sites. Working with their federal partners, these agencies articulated acommon need for a unified SAR process. Throughout the implementation, the usersprovided constructive feedback and recommendations to improve the initiative. Partnerships within the larger law enforcement community have also proved to be criticallyimportant to the achievement of the project goals. An important factor in the developmentof the project was the leadership of the MCCA and its Major Cities Chiefs IntelligenceCommanders Working Group. Using the tenets of the successful Los Angeles PoliceDepartment SAR initiative, the MCCA and its working group provided leadership andguidance in the development of standard processes and policies to guide the sharing of SARinformation. Further, in June 2008, to illustrate their support of the project, both the MCCAand the Major County Sheriffs’ Association unanimously passed resolutions supporting theimplementation of the SAR process within their member agencies. Additionally, the NationalSheriffs’ Association, the IACP, the FBI, the Criminal Intelligence Coordinating Council (CICC),and Global2 have endorsed this project. KEY RECOMMENDATIONS A number of recommendations were made by the participating agencies based upon thelessons learned from the Evaluation Environment.3The key recommendations were: Leadership: Prior to initiating the next phase of this project, the project team must ensure that each agency has the support of its executive leadership. Thiscan be accomplished through regular briefings to law enforcement

associationsand through the MCCA’s Chief Executive Officer Briefing. Face-to-face briefingsare important to allow agency executives to understand the full scope of theproject and the requirements and resources necessary from their agency. Policy and Common Processes: If the ISE-SAR EE is expanded, future participating agencies should develop policies and processes that govern theprocessing of SARs within all areas of their agency. This will ensure compliancewith the ISE-SAR Functional Standard and related project resources. It isunderstood that each agency will have unique requirements, but a common setof processes across the initiative is needed. Privacy: Future participating agencies should continue to be required to have a privacy framework that is consistent with the ISE Privacy Guidelines. Agenciesshould ensure transparency and openness in their privacy policy development 2In June 2008, the Findings and Recommendations of the Suspicious Activity Report (SAR) Support and Implementation Project (SAR report) was developed to provide recommendations to the CICC from the MCCA. The SAR report was unanimously approved by the CICC in September 2008 and by Global in October 2008. 3Additional information and background regarding each of the recommendations and lessons learned can be found within the full report.Page 14Final Report: ISE-SAR EEExecutive Summary Page 6 efforts by engaging privacy advocates and community leaders as the policies aredeveloped or refined. Technology: The proposed program management office should evaluate the best method of deploying operating systems and examine the pros and cons ofother programming languages. Specific training courses or targeted technicalassistance should be identified to help site staff improve their technical systemadministration capabilities. Training: The executive, analytic, and line officer training programs should be delivered to all agencies that are developing a SAR process and will participate inthe Nationwide SAR Initiative (NSI). Varied methods of delivery—including CD-based training, Web-based training, and video streaming—should be consideredas delivery mechanisms for these courses. Outreach: Agencies engaged in a SAR program should train their Liaison Officers to assist in public, private sector, and law enforcement outreach andawareness opportunities. Providing additional training to officers utilizing theSafeguarding America DVD and providing additional outreach material to theofficers to interact with the public and private sectors will provide greaterawareness of behaviors indicative of potential terrorism activity. NEXT STEPS Moving forward, the technology, training design, types of technical assistance supportoffered, and business processes developed during this project can be replicated for thesharing of other types of criminal activity information. Based on feedback received from the12 participating state and local agencies, the ISE-SAR EE has proved successful in providinglaw enforcement agencies with a reliable and consistent method of sharing terrorism-relatedSARs, and this type of project can be expanded to other law enforcement activities. Thefollowing sections are contained in the full report: Project➢ Overview and Background Leveraging Promising Practices Lessons Learned Appendices:•➢ ➢ ➢ Appendix One: Project Participants• Appendix Two: Project Timeline• Appendix Three: Acronyms and Abbreviations• Appendix Four: Participating Agency Assessments Contacts for Questions➢Page 15Page 7 PROJECT OVERVIEW AND BACKGROUND The exchange of information is a critical component of lawenforcement investigative efforts. Exchanging informationbecomes even more important when crime prevention becomesmultijurisdictional. The ability to share information in aconsistent and timely manner across jurisdictional boundaries isa key element to the law enforcement process. Historically,gaps in information sharing among federal, state, and local lawenforcement agencies have hindered law enforcement’s abilityto effectively and efficiently detect, deter, prevent, and respondto criminal and terrorist events. Information sharing gaps often stem from the fact thatalthough law enforcement agencies individually may have pieces of information concerningcriminals or terrorists and their activities, these agencies often lack a standardizedmechanism by which information can be exchanged with other agencies and/or collected tosupport crime detection and prevention. Consequently, the law enforcement community’sefforts to

prevent crime or respond to a criminal or terrorist incident may be fragmented,duplicative, and/or limited. Addressing these issues, the National Strategy for Information Sharing (NSIS) was releasedin October 2007 to prioritize and unify our nation’s efforts to advance the sharing ofterrorism-related information among federal, state, and local government entities; theprivate sector; and foreign partners while continuing to protect privacy, civil rights, and civilliberties. The NSIS calls for the federal government to support a nationwide capability forthe gathering, analysis, and sharing of information, including suspicious activity and incidentreports related to terrorism, with state and local governments and across the federalgovernment. The development of the NSIS was based on several foundational documents,including the report of the National Commission on Terrorist Attacks Upon the United States,4 also known as the 9/11 Commission, which identified a breakdown ininformation sharing as a key factor contributing to the failure to prevent the September 11,2001, attacks. In response to the 9/11 Commission’s recommendations, Congresspassed—and the President signed—the Intelligence Reform and Terrorism Prevention Act of2004 (IRTPA). Per Section 1016, the Information Sharing Environment (ISE) was createdand is defined as “an approach that facilitates the sharing of terrorism and homelandsecurity information.” Further, the IRTPA required the President to designate a ProgramManager for the ISE and establish the Office of the Program Manager for the InformationSharing Environment (PM-ISE). The PM-ISE has government-wide authority to manage theISE, assist in the development of ISE standards and practices, and monitor and assess itsimplementation by federal agencies as well as state and major urban area fusion centers. 4See http://www.9-11commission.gov. Chief Cathy Lanier, DCMetro: “The hope isthat everyone acrossthe country will startdoing this. The value ofthis program lies in thenumber of people thatbuy in and participate.”Page 16Final Report: ISE-SAR EEProject Overview and Background Page 8 Consistent with the IRTPA, the ISE sought an information sharing solution that would allowdata to be shared through a distributed mechanism by which law enforcement agenciescould retain data ownership and control. The solution would need to be economicallydeveloped and deployed, ideally with the ability to be easily replicated nationwide. Consistent with the NSIS and as a priority for the establishment of the ISE, the PM-ISE—inconjunction with the U.S. Department of Justice (DOJ), Bureau of Justice Assistance (BJA);the Federal Bureau of Investigation (FBI); the Office of the Assistant Secretary of Defense forHomeland Defense and America’s Security Affairs,U.S. Department of Defense; and the U.S.Department of Homeland Security (DHS)—supported a comprehensive effort to develop anationwide network of state and major urban areafusion centers. One of the goals of this integratednetwork is to facilitate the sharing of terrorism-related information across federal, state, andlocal communities. The information to be sharedin this national network includes informationbased on an everyday activity of most lawenforcement agencies: documenting suspiciousactivities observed or reported. This practice iswell-institutionalized in the law enforcementcommunity and occurs with varying degrees ofstandardization and formality in othercommunities, such as in the public health andprivate sectors. Throughout most communities,the reporting of SARs is not represented by aformalized, institutional process, and there istypically no established mechanism for thereporting of preoperational terrorism behaviors. Leveraging the existing SAR collection functions,the ISE-SAR Evaluation Environment (EE)recognized a broader mission need. Accordingly and consistent with the direction in theNSIS, it was deemed necessary to establish a standardized process that includes flexibilityto meet the unique individual requirements of the jurisdiction in the area of privacyprotection and associated data models for identifying, documenting, and sharing terrorism-related suspicious activity reports (SARs) to the maximum extent possible (initially referredto as the SAR initiative). In October 2006, a foundational meeting was held in Denver, Colorado, to bring togetherstate and local subject-matter experts, as well as the federal project partners, to discuss the Former Chief William Bratton, LAPD:“We have learned from the past thatthere are early warning signs. Terrorismand behaviors are linked. How do Imaximize

our efforts and multiply ourforce? Analysis is critical todifferentiate criminal from terroristactivity…. We all need to assess ourvulnerability. Similarly with SAR—weneed a united front and leadershipsupport so that every agency in thearea is contributing. If we don’t have aseamless Web and some agencies arenot cooperating, we are in trouble. Theeffort today is not only to educate butto enlist your support and make sureyou understand the importance to thiseffort. We want to move in a big andaggressive way to move this issueforward. We hope those of you here‘get it.’ This is not a departure fromwhat we normally do—there are someenhancements—we want you to take itto your people. Embrace the conceptand appreciate the enhancements.”Page 17Final Report: ISE-SAR EEProject Overview and Background Page 9 initial plans for the development of what would eventually become the ISE-SAR EE. Inresponse to the need of the state and local law enforcement community to develop astandardized SAR reporting process, this meeting highlighted the need to build the projectusing a common set of behavior-specific categories that can be related back to theprecursors of terrorism. From the beginning of this initiative, it was evident that there was a need to leverage existingtechnology standards, such as the National Information Exchange Model (NIEM).5 NIEM isbased on the work of the Global Justice Information Sharing Initiative’s XML Data Model andis designed to develop, disseminate, and support enterprise-wide information exchangestandards and processes that can enable jurisdictions to effectively share criticalinformation in emergency situations, as well as support the day-to-day operations ofagencies throughout the nation. NIEM enables information sharing, focusing on informationexchanged among organizations as part of their current or intended business practices. TheNIEM exchange development methodology results in a common semantic understandingamong participating organizations and data formatted in a semantically consistent manner. NIEM standardizes content (actual data exchange standards) and provides tools andmanaged processes. In early 2007, the project discussions continued with a series of conference calls andWebEx meetings to further develop the project’s behavior codes, business processes, andimplementation strategies. These efforts continued with the development of a referenceInformation Exchange Package Documentation(IEPD) intended to support SAR exchanges betweenand among fusion centers and their federal, state,local, and tribal law enforcement partners.Developed by state and local stakeholders, the IEPDwas ultimately enhanced to be consistent with theISE Privacy Guidelines and the Privacy and CivilLiberties Policy Development Guide andImplementation Templates. The development of theIEPD ultimately resulted in the development of theISE-SAR Functional Standard.In January 2008, the first ISE-SAR FunctionalStandard was released by the PM-ISE to build upon,consolidate, and standardize nationwide aspects ofthose ISE-relevant activities already occurring at thefederal, state, and local levels with respect to the 5See www.it.ojp.gov/iepd. Commissioner Gerald Bailey, FloridaDepartment of Law Enforcement: “Law enforcement has excellentinformation gathering techniquesand skills in place. However, in orderfor that information to be useful, itmust be shared. Simply put, theheart of this initiative is to gleaninformation from routine police workfor the fusion centers so that theymay provide the analysis andintelligence that is critical to ourefforts against crime and terrorism. We can no longer operate as 50independent states, but as onecountry with one goal—to keep ourcitizens safe.”Page 18Final Report: ISE-SAR EEProject Overview and Background Page 10 processing, sharing, and use of suspicious activity information. The ISE-SAR FunctionalStandard provides guidance on a limited end-to-end information sharing process andcontinues to be enhanced to meet the needs of the agencies. It was developed for theanalysis of SARs and includes the business rules for gathering, documenting, processing,and sharing terrorism-related suspicious activity information. These efforts ultimatelyresulted in the development of the ISE-SAR EE, which was used to outline the scope,objectives, and goals of the project, including theimplementation of the SAR Summary ReportsLibrary Pilot Project and SAR Operational StudyEvaluation Project (now known as the ISE-

SAREvaluation Environment [ISE-SAR EE]). The Evaluation Environment officially began onSeptember 1, 2008, and concluded on September30, 2009. The purpose of the EvaluationEnvironment (EE) at state and major urban areafusion centers and local law enforcementorganizations was to test and evaluate the policies,procedures, and technology needed to implement aunified process that fosters a broader sharing of SARs that are reasonably indicative ofpotential intelligence gathering or preoperational planning related to terrorism or othercriminal activity. The project was developed in a phased approach beginning with thedevelopment of privacy frameworks and the implementation of the technology. The firstdata was not shared until May of 2009. The participating agencies continue to implementthe processes and procedures needed to successfully share SAR information.The SAR Summary Reports Library was a conceptual pilot project that provided a collectionpoint for existing SAR summary or free-text narrative information reports. The Library pilotwas designed to provide a method for fusion centers and other authorized individuals (e.g., sworn law enforcement and analysts) to enter, store, and access SAR documents (e.g.,Summary SARs, Daily Briefs, and Weekly Analytic Reports), regularly created and publishedby fusion centers and other contributing agencies. Because of the need to concentrate onthe larger ISE-SAR EE rollout, the full implementation of the Library project was suspendedin order to focus on the primary purpose of the project. However, the development of theLibrary project and its initial testing demonstrated the potential success of the technologydesign and provided a viable tool for further applications.The ISE-SAR EE operated on the concept of “Shared Spaces,” which is an idea consistentwith the guidance provided in the IRTPA. The Shared Spaces concept uses anetworked and distributed information exchange process to make standardizedterrorism-related information available through Common Terrorism Information Sharing Sheriff Gillespie, Las Vegas MetroPolice Department: “The strength [ofthe NSI] is in partnering and thecommon mission. Today, we faceunique challenges in law enforcementnot only from the traditional aspect.We cannot allow the human trustaspects to interfere with the actionswe must take. This is a VERYworthwhile approach to informationsharing, and I look forward to utilizingit in southern Nevada.”Page 19Final Report: ISE-SAR EEProject Overview and Background Page 11 Standards,6 applications, and Web Services. Ultimately, the ISE-SAR EE, through the use ofthe Shared Spaces concept, provides a solution for law enforcement agencies to shareterrorism-related suspicious activity information, while continuing to maintain control of theirdata through a distributed model of information sharing. In December 2008, a short-term study was conducted with some of the participants todetermine the value of including personally identifying information (PII) data in the searchresults versus querying data with no PII included. The study was conducted with data fromthe Florida Fusion Center and the New York State Intelligence Center. When a query wasmade, the analyst was requested to complete a series ofquestions to determine the value of the informationprovided. The results of this study showed that datacontaining PII information had more value to the userthan data without PII. Additionally, a focus group wasestablished at the conclusion of the study, and theparticipants confirmed the value of including PII data inthe ISE-SAR EE.In early 2008, development began on the Findings andRecommendations of the Suspicious Activity Report(SAR) Support and Implementation Project report. Thisreport was developed to provide recommendations tothe Criminal Intelligence Coordinating Council (CICC)from the Major Cities Chiefs Association (MCCA). Thefindings and recommendations regarding the gathering,processing, reporting, analyzing, and sharing ofsuspicious activity (also referred to as the SAR process)were developed through site visits with policedepartments in Los Angeles, California; Chicago, Illinois;Boston, Massachusetts; and Miami-Dade, Florida. Theseagencies provided this information to a SAR subject-matter expert team, who documented the agencies’processes. The subject-matter expert teams were selected by the sponsoring agencies—BJA,DOJ, MCCA, Global, CICC, DHS, and the FBI. After the site visits, the Findings andRecommendations of the Suspicious Activity Report (SAR) Support and ImplementationProject

report was further developed by the SAR Executive Steering Committee, which wascomposed of local, state, and federal agencies representing the CICC, the Global Advisory 6Additional information on Common Terrorism Information Sharing Standards is available at http://www.ise.gov/pages/ctiss.aspx.Chief Harold Hurtt, HoustonPolice Department: “If you’renot committed to it [the NSI] atthe top of your organization, it’snot going to happen. Theofficers may be introduced to it,but if there’s not interest fromthe chief or the person at thetop of the organization, it won’tbe done properly and won’t beprocessed and will really bewasting a lot of governmentfunding. Hopefully, we look atthis as a program for theHouston region. We talk abouthomeland security, but this isalso about hometown security…and it would behoove all of usto protect our communities.…What we do every day isimportant, and we’re going tostep up to the plate—it’s assimple as that. We need to beable to count on each other.”Page 20Final Report: ISE-SAR EEProject Overview and Background Page 12 Committee (GAC), and the MCCA. Promisingpractices from these site visits were identifiedand are detailed throughout this report.In July 2008, police chiefs, sheriffs, andintelligence commanders from more than 25major cities and counties and representativesfrom several federal agencies met in Las Vegas,Nevada, to discuss the implementation of theFindings and Recommendations of theSuspicious Activity Report (SAR) Support andImplementation Project. Held in conjunctionwith the Major Cities Chiefs IntelligenceCommanders meeting and led primarily by stateand local stakeholders, this meeting focused onthe further development of foundational issuessuch as activity classification codes, privacyframework, and training recommendations. Based on the outcomes and recommendationsfrom this meeting, the project partners wereable to reconcile the behavior codes existing within the state and local agencies with thosecodes enumerated in the ISE-SAR Functional Standard. The privacy recommendationsidentified during the meeting included the requirement for each participating agency to havea privacy framework. The group also advocated for continued project transparency throughthe inclusion of privacy and civil liberties advocates where feasible. Recommendations fromthe training committee focused on the development of the three levels of training—for lineofficers, analysts, and executives.Following approval by the GAC and the CICC, the Findings and Recommendations of theSuspicious Activity Report (SAR) Support and Implementation Project was released inOctober 2008. The report and its recommendations establish national guidance for state,local, and tribal agencies to facilitate the improved sharing of SAR information. The reportadvocates that agencies use their existing processes and technology as they implement theSAR process at their agency.The Suspicious Activity Reporting Process Implementation Checklist was released inNovember 2008 as a companion document to the Findings and Recommendations of theSuspicious Activity Report (SAR) Support and Implementation Project report. Working withstate and local subject-matter experts to identify the major SAR process categoriesimpacting their operations and processes, this document provides a simplified checklist forchief executives and senior leadership. It is designed to be used as agencies develop an Mr. Michael Heimbach, AssistantDirector, Counterterrorism Division, FBI: “[eGuardian] will allow [a suspiciousactivity report] to be vetted through itsown police department, with the properapprovals put into the. . .system, andthen it sits there, and then we have amechanism to potentially connect thedots. Because if somebody is filming apower plant facility on the East Coast;they talk to the individual, no big deal,find no derogatory information, no threatconcern, and close it out. But it goes inthe system. But then the sameindividuals, or a car used by theindividuals, shows up at the Hoover Dam.Now we’re saying, ‘Okay, what’s going onhere?’ That’s the important thing. Todayit may not link, but five years or ten yearsfrom now, it could link.”Page 21Final Report: ISE-SAR EEProject Overview and Background Page 13 internal SAR process; aids in their crime prevention efforts; and assists with successfullyincorporating state, local, and tribal agencies into the nationwide SAR process. Throughout the project, strong partnerships were developed.

In 2008, both the Major CitiesChiefs Association and the Major County Sheriffs’ Association unanimously passedresolutions supporting the implementation of the SAR process within their member agenciesto illustrate their support of the project. Additionally, the National Sheriffs’ Association, theInternational Association of Chiefs of Police, the FBI, the CICC, and DOJ’s Global7 haveendorsed this project. On December 23, 2008, the Nationwide SAR Initiative Concept of Operations8 (NSICONOPS) was released by the PM-ISE. This document provides top-level operationalguidelines for the gathering and processing, analysis and production, and dissemination ofSARs. Additionally, the NSI CONOPS describes a comprehensive approach that includes notonly the ISE-SAR Shared Spaces concept but also the integration of federal agencies, suchas FBI’s eGuardian system and DHS’s suspicious activity reporting systems, as part of theNSI. The NSI CONOPS defines the requirements of the project and associatedimplementation activities, including areas such as: Description of the➢ overall ISE-SAR process and multiple ISE-SAR-related activities in sufficient detail to ensure that these activities adhere tostandard approaches and that all embody adequate protection for privacyand civil liberties. Clarification of the role of the ISE-SAR EE as a microcosm of the broader NSI. ➢ ➢ Description of the roles, missions, and responsibilities of NSI participating agencies and the top-level NSI governance structure. Using the NSI CONOPS document, the partner agencies of DHS, DOJ, the FBI, PM-ISE, andthe Office of the Assistant Secretary for Homeland Defense and America’s Security Affairs, insupport of the U.S. Department of Defense force protection/anti-terrorism mission, createdthe foundation for the NSI. Furthermore, these agencies aligned their SAR policies andprocedures with the NSI process. 7In June 2008, the Findings and Recommendations of the Suspicious Activity Report (SAR) Support and Implementation Project (SAR report) was developed to provide recommendations to the CICC from the MCCA. The SAR report was unanimously approved by the CICC in September 2008 and by Global in October 2008. 8See http://www.ise.gov/docs/sar/NSI_CONOPS_Version_1_FINAL_2008-12-11_r5.pdf.Page 22Final Report: ISE-SAR EEProject Overview and Background Page 14 Figure 1 describes the NSI process:9In late 2008, three fusion center sites—New York, Florida, and Virginia—were prepared tobegin the Shared Spaces pilot; however, due to delays in finalizing the site privacy policies,the pilot was not immediately made operational. Initial proof-of-concept success occurredduring the preparation for the 2009 Presidential Inauguration. The Washington, DC,Metropolitan Police Department and its fusion center—Washington Regional Threat andAnalysis Center—installed Shared Space servers and created a collection of potentialsuspicious activity reports. The SARs were then entered into the FBI’s eGuardian system.This partial implementation was accompanied by training for the executive leadership,analysts, and line officers within the agency. Significantly, the Washington, DC, pilot projectand training material were thoroughly reviewed by representatives from privacy advocacygroups. The input from this review, as well as input received during the Privacy and CivilLiberties Dialogue meeting (held September 2008) provided input which was used tostrengthen the ISE-SAR EE training programs and Functional Standards. The implementationof the SAR process in Washington, DC, provided valuable evidence to support thecontinuance of the initiative. 9Ibid. FIGURE 1: NSI PROCESSPage 23Final Report: ISE-SAR EEProject Overview and Background Page 15 On January 9, 2009, the Information Sharing Environment (ISE)-Suspicious ActivityReporting (SAR) Evaluation Environment Implementation Guide (Implementation Guide)10was issued after a collaborative effort by federal, state, and local partners and participantsof the ISE-SAR EE. The Implementation Guide builds upon the previous SAR project effortsand was developed to assist participating state and local law enforcement agencies with theimplementation of the ISE-SAR Shared Spaces. Additionally, the Implementation Guide aidsthem in understanding the procedures and processes within the ISE-SAR EE and provides indetail: Summary and overview of the ISE-SAR EE Technology, design➢ ➢

assumptions, system security, and implementation Project governance, to include privacy and civil➢ liberties protections Data access and security policies Logs and audits capabilities Training and➢ ➢ ➢ technical assistance On May 21, 2009, the PM-ISE issued the updated ISE-SAR Functional Standard, Version 1.5,11 to specifically address the sharing of terrorism-related SARs at all levels ofgovernment, with the objective of enabling analysts and officers with counterterrorismresponsibilities to discover and identify terrorist activities and trends. This update clarified anumber of privacy-related issues and aligned the Functional Standard with the businessprocess description in the NSI CONOPS. The ISE-SAR Functional Standard 1.5 definessuspicious activity as “observed behavior reasonably indicative of preoperational planningrelated to terrorism or other criminal activity.” Such activities could include, but are notlimited to, surveillance, photography of facilities, site breach or physical intrusion, cyberattacks, possible testing of security or security response, indications of unusual publichealth sector activity, unauthorized attempts to obtain precursor chemicals/agents or toxicmaterials, or other unusual behavior or sector-specific incidents. Ultimately, the updated ISE-SAR Functional Standard creates guidance for therecommendations in the NSIS and aligns the operational process descriptions within the NSICONOPS. 10The Information Sharing Environment (ISE)-Suspicious Activity Reporting (SAR) Evaluation Environment Implementation Guide was provided to all participating agencies and is considered a For Official Use Onlydocument. 11Additional information regarding the ISE-SAR Functional Standard can be found at http://www.ise.gov /pages/ctiss.html.Page 24Final Report: ISE-SAR EEProject Overview and Background Page 16 ISE-SAR EE IMPLEMENTATION The ISE-SAR EE, made up of 12 state and major urban area fusion centers, provided arelatively controlled environment to test the documented ISE-SAR policies, business process,capabilities, architecture, and standards. Additionally, the ISE-SAR EE allowed for theassessment and refinement of processes and capabilities prior to full-scale operation. Theobjectives of the ISE-SAR EE included, but were not limited to, the following:12 Improve operational➢ processes at federal, state, local, and tribal law enforcement agencies and fusion centers by providing capabilities todocument, store, and share terrorism-related SARs. Test and validate fundamental ISE➢ Enterprise Architecture Framework13 concepts and core services. Incorporate “lessons learned” and➢ “promising practices” into an implementation guide and template for establishing a nationwide ISE-SARprocess. Continue to evaluate the need to update the ISE-SAR Functional Standard. The project➢ was also built upon and continues to place emphasis on the protection ofprivacy, civil liberties, and civil rights.Using the Shared Spaces concept, the ISE-SAR EE was introduced in two phases. The firstphase, the SAR Operational Evaluation Project, began in September 2007 and involved thedesign, development, and deployment of hardware, software applications, and networkequipment that integrated state fusion centers in Florida, New York, and Virginia into theShared Spaces. In September 2008, representatives from the three state pilot sites and potential futurepilot site cities met in St. Louis, Missouri, to discuss the ISE SAR EE.14 The group discussedthe SAR business process, privacy and‐ civil liberties protections, and technology and trainingrelated to the SAR project. During this meeting, the project sponsors received commitmentsfrom several new sites indicating their willingness to participate in the ISE SAR EE. The meeting participants received a significant amount of training‐ concerning privacyframework development, personnel roles/responsibilities, and overview of the projectimplementation guide. The state and local technology points of contact also met with theproject technical team to discuss the rollout for each site. As a result of this meeting, thesecond phase of ISE-SAR EE participants became fully educated on the project, process, 12See Fact Sheet: Establishing a Terrorism-Related Suspicious Activity Reporting Initiative for additional information (http://www.ncirc.gov/sar/Fact_Sheet_NSI_-_December_23_2008_Final.pdf). 13For additional information regarding the ISE Enterprise Architecture Framework, see http://www.ise.gov /pages/eaf.aspx. 14The participating agencies are listed in Appendix One.Page 25

Final Report: ISE-SAR EEProject Overview and Background Page 17 training, and technology. Ultimately, building on the successes of the first Shared Spacesparticipants, the second phase expanded the project to other major metropolitan lawenforcement agencies and regional fusion centers, including Boston, Massachusetts (UASI);Chicago, Illinois (UASI); Houston, Texas (UASI); Las Vegas, Nevada (UASI); Los Angeles,California (UASI); Miami-Dade, Florida (UASI); Phoenix/Arizona (UASI/State);Seattle/Washington (UASI/State); and Washington, DC (UASI). In addition, the federalagencies of DHS and the FBI’s eGuardian were included as part of the ISE-SAR EE.15 SUMMARY OF THE ISE-SAR PROCESS The ISE-SAR EE was designed to test thefunctionality of the ISE-SAR process in acontrolled environment and, if successful,examine the expansion of the NSI across theUnited States. The ISE-SAR process beginswhen a frontline law enforcement officerresponds to a call for service or self-initiates lawenforcement action based on a reportedincident/observation or the officer’s observationof suspicious behavior. The initiation of thisprocess could also occur when citizens orprivate sector personnel report some kind ofsuspicious activity. Many agencies documentthis data into their records managementsystem, field interviews, or other relatedprocesses. This project has not sought to createnew systems but rather to leverage the currentbusiness processes and automated systems toextract certain data concerning suspiciousactivity relating to terrorism and make itsharable within the Shared Spaces.The ISE-SAR process, as outlined in the ISE-SAR Functional Standard, sets forth a four-part“integration/consolidation” process for identifying and gathering those activities that have apotential nexus to terrorism. The first part of the process involves ensuring that the activitymeets one or more of the criteria detailed in Part B of the ISE-SAR Functional Standard. Developed by state and local counterterrorism experts, these criteria describe behaviorsthat are indicative of or associated with terrorism. For example, the Los Angeles PoliceDepartment (LAPD) researched and developed an extensive set of behavior-specific codesfor the reporting of suspicious activity. These codes provided agencies with the method for 15The ISE-SAR EE includes the initial 12 sites. It is anticipated that the ISE-SAR EE will be expanded into the Nationwide SAR Initiative and will encompass all 72 fusion centers.Deputy Chief Clark Kimerer, SeattlePolice Department: “The next terroristattack will be solved by a private citizen,a utility worker, or an observant personthat gets to the authorities, that willprevent the loss of life, the crippling ofour country. That is why it’s so criticalthat executive leadership make it [theNSI] come about. If I look at the worldprior to 9/11 and approaching thisthreat, we have made incredible strides.We need to recognize that SAR is one ofthe critical components of this process.People are fatigued with talking about,thinking about, preparing for terrorism. The fact that our interest in 9/11attenuates—it gets more and moreuninteresting as we get farther from9/11—we do not want to ‘nod’ at theswitch. That’s exactly what our enemieswant us to do.”Page 26Final Report: ISE-SAR EEProject Overview and Background Page 18 documenting behavioral indicators that have a potential nexus to terrorism. LAPD used thecodes to train its personnel in the recognition of suspicious activity. The process wascontinuing to mature as LAPD conducted research to develop patterns and determine thefrequency of use with the codes. For the ISE-SAR EE initiative, additional subject-matterexperts from the state and local agencies reviewed the LAPD codes as well as thoseidentified in the Functional Standard. Throughout the project, these behavior codeswere consistently mapped and validated toensure they are representative of the currentterrorism threat environment. Additionally, BJA’sState and Local Anti-Terrorism Training (SLATT®)Program analyzed and mapped recent terrorismevents with the behavior codes for validation ofthe ISE-SAR EE codes. Based on this research,the SLATT Program is also piloting a searchableTerrorism Incident Database that lists anddisplays the terrorist events in four formats—chronological, by topic, search engine, andgeospatial. The second part of the process involves the review and vetting of the information to ensurethat it is both legally obtained and has a potential terrorism nexus. In most agencies, thisinitial review is completed by a first-line supervisor trained to recognize activity associatedwith terrorism. The third and fourth steps of the process include an additional vetting step,which requires that all SARs

be reviewed by analysts or officers who have been trained toassess the SAR’s validity and accuracy. This multilayered review occurs prior to theinformation being entered into the Shared Spaces. Measuring the observed activity, boththrough the use of recognized indicators and hands-on evaluation, increases the accuracy ofthe process. Suspicious activity must be “an observed behavior reasonably indicative ofpreoperational planning related to terrorism or other criminal activity”16 for a reportdocumenting such activity to be considered an ISE-SAR under this standard. Following this review and a determination that the SAR has a relation to terrorism, theinformation will be formatted as described in the ISE-SAR Functional Standard and sharedthrough the use of the Shared Spaces with all appropriate ISE-SAR EE participants. Thisprocess does not supersede other notification processes, such as when exigentcircumstances require that ISE-SARs be immediately referred to the FBI’s Joint TerrorismTask Force (JTTF); rather, it helps to enhance information sharing efforts. 16ISE-SAR Functional Standard. New York State Police SuperintendentHarry J. Corbitt: “The same principlesthat make a neighborhood watchprogram successful in keeping aneighborhood safe apply on a largerscale to keep municipal, statewide, andnational communities safe. If thekeystone to success is communicationfrom all eyes and ears of ourcommunities, the foundation is thebuilding and maintenance of trustingrelationships between police and thecitizens they serve.”Page 27Final Report: ISE-SAR EEProject Overview and Background Page 19 SAR INFORMATION SHARING GOALS—COMPLETE, ACCURATE, AND TIMELY Efforts to prevent terrorist attacks are most effective when accurate, valid, and reliableinformation is used to support crime prevention and other counterterrorism activities. Sincethe laws, statutes, and practices that support, prohibit, or otherwise limit the sharing ofpersonal information vary considerably between and among the federal, state, and locallevels, each ISE participant may exclude additional privacy fields from its ISE-SARs, inaccordance with its own statutory or policy requirements.The ISE-SAR Functional Standard does not dictate a common process but provides a degreeof standardization amongst participating agencies. Key to the design is the use of existinginternal agency processes. For example, severalparticipating agencies leveraged their existingbehavior codes and SAR reporting processes asthey entered the ISE-SAR EE. LAPD modified itsexisting Investigative Report used by officers toreport crimes. Three changes were made: (1)the addition of a check box to identify the reportas containing suspicious activity, (2) the additionof a check box for distribution to the Counter-Terrorism and Criminal Intelligence Bureau(CTCIB) Major Crimes Division (MCD), and (3) acheck box for “Involved Party (IP)” information.17Modifying the existing report allowed LAPD tosimplify the introduction of the SAR processwithin the department and was instrumental in the institutionalization of the SAR process. From these examples, it becomes clear that agencies, even large agencies, are capable ofentering the ISE-SAR EE with a modicum of effort. Data contained in reports designated as ISE-SARs originate from information gathered bysource or reporting law enforcement organizations. Before the suspicious incident orbehavior is documented in the first instance, entities apply various tools and techniques toverify the accuracy, timeliness, and reliability of details surrounding the observed or reported“suspicious” conduct or event. Most often, this verification entails interviews withindividuals who supplied the information of the reportedly “suspicious” circumstances. Lawenforcement officers also may query systems to validate information relating to the incidentor conduct. 17The term “Involved Party (IP)” did not exist on the previous Investigative Report. It was added with the idea that when the SAR box is checked, the officer will write the report using the term “IP” instead of “suspect.” LAPD does not consider someone engaging in suspicious activity as a suspect but an IP, because, in reality, thesuspicious activity may not be a crime; therefore, there would be no suspect.Commissioner Ed Davis, Boston PoliceDepartment: “History shows that thereason programs fail is due to the lack ofimplementation.... This is our chance toput the pieces of the puzzle together....SAR is probably the most important thingwe can do to protect the homeland.…Parochialism, not playing well withothers, is something from the past andcan only hurt us as an organization.... Ineveryday activities, the

information wehave and collect as an organization hasto be shared….”Page 28Final Report: ISE-SAR EEProject Overview and Background Page 20 The authors18 of the Information Sharing Environment—Suspicious Activity ReportingFunctional Standard and Evaluation Environment: Initial Privacy and Civil Liberties Analysis(Version 1—September 2008)19 recommended that the ISE-SAR EE sites require sourceagencies documenting suspicious activity to assess their confidence in the information theyreport, including source reliability and content validity. The assessment may rely on factorssuch as demeanor (e.g., intoxication level, mental state), credibility (based on priorexperience, interview), or other indicia of reliability and validity. The assessed level ofconfidence will enable the fusion center and ISE-SAR recipient organizations to better gaugethe value of the information to be designated an ISE-SAR and to ensure against erroneousreports or reports potentially motivated by racial, religious, or other animus. While no policycan completely eliminate the risk of such bias, responsible processes to validate and reviewpossible suspicious activities before such activities are formally documented may reducesuch risks. State constitutions, statutes, local ordinances, and policies may dictate the distributedhousing of SAR and ISE-SAR data in each agency or fusion center so that local control isretained. The ISE-SAR Shared Spaces were designed by the state and local law enforcementrepresentatives to meet their needs and to match their willingness and ability to share thedata. For example, policy and technology prohibit the printing, download, and exporting ofSAR data. Another state and local priority concerned the retention of the SAR information.Some SAR elements or the SAR in its entirety may be deleted or retained for a specificmaximum time period based on statutes, codes, and applicable policies. For example, someagencies and centers may require a data purge if an actionable offense or case is notestablished or pursued based on the data within a certain time frame. Review periods havebeen established in some agencies and centers where a decision is made as to whether theinformation should be retained for a longer period of time or otherwise purged. Accordingly,each agency has developed a written policy concerning information retention. Ultimately,each source and submitting agency is responsible for the accuracy of its own data. Eachsubmitting agency maintains control of its data residing in the Shared Spaces as it isupdated, added, modified, or deleted, according to its established policy and practice. Forthe ISE-SAR Evaluation Environment, it was decided that when a search occurs, the record isshared for informational purposes but the data is not available for download; therefore,control of the data always remains with the submitting agency. 18The PM-ISE—in consultation with the Civil Liberties and Privacy Office of the Office of the Director of National Intelligence (ODNI), the Office of Privacy and Civil Liberties of DOJ, and the Legal Issues Working Group of theISE Privacy Guidelines Committee—prepared and released an Initial Privacy and Civil Liberties Analysis of theISE-SAR Functional Standard and included an IEPD component. 19See http://www.ise.gov/docs/sar/ISE_SAR_Initial_Privacy_and_Civil_Liberties_Analysis.pdf.Page 29Final Report: ISE-SAR EEProject Overview and Background Page 21 PROTECTION OF PRIVACY RIGHTS AND CIVIL LIBERTIES The third important aspect of the NSI is its emphasis on protecting the privacy, civil rights,and civil liberties of Americans. Implementation of an approved privacy policy, applicationof the revised SAR Functional Standard, and privacy training of personnel ensured acomprehensive framework for the protection of privacy throughout the SAR process. In September 2008, the PM-ISE, in consultation with the Civil Liberties and Privacy Office ofODNI, the Office of Privacy and Civil Liberties of DOJ, and the Legal Issues Working Group ofthe ISE Privacy Guidelines Committee (PGC), prepared the Initial Privacy and Civil LibertiesAnalysis of the Information Sharing Environment-Suspicious Activity Reporting (ISE-SAR)Functional Standard and Evaluation Environment (report). The report called for thedevelopment of a robust privacy, civil rights, and civil liberties protection process thatincluded a requirement to have a written privacy policy for each participating SAR EvaluationEnvironment (EE) site.EE participating sites were given three options for

developing privacy policies that wouldqualify them to share and receive personal information contained in “privacy fields.” Theoptions included the following:(1) The site could complete a comprehensive privacy policy based on Global’sFusion Center Privacy Policy Development: Privacy, Civil Rights, and CivilLiberties Policy Template.(2) The site could formulate an ISE-SAR specific policy based upon the ISE-SAREvaluation Environment Privacy, Civil Rights, and Civil Liberties ProtectionPolicy Template.20(3) The site could use its existing privacy policy and refine it to ensure that itaddressed all the ISE Privacy Guidelines requirements for enhancedprotection of terrorism-related information. Each participating site developed and provided a draft privacy policy to the Privacy PolicyReview Team for assessment and feedback. Once the site’s policies satisfied the privacyrequirements of the review team, the completed policy was recommended for approval tothe PGC cochairs (privacy officials from ODNI, DOJ, and DHS) and the PM-ISE. Uponapproval, DOJ/BJA was formally notified that the EE participant was authorized to “go live” insharing and receiving privacy field information in Shared Spaces under the EE. Throughout the Initiative, the PM-ISE and its federal partners remained committed to privacyby collaborating with privacy and civil liberties advocacy groups. Advocacy groups, includingthe American Civil Liberties Union and representatives from the Muslim advocacy 20The Privacy Guidelines Committee’s Legal Issues Working Group finalized and approved the template for distribution to the participating sites in January 2009.Page 30Final Report: ISE-SAR EEProject Overview and Background Page 22 community, served an essential role in shaping the privacy protection framework for ISE-SARinformation sharing activities, assisted with the development and review of products (e.g.,templates and training), and met with the ISE-SAR EE implementation group on numerousoccasions. The development and revision of the Functional Standard illustrates the importance ofbuilding a strong partnership with advocacy groups. Following extensive outreach andconsultation with privacy and civil liberties advocacy groups, the Functional Standard wasdeveloped with PGC participation and was revised in May 2009 to enhance its privacyprotection focus. The revised Functional Standard identifies the types of activity that may bedeemed suspicious and the circumstances under which such information may be shared. The revised standard defines suspicious activity as “observed behavior reasonablyindicative of preoperational planning related to terrorism or other criminal activity.” A determination that a SAR, initially gathered and vetted by a source agency, constitutes anISE-SAR must be made as part of a two-step process by trained analysts. Analysts useexplicit terrorism behavior criteria and consider all relevant facts and circumstances indeciding that the behavior observed is reasonably indicative of terrorism activity. By focusing on observed behavior, this standard mitigates the risk of profiling based onrace, ethnicity, national origin, or religion. It also improves mission effectiveness by enablingISE-SAR EE personnel to scope and address potential threats in a more efficient andstandardized manner. Each participating EE site also had the responsibility to train its personnel. At the directionof the PGC and project sponsors, the Initiative and its partners21 provided extensive SAR-specific training focusing on protecting privacy, civil rights, and civil liberties to the EE sites’executives, analysts, investigators, managers, and line officers.Following the end of the EE pilot phase, privacy officials debriefed each site and assessedthe extent to which the revised Functional Standard and the privacy protection frameworkmitigated implementation risks associated with ISE-SAR information sharing activities. While it is clear that the Initiative resulted in major accomplishments, the assessmentpointed out certain areas that will require enhanced focus during the broader NSIimplementation in 2010, including: NSI sites are strongly encouraged to engage in outreach to members of the public, private➢ sector partners, and privacy and civil liberties advocacygroups during their privacy policy development and to address theirconcerns and recommendations through the adoption of appropriateprivacy and civil liberties safeguards. A transparent process andcollaboration with advocacy groups will reinforce the ongoing commitment 21The entities that provided training included the Major Cities Chiefs

Association, the Institute for Intergovernmental Research, and the International Association of Chiefs of Police.Page 31Final Report: ISE-SAR EEProject Overview and Background Page 23 by federal, state, and local partners to fostering the trust of the public andthe privacy and civil liberties community. Given that➢ participating sites generally experienced delays in developing and implementing their privacy policies during the EE Initiative, the broaderNSI will require each site to fully adopt the NSI privacy protection frameworkprior to participation in the NSI. • To expedite privacy policy development and implementation, it is strongly recommended that the sites have access to the servicesof a trained privacy officer who is available to provide ongoingadvice and assistance regarding privacy, civil rights, and civilliberties. • The revised Functional Standard must be effectively communicated to personnel with responsibilities in the ISE-SARarena to ensure the proper application of this standard. Lineofficers in particular should receive specialized training tostrengthen their ability to recognize the types of behavior that maybe indicative of terrorism. • Although no sites reported a breach of personal information contained in privacy fields during the ISE-SAR EE, it is essentialthat site personnel receive ongoing training that focuses onsafeguarding personal information in order to strengthen theirability to prevent breaches involving personal information and tounderscore their reporting obligations. • Even though no complaints for redress were filed during the Initiative, sites must consistently provide thorough explanations inresponse to public inquiries about sites’ privacy policies,information availability, and redress procedures. Full and candidstatements about the privacy policy framework are essential toensuring the transparency of ISE-SAR processes and to fosteringthe public’s trust. • Given that extensive training of site personnel was effective in increasing privacy awareness at the participating sites, all site personnel in the broader NSI implementation must beinformed and trained regarding their respective responsibilitiesrelative to protecting privacy, civil rights, and civil liberties and the consequences and accountability for violation of theseresponsibilities. Each site is responsible for developing ongoingrole-based training regarding the ISE and the SAR process forfrontline, investigative, analytic, and supervisory personnel.Page 32Final Report: ISE-SAR EEProject Overview and Background Page 24 • The sites confirmed that the technical assistance provided during the Initiative facilitated the development and implementation ofthe privacy protection framework. The Initiative should thereforecontinue to provide technical assistance to sites to support privacypolicy adoption, implementation, and training.The results from the EE Initiative support the conclusion that the sites successfullyimplemented the privacy policy framework and that the extensive training provided to keypersonnel heightened awareness of basic privacy safeguards, thus reinforcing the privacyprotection framework for the NSI. The continued success of the NSI largely depends on ourability to earn and maintain the public’s trust. To further foster the public’s trust, the PM-ISEand its federal partners are committed to a transparent ISE-SAR process. In January 2010,the ISE PGC cochairs will complete and release the final in-depth privacy analysis of the NSIISE-SAR EE. TRAINING Training was a critical element of the ISE-SAR EE and is a vital component of theimplementation of an agency’s SAR process. As part of the ISE-SAR EE, a training plan wasdesigned to ensure that personnel at all agency levels receive instruction regarding the SARprocess. The training also served to institutionalize the effort throughout the agency. Forthis project, three coordinated training courses—executive leadership, analyst/investigator,and line officer—were developed to target the different operational roles existing within lawenforcement agencies.22The Chief Executive Officer Briefing (also known as the Executive Leadership Course)focuses on establishing an understanding of the ISE-SAR EE, policy development and privacyand civil liberties protections, the importance of developing agency training and communityoutreach, determining the level of commitment to implement or participate in the ISE-SAREE, determining the level of technical assistance needed, and gaining commitment forimplementation and participation in the ISE-SAR EE.

The Chief Executive Officer Briefingwas delivered to the 12 pilot sites, and attendance included 389 participants from 180 lawenforcement agencies.23The SAR analyst/investigator course focuses on the review and vetting of SAR informationas it relates to the ISE-SAR Functional Standard. Additionally, this course provides extensive 22The Major Cities Chiefs Association developed the Chief Executive Officer Briefing. BJA developed the SAR analyst/investigator course. The International Association of Chiefs of Police developed the line officer trainingcomponent. 23 Arizona Counter Terrorism Information Center; Boston, Massachusetts, Police Department; Chicago, Illinois, Police Department; Florida Department of Law Enforcement; Houston, Texas, Police Department; Las Vegas,Nevada, Metropolitan Police Department; Los Angeles, California, Police Department; Miami-Dade, Florida,Police Department; New York State Intelligence Center; Seattle, Washington, Police Department; Virginia StatePolice; and Washington, DC, Metropolitan Police Department.Page 33Final Report: ISE-SAR EEProject Overview and Background Page 25 coverage of the importance of privacy and civil liberties protections; terrorism indicators,recent trends, and stages of terrorism; behaviors tied to the ISE-SAR Criteria Guidance; andresources and tools available. The SAR analyst/investigator course was delivered to 16sites, and attendance included 489 participants from 159 agencies. In addition to the 12participating agencies within the ISE-SAR EE, training was also provided to representativesof 11 DHS components. Understanding the vital role analysts/investigators play in the SARprocess, the Florida Department of Law Enforcement sponsored additional SARanalyst/investigator training at three of its regional offices. The line officer training focuses on enriching the critical role line officers have in theeffective implementation of the ISE-SAR process. The training was piloted in the classroomfor the pilot state fusion centers of New York, Virginia, and Florida. An online version of thecourse was delivered to the Washington, DC, Metropolitan Police Department. Participantsare trained to recognize those behaviors and incidents that could be indicative precursors toactivity related to terrorism. The line officer training was delivered by the InternationalAssociation of Chiefs of Police to more than 4,000 officers in Washington, DC; New YorkState; Virginia; and Florida.24To continue the theme of transparency and openness, the American Civil Liberties Unionand other privacy advocates were invited to review the training courses as they weredeveloped. The input from these advocates provided significant enhancements andimprovements of the overall SAR training programs. TECHNOLOGY SOLUTIONS The IRTPA requires that the ISE be “a decentralized, distributed, and coordinatedenvironment” that “to the greatest extent practicable, . . . connects existing systems . . .;builds upon existing systems capabilities currently in use across the Government; . . .facilitates the sharing of information at and across all levels of security; . . . and incorporatesprotections for individuals’ privacy and civil liberties.” To this end, the ISE-SAR EE utilized adistributed data model to connect its Shared Spaces—the eGuardian System and DHS’s SARdata—to make terrorism-related information available through Common TerrorismInformation Sharing Standards, applications, and Web Services. By utilizing two differentmethods for sharing information, the EE allows agencies to choose the method mostbeneficial and efficient for them to share terrorism-related information. The Shared Spaces allow authorized users to securely search the ISE-SAR data housed onlocal agency-controlled servers from one central location—the secure National CriminalIntelligence Resource Center (NCIRC) portal. In most cases, a two-server system wasinstalled in which a server designed to house the ISE-SARs was protected inside an agency’sfirewall while the second server, designed to receive ISE-SAR queries from the NCIRC portal, 24The dates and location of all training sessions is listed in Appendix Two: Project Timeline.Page 34Final Report: ISE-SAR EEProject Overview and Background Page 26 remained outside. These servers are connected to create the ISE-SAR EE Shared Spaces,which are accessible to all Evaluation Environment participants. When a query is submittedto the Shared Spaces by an agency, the data elements are transmitted to each of theparticipating agency Shared Spaces servers and the database for

that location is searched. Results matching the query elements are transmitted back from the participating agency’sShared Spaces servers to the Shared Spaces portal, where they are aggregated into a singleresult set, allowing users to identify items of interest. The communication backbone thatallows this query to occur uses virtual private network (VPN) technology to deliverinformation between sites in a secure manner.eGuardian is available through the secure Law Enforcement Online Internet portal. Thoseagencies that participate in eGuardian will be able to directly input terrorism-relatedsuspicious activity and conduct searches. Their entries will be automatically sent to a state“fusion center” or a similar intelligence-based center for vetting, where trained personnelwill evaluate it and then either monitor it, close it, or refer it to the appropriate FBI JointTerrorism Task Force for investigation. Ultimately, eGuardian will add additional capabilitiesfor conducting analysis.Figure 2 depicts a high-level overview of the Shared Spaces Concept.25 25See http://www.ise.gov/docs/sar/NSI_CONOPS_Version_1_FINAL_2008-12-11_r5.pdf. FIGURE 2: OVERVIEW OF SHARED SPACES CONCEPTPage 35Final Report: ISE-SAR EEProject Overview and Background Page 27 The Shared Spaces integrate the National Information Exchange Model (NIEM) standards,DOJ’s Logical Entity eXchange Specifications (LEXS) Search and Retrieve messagingprotocol, and the ISE-SAR Functional Standard into a standardized process to efficiently andeffectively share information. The next level of technical detail, which enhances the NSICONOPS, the ISE-SAR EE Segment Architecture, was released in December 2008. Itdocuments a logical arrangement of business and functional drivers, information exchangerequirements, and outcomes and constraints for extending capabilities implemented duringthe ISE SAR EE project. This segment architecture, derived from ISE Architecture programdocumentation, identifies enabling services required for operational implementation anduse. It also will assist program managers, chief architects, and systems designers andimplementers as they determine the programmatic and solution strategies that support thebusiness case for future NSI and ISE SAR capabilities.26During discussions with project participants in September 2008, key challenges wereidentified that impact an agency’s participation in the project. These challenges included: ➢ Inability to consolidate SAR reports from multiple sources. Inability to vet reports and identify the➢ SAR reports that have a nexus to terrorism and hence need to be forwarded to the ISE-SAR Shared Spaces. Inability to enhance SARs since multiple data elements identified in the SAR IEPD may not➢ be fully supported by the agency’s existing SAR recordsmanagement system.As a result of these discussions, it was determined that there was a need for the provision ofa “bridge” between the existing SAR legacy systems and the semiautomated processes thatare being used today at many agencies. This would improve the quality and completeness ofthe SAR IEPD-based content and ensure that SAR records that were submitted to the ISEShared Spaces met the SAR criteria and the privacy guidelines established by the ISE-SARFunctional Standard. This would also ensure that the agency would retain operationalcontrol and would be able to vet the SAR information being forwarded to the ISE-SAR SharedSpaces.The SAR Vetting Tool (SVT) was identified as a solution that could be developed once anddeployed to the various organizations as a tool for managing the SAR creation and updateprocesses and ensures that high-quality and complete SAR reports could be forwarded to anagency’s ISE Shared Spaces environment. 26See http://www.ise.gov/docs/eaf/ISE-EAF_v2.0_20081021.pdf.Page 36Final Report: ISE-SAR EEProject Overview and Background Page 28 SYSTEM SECURITY The ISE-SAR EE is not a national security system and does not contain classified information.The ISE-SAR EE project uses multiple secure Sensitive But Unclassified (SBU) networks,including the DOJ-supported Regional Information Sharing Systems® Secure Intranet(RISSNET™), the FBI-supported Law Enforcement Online, and DHS-supported HomelandSecurity Information Network,27 as the connection and transport mechanisms for sharingSARs. This gives law enforcement agencies access to the ISE-SAR EE through the SBUnetwork(s) they currently utilize. The ISE-SAR EE uses a separate

server for each agencycontrolled by that agency. Additionally, the eGuardian system provides the connectionbetween the JTTF and the ISE-SAR Shared Spaces, whereas the DHS Shared Space providesa connection to all DHS entities. The ISE-SARs are stored, processed, and disseminated in a protected informationenvironment that provides adequate security controls. These controls include: ➢ Controlled access to the information that allows only authorized users— limited to certain individuals assigned by participating fusion centers—toaccess, retrieve, and display ISE-SAR information. Use➢ of DOJ’s Trusted Broker solution to allow access to the Shared Spaces from multiple SBU networks. The Trusted Broker is an identity managementprocess that allows users to avoid having to use multiple usernames andpasswords to sign on to different systems. Encrypted transmission of information sent➢ between Shared Spaces sites and the NCIRC portal. Use of VPN and additional firewall technology➢ installed at the fusion center sites to limit access by ISE-SAR EE users to only those servers that aresupporting the Shared Spaces environment. Force a ISE-SAR EE participating agency to➢ explicitly “mark” SARs that should be pushed to the agency’s Shared Spaces repository and therebyensure that only information it is allowed to share by its constitution orstatutes, local ordinances, or agency policy is made available to the broaderISE-SAR EE community. The➢ Implementation Guide is used to ensure that all participants use the same standards, rules, process, and guidelines. 27Homeland Security State and Local Intelligence Community (HSLIC).Page 37Final Report: ISE-SAR EEProject Overview and Background Page 29 METHODOLOGY TO MEASURE, DOCUMENT, AND EVALUATE THE ISE-SAR EE The ISE-SAR EE was developed to test the assumptions of sharing ISE-SAR informationacross multiple domains in accordance with the ISE-SAR Functional Standard and businessrules. The project sought to identify pilot site partners from state and major urban areafusion centers, DOJ, and DHS. The ISE-SAR EE examined the usefulness of the ISE-SARCriteria Guidance (Part B of the ISE-SAR Functional Standard) and the sharing of ISE-SARinformation among major city and other law enforcement agencies, JTTFs, and fusioncenters. The Evaluation Environment has provided the capability to establish, test, andvalidate the end-to-end agency SAR processes, including the development of priorityinformation needs, information gathering and reporting policies, report vetting and analysis,and other enabling activities.Following meetings with the participating agencies, the project partners developed anassessment for each of the pilot sites to evaluate their current SAR processes andprocedures and to determine the standing and threat-based information sharing needpriorities. Additionally, the site visits were conducted to evaluate the existing technologycapabilities and current business processes surrounding the gathering, analysis, andsharing of terrorism-related SAR information. These site visits allowed project partners todocument the “As-Is” SAR process of the pilot sites. The discussion and determination ofeach agency’s “As-Is” SAR process questions were developed based on the SuspiciousActivity Reporting Process Implementation Checklist. The reports developed as a result ofthese site visits outline the current workflow, technology, and business processes of the SARsites. The assessments were held for the following locations on the following dates:Washington, DC, Metropolitan Police DepartmentNovember 4, 2008Los Angeles, California, Police DepartmentDecember 4, 2008Chicago, Illinois, Police DepartmentDecember 16, 2008Boston, Massachusetts, Police DepartmentDecember 17, 2008Houston, Texas, Police DepartmentJanuary 13, 2009Las Vegas, Nevada, Metropolitan Police DepartmentJanuary 15, 2009Miami-Dade Police DepartmentFebruary 18, 2009Florida Department of Law EnforcementFebruary 20, 2009Seattle, Washington, Police DepartmentFebruary 24, 2009New York State Intelligence CenterApril 23, 2009Virginia State PoliceMay 1, 2009Arizona Counter Terrorism Information CenterJuly 23, 2009Page 38Final Report: ISE-SAR EEProject Overview and Background Page 30 Leading up to and following these site visits, numerous partner meetings and conferencecalls were held to ensure partner collaboration and project awareness. SAR PERFORMANCE MEASUREMENT The PM-ISE created a

Performance Measurement Plan (Plan) to measure the effectivenessof the SAR activities in the EE. The Plan incorporated a set of discrete performancemeasures designed to monitor implementation of required privacy protections, to analyzeSAR statistics, and to address the effectiveness of the SAR process. Measures included: Tracking training programs to facilitate proper implementation of➢ privacy and civil liberties protections. Monitoring numbers of SARs gathered and processed, placed➢ into the Shared Spaces, and reported to the FBI’s JTTF. Identifying investigations, arrests, and➢ convictions that benefited from SAR data. OBSERVATIONS: The SAR team used a variety of techniques to collect information, including automated tools,interviews, and survey reporting by the sites. After analyzing this information, the teamdeveloped three observations that indicate sites effectively shared SAR data and that SARdata can have a positive operational impact. Observation 1: Few sites were able to fully implement the SAR process and share data.By the end of the evaluation, the Florida Department of Law Enforcement (FDLE),the Virginia Fusion Center (VFC), the New York State Intelligence Center (NYSIC),and the Boston, Massachusetts, Police Department (BPD) completed theactivities necessary to share SAR data with other sites and their analystsregularly performed searches of the ISE-SAR Shared Spaces. Figure 3, below,illustrates the level of search activity over the 14 biweekly periods of the ISE-SAR EE. There is a significant increase in the number of searches toward theend of the EE. This increase may be attributed to additional sites gaining accessto the Shared Spaces and is consistent with the increase in users (see Figure 4). FDLE experienced a sharp increase in the number of searches, which may beattributed to a change in policy at that site. FDLE management modified itstraining for its analysts, requiring them to search the ISE-SAR Shared Spaces aspart of their standard operating procedures.Page 39Final Report: ISE-SAR EEProject Overview and Background Page 31 FIGURE 3: FDLE, VFC, NYSIC, AND BPD FULLY IMPLEMENTED THE REQUIREMENTS TO ENABLEANALYSTS TO SEARCH THE ISE-SAR SHARED SPACES.FIGURE 4: FDLE, VFC, AND NYSIC SHOWED THE GREATEST INCREASE IN USERS OF THE ISE-SAR SHARED SPACES, POSSIBLY CONTRIBUTING TO THE INCREASE IN SEARCH ACTIVITYORIGINATING AT THOSE SITES. 01020304050607080901 2 3 4 5 6 7 8 9 10 11 12 13 14SearchesBiweekly Periods (May to November 2009) Average Search Activity Average of all SitesFDLE, VFC, NYSIC, BPD Figure 4, below, illustrates that three of the four active sites had a significantincrease in the number of users. This timing of the increase in users coincideswith the increases in overall search activity across the EE. 05101520253035404512345678910 11 12 13 14 Searches Biweekly Periods (May to November 2009) Growth in the Number of Users VFCNYSICFDLEBPD Observation 2: It proved challenging for sites to provide performance statistics on activities prior to posting SARs in the Shared Spaces (after identification asISE-SAR).Page 40Final Report: ISE-SAR EEProject Overview and Background Page 32 The sites were asked to track the total number of SARs collected prior to andduring the evaluation period as well as the number of ISE-SARs identified (i.e.,SARs with a nexus to terrorism). Several sites had difficulty providing statisticson the total number of SARs received prior to being assessed as ISE-SARs—some for lack of an automated tracking capability and others because they onlyreceive SARs evaluated for a possible connection to terrorism by anotherorganization—e.g., the local police department.Of the sites that were able to implement an effective screening process toidentify ISE-SARs, FDLE and VFC stand out as examples: • FDLE: Over the course of the evaluation, FDLE vetted 5,727 SARs (most predating the evaluation) and identified 12 ISE-SARs. • VFC: Over the course of the evaluation, VFC vetted 347 SARs and identified 7 ISE-SARs. Observation 3: Reported activities demonstrate that the SAR process produced operational impact.The majority of sites were unable to calculate the number of arrests andinvestigations resulting from SAR data; however, five sites successfully linkedoperational results to the implementation of the SAR process, including: • Four of the five sites reported the number of

federal investigations initiated as a result of ISE-SARs. • Three of the five sites reported the number of local investigations initiated as a result of ISE- SARs. • Two of the five sites reported on the number of local or federal investigations that led to arrests or convictions in cases involvingISE-SARs. • Two of the five sites reported that they use ISE-SARs for critical infrastructure protection and in the products generated as a resultof pattern and trend analysis.The five sites providing this results data are major urban area fusion centers, not statefusion centers. By design, these fusion centers work more closely with the officers anddetectives investigating SARs in their jurisdiction than other fusion centers. For instance, inWashington, DC, the investigation of four SARs received at the fusion center led to the arrestof an individual for producing 25 bomb threats.Page 41Final Report: ISE-SAR EEProject Overview and Background Page 33 RECOMMENDATIONS It became apparent during the evaluation that any future SAR performance measurementplan should provide a results-oriented approach to monitor progress and performance,optimize resources, and promote accountability. That plan must: Recommendation 1: Focus on helping sites to improve their automated reporting capability to monitor and report on SAR process activities. Althoughsites were able to monitor SARs once posted to the Shared Spaces, most werenot able to track and report on SAR activities that occurred prior to being postedor after they were used in analytical and law enforcement activities. Recommendation 2: Develop the means to differentiate training and testing searches in the Shared Spaces from operational activity in the Shared Spaces. Currently, test data appears identical to operational data in the Shared Spaces,and unless manually deleted by the site, it may distort usage statistics. Recommendation 3: Review national law enforcement best practices to identify potential new performance measures and identify areas of improvementwith existing measures. PROJECT GOVERNANCE A project management structure was developed at the beginning of this initiative thatemphasized state and local law enforcement participant project ownership. The governanceprocess relied on several key methods for communicating the project goals, objectives,current status, and next steps, including: Weekly project team meetings via conference call Face-to-face working group➢ ➢ meetings held approximately every 45 days Semiannual user group meetings User group➢ ➢ conference calls as necessary Monthly activity summary newsletters The federal project sponsors➢ were essential to the success of the initiative. Through theirwork and collaboration, the project was able to meet its project goals and achieve projectobjectives. These federal partners include: U.S.➢ Department of Justice, Bureau of Justice Assistance Federal Bureau of Investigation U.S.➢ ➢ Department of Homeland SecurityPage 42Final Report: ISE-SAR EEProject Overview and Background Page 34 Office of the Program➢ Manager for the Information Sharing Environment DOJ’s Global Justice Information Sharing➢ Initiative Criminal Intelligence Coordinating Council U.S. Department of Defense Office of the➢ ➢ ➢ Director of National Intelligence Other key participants in governance of the project were the International Association ofChiefs of Police and the Major Cities Chiefs Association. Blending state and local users withthe federal partners created a unified and coordinated effort that produced a seamlessgovernance structure. The openness and transparency of the governance structurerepresents one of the key successes of the overall project.The support mechanism in place for the ISE-SAR EE included a Steering Committee, whichprovided strategic direction for the project. The committee synchronizes interagencyactivities, resolves major issues, and addresses resource needs. It is charged withdeveloping ISE-SAR policies and practices, addressing evolving SAR requirements, andaddressing agency noncompliance issues. The ISE-SAR Steering Committee forwardedrecommended changes regarding the ISE-SAR Functional Standard gleaned from this projectto the Common Terrorism Information Sharing Standards (CTISS) Committee forincorporation into future versions of the ISE-SAR Functional Standard and consideration withother functional or technical standards of the CTISS.The SAR Project Management Team was responsible for overall oversight of the

evaluationproject. The Project Management Team provides guidance to the SAR Project WorkingGroup; approves the project scope, modifications, and updates; and resolves issuesforwarded by the Project Working Group.The SAR Project Working Group is composed of the Project Management Team members,the service providers implementing the project, and representatives from the state and localagencies involved in the evaluation project. The Project Working Group is responsible forthe day-to-day project implementation and issue resolution, providing subject-matterexpertise when developing system requirements and capabilities, and maintaining/trackingproject decision items. The Project Working Group constituted user/focus groups for specificproject purposes. Unresolved issues from the Project Working Group were provided to theProject Management Team for resolution and, ultimately, to the ISE SAR SteeringCommittee.Page 43Final Report: ISE-SAR EEProject Overview and Background Page 35 The following graphic depicts the SAR Governance Structure:28 28ISE-SAR Evaluation Environment Implementation Guide.Page 44Final Report: ISE-SAR EEProject Overview and Background Page 36Page 45Page 37 ISE-SAR EVALUATION ENVIRONMENT OBSERVATIONS AND LESSONS LEARNED LEADERSHIP EXECUTIVE LEADERSHIP Lesson Learned: Executive leadership is an important component of developing any new law enforcement process. The need to have executive buy-in andsupport, both from the agency leadership and the project managers, wasdetermined to be critical to the successful implementation of the InformationSharing Environment-Suspicious Activity Reporting Evaluation Environment (ISE-SAR EE). Background: The support of the law enforcement agency executives was critical throughout the development and implementation of the ISE-SAR EE. Successful implementation andsustainment of the ISE-SAR EE required a strong commitment by the participating agency—especially the agency’s leadership. Executive leadership is seen through the adoption ofnew General Orders, policies, and procedures supporting the ISE-SAR EE. Executive-leveltraining was provided to all of the ISE-SAR EE sites. At the onset of the project, the MajorCities Chiefs Association (MCCA); the U.S. Department of Justice (DOJ), Bureau of JusticeAssistance (BJA); the U.S. Department of Homeland Security (DHS); and the Global JusticeInformation Sharing Initiative (Global) issued a report titled Findings and Recommendationsof the Suspicious Activity Report (SAR) Support and Implementation Project. This report wassubsequently endorsed by those agencies as well as the International Association of Chiefsof Police, the National Sheriffs’ Association, the Major County Sheriffs’ Association, and theFederal Bureau of Investigation (FBI). These endorsements reinforced to agency executivesthe importance of the SAR Initiative to law enforcement.The fusion center leadership course being developed by the Naval Postgraduate Schoolholds promise of providing continuity of leadership training for the nation’s fusion centers. Recommendation 1: Prior to initiating the next phase of this project, the project team must ensure that each agency has the support of its executiveleadership. This can be accomplished through regular briefings to lawenforcement associations and through the MCCA’s Chief Executive OfficerBriefing. Face-to-face briefings are important so that agency executivesunderstand the full scope of the project and the requirements and resourcesnecessary from their agency. Recommendation 2: If the ISE-SAR EE is expanded, consideration should be given to conducting regional meetings with agency heads and fusion centerdirectors to ensure that the agency command staff understand the tenets of thePage 46Final Report: ISE-SAR EEObservations and Lessons Learned Page 38 initiative and are prepared to support the activities needed to implement theprocess within their agencies. Continuous trainings and briefings could offsetthe concerns raised by leadership turnover. Meetings with the fusion centerleadership should take place at least biannually, with conference calls everyquarter. Recommendation 3: Consideration should be given to the development of an online training course for

chief executives to facilitate the rapid distribution ofinformation concerning the processing of SARs. Recommendation 4: Executive-level training for fusion center leadership— including directors, deputy directors, and other command personnel—should bedeveloped and provided for continuity of effort on major projects.29 Recommendation 5: Periodic project status meetings should be held between the proposed Nationwide SAR Initiative (NSI) Program Manager’s Office and theexecutive leadership of the participating agency. NATIONAL PROGRAM MANAGEMENT Lesson Learned: There must be leadership at the national level to ensure that all components of the ISE-SAR EE are fully implemented and integrated intoexisting law enforcement processes. Background: During the ISE-SAR EE, the project was managed jointly by the various partners, including the Office of the Program Manager for the Information SharingEnvironment (PM-ISE), DOJ, BJA, the FBI, and DHS. BJA provided the leadership umbrella toensure the coordination of all aspects of the project. During the project, each agencycontributed its knowledge concerning the sharing of suspicious activity information. It wasdiscussed that if the ISE-SAR EE is expanded, a national program office should beestablished to provide consistency of procedures and processes as well as assistance to theparticipating agencies. A single coordinating entity for all aspects of the project, as well asmanagement of the technology and support functions, is critical to maintaining consistencyand effective use of resources. During the ISE-SAR EE, agencies received assistance from privacy subject-matter experts indeveloping and strengthening their privacy policies. This assistance proved to be invaluableas agencies worked through issues associated with the protection of privacy and civilliberties. As the program develops, there will be additional privacy issues that must beaddressed concerning the appropriateness of sharing certain SAR information and anyrestrictions placed by local, state, or federal law or rule. The ISE Privacy Guidelines 29The development of the Naval Postgraduate School fusion center leadership program may help meet this need.Page 47Final Report: ISE-SAR EEObservations and Lessons Learned Page 39 Committee (PGC)30 members met several times with privacy and civil liberties advocacygroups to listen to concerns and to incorporate new ideas into revised ISE-SAR EE policiesand processes. Some of the participating agencies agreed that assistance with privacy andcivil liberties issues should be continued to provide consistency of policies and procedures.During the ISE-SAR EE, the sponsoring agencies provided technical assistance in the form oftraining, policy development, and overall project coordination. The assistance provided wasbeneficial to the state and local agencies in developing, standardizing, and implementingprocedures and processes for the gathering, analysis, and sharing of suspicious activity. Without the provision of policy templates, coordination project meetings, and policy reviews,it would have been difficult to develop a consistent nationwide process for the sharing ofSAR information. Recommendation 1: Should the federal government expand the ISE-SAR EE beyond the 12 agencies currently involved, consideration should be given tocreating a program management office to oversee the expansion of the ISE-SAREE process nationwide. This would include the ability to provide technicaltraining, business process, privacy expertise, and support to the participatingagencies. Recommendation 2: National partnerships should identify financial support for future participating agencies to help implement the business processes, training,technology development, and privacy and civil liberties requirements in aconsistent and appropriate manner. Recommendation 3: The proposed program management office should continue the technical assistance provided in the ISE-SAR EE to the participatingagencies to ensure consistency and efficiency in the development of anationwide program, technology, and policies. The proposed programmanagement office should continue dialogue with privacy and civil libertiesadvocacy groups to continue to maintain transparency and openness of theprocess. 30The ISE Privacy Guidelines Committee is a standing committee established by the PM-ISE composed of each Information Sharing Council agency’s ISE Privacy Official. The committee provides ongoing guidance on theimplementation of the ISE Privacy Guidelines so that, among other things, agencies can follow consistentinterpretations of applicable legal requirements, avoid duplication

of effort, share best practices, and have aforum for resolving issues on an interagency basis. See Section 12(b) of the ISE Privacy Guidelines.Page 48Final Report: ISE-SAR EEObservations and Lessons Learned Page 40 SAR BUSINESS PROCESS EXISTING SAR PROCESSES Lesson Learned: Prior to the ISE-SAR EE, most participating sites had policies and procedures governing the handling of general law enforcement information;however, most did not have an established process to ensure compliance withthe requirements of the ISE-SAR Functional Standard. Background: During the initial phases of the ISE-SAR EE, site assessments were conducted with the participating agencies in order to document the existing SAR processes. Prior to theimplementation of the ISE-SAR EE, all of the sites had some form of process; however, thedegree to which it was institutionalized throughout the agencies differed (during these siteassessments, many promising practices were identified). The site visit teams documentedthe agency’s process for gathering information regarding behaviors and incidents associatedwith crime and establishing a process whereby information can be shared to detect andprevent criminal activities, including those associated with terrorism. Additionally, duringthe ISE-SAR EE, several participating agencies either developed or enhanced specificpolicies concerning the handling of terrorism-related SAR information.Prior to the initiation of the ISE-SAR EE, all participating agencies had some processes inplace to manage the flow of suspicious reports emanating from citizens but had notdeveloped processes to support all of the needed activities identified in the Nationwide SARCycle. During the project, several of the Nationwide SAR Cycle activities were addressed,including training, outreach, and risk assessments. However, due to the short duration ofthe project, not all of the activities of the Nationwide SAR Cycle were fully addressed.Prior to the beginning of the project, several of the agencies had codes to identify thebehaviors associated with terrorism. For example, the Los Angeles Police Department hadmore than 100 codes. Additionally, the state and local SAR Information Exchange PackageDocument (IEPD) had more than 20 codes. During the MCCA Intelligence Commandersmeeting in July 2008, a consensus was reached that all participating agencies could taketheir existing code structure and map it to the code enumerated in Appendix B of the ISE-SAR Functional Standard. This allowed the project managers to develop consistent trainingon behaviors and allowed for a common message to be delivered to the public.During the ISE-SAR EE, the project team recognized the importance of consistent SARprocesses nationwide. These processes ensure consistency in the collection and sharing ofSAR information. Agencies may have different internal procedures to process SARs, but it isimportant that all comply with the various resources, documents, and standards related tothe national project.Page 49Final Report: ISE-SAR EEObservations and Lessons Learned Page 41 Recommendation 1: If the ISE-SAR EE is expanded, future participating agencies should develop and implement policies and processes that govern theprocessing of SARs within all areas of their agency. This will ensure compliancewith the ISE-SAR Functional Standard and related project resources. It isunderstood that each agency will have unique requirements, but a common setof processes across the initiative is needed. Recommendation 2: User groups composed of representatives from the participating agencies should continue to meet and share best practices. Thiswill allow for the continued refinement of policy and procedural templates, whichensure the optimal consistency and effectiveness of any future expansion. PRIVACY POLICIES Lesson Learned: Agencies participating in the ISE-SAR EE generally required assistance with updating existing privacy policies or developing a policy thatmeets the applicable requirements of the ISE Privacy Guidelines. Background: The development of policies that protect the privacy, civil rights, and civil liberties of citizens is a foundational element of the ISE-SAR EE. These policies demonstrateto the public that as law enforcement carries out its official duties, it does so while ensuringthat citizens’ rights are protected. The National Strategy for Information Sharing (NSIS) andthe ISE Privacy Guidelines identify key tenets that should be included in an agency’s policy. The ISE Privacy Guidelines also notate that state and local agencies should develop andimplement

appropriate policies and procedures that are, at a minimum, as comprehensiveas those established by the Guidelines to participate in the Information SharingEnvironment. Prior to participating in the ISE-SAR EE, most of the participating agencies hadpolicies concerning the gathering and sharing of information, although none were in totalcompliance with the Guidelines. Participating agencies were eventually able to overcomeadditional hurdles such as the more recent release of the ISE Privacy Guidelines and thesystemic complexity of the agency policy development and approval process. Obtainingapproval for privacy policies from the participating agency’s command and legal staff provedto be a time-consuming effort. To assist in the privacy framework development effort,project staff developed privacy policy templates and provided direct technical assistance tothe sites. Recommendation 1: Future participating agencies should continue to be required to have a privacy framework that is consistent with the ISE PrivacyGuidelines. Recommendation 2: Agencies should ensure transparency and openness in their privacy framework development efforts by engaging privacy advocates andcommunity leaders as the policies are developed or refined.Page 50Final Report: ISE-SAR EEObservations and Lessons Learned Page 42 Recommendation 3: Privacy subject-matter expertise assistance should continue to be provided to the state and local fusion centers as they developtheir privacy policies. The templates developed during the project are useful toagencies; however, there are many unique state and local legal issues that mustbe addressed. As such, hands-on assistance and review by a common subject-matter authority are beneficial. Recommendation 4: Completed policies should be posted on the secure National Criminal Intelligence Resource Center (NCIRC), with agency permission,for viewing by other participating agencies or other agencies wishing to adopt thepolicies and procedures developed during the project. CRITERIA FOR ENTERING DATA Lesson Learned: At the beginning of the ISE-SAR EE, there was not a clear agreement on what constituted a terrorism-related suspicious activity. Inaddition, the level of suspicion needed to classify terrorism-related informationas an ISE-SAR that would be shared with other law enforcement agencies wasnot clearly defined. Background: At the outset of the ISE-SAR EE, there were several discussions concerning what suspicious activities were terrorism-related and how to apply the tenets of the ISE-SARFunctional Standard to the sharing of terrorism-related suspicious activity reports among lawenforcement agencies. After discussion among project participants, legal experts, andrepresentatives of privacy advocacy groups, a determination was made that the reasonablyindicative standard would be required for this project. The more appropriate term for information gathering during this project would be thatinformation which is “reasonably indicative of terrorism-related activity.” The developmentof training that stresses this issue and provides understanding to the participants aboutwhat activities would be appropriate to share was a key component in this project. Suspicious activity being collected and documented by the project for the ISE-SAR EE is thekind of data that agencies have always collected concerning suspicions of other criminalactivities. Recommendation: NSI leadership should provide specific guidance to future participating agencies concerning the appropriate level of suspicion needed forthe inclusion of information in the NSI. A review should take place concerningthe SARs entered during the evaluation period to determine the consistence ofdetermining the level of suspicion.Page 51Final Report: ISE-SAR EEObservations and Lessons Learned Page 43 PERSONALLY IDENTIFIABLE INFORMATION Lesson Learned: There was no common policy among the participating local, state, and federal agencies concerning the sharing of personally identifiableInformation. Background: During the implementation of the ISE-SAR EE, considerable discussion surrounded the inclusion of personally identifiable information (PII) within the ISE-SARShared Spaces environment. This discussion centered around who could view PII and underwhat circumstances. During the discussion, there was a difference of opinion among thefederal, state, and local participants in the ISE-SAR EE on the value of PII from a ISE-SARShared Spaces investigative

or analysis perspective. As currently deployed, authorized ISE-SAR EE users have access to all SAR data including PII. The PII issue and the balancebetween privacy and civil liberties protection and authorized data accessibility will remain asadditional homeland security partners request access to the Shared Spaces data. With theadoption of an identity management application, the ability to introduce role-based access isachievable. However, even with role-based access, because some SAR records entered intothe Shared Spaces may contain PII within free-text or narrative fields, the system cannotguarantee that all PII is protected. Despite that constraint, two approaches are suggestedthat may minimize the impact. Recommendation: The user interface at the NCIRC portal could provide a filter solution that would display only fields that a user is authorized to see based onthe credentials established when system access is originally authorized. Theadvantage of this solution is that the central control of security access andsoftware applications installed at existing and near-term site installations wouldnot have to be modified since all modifications could be implanted at the portal(NCIRC). The disadvantage from a security perspective is that the PII data isretrieved but hidden from view as opposed to not being retrieved at all. A seconddisadvantage is that should an individual site need to invoke locally controlledrole-based access, based on center policy, statute, or regulation, and restrictsharing of PII to another agency, to a role, or to a specific individual, thecentralized approach probably is not the right solution. SHARED SPACE DATA ENTRY Lesson Learned: Because there are two options available to agencies, the Shared Space technology and the eGuardian program, there was confusionamong some agencies as to the best method for their agency to participate inthe ISE-SAR EE. Background: The FBI’s eGuardian program and the ISE SAR Shared Spaces are both components of the ISE-SAR EE. Each of these data entry options has its strengths andweaknesses, and one may be more appropriate for use by a local agency or fusion centerPage 52Final Report: ISE-SAR EEObservations and Lessons Learned Page 44 than the other method. The process for gathering, assessing, and sharing the information isthe same for both systems. There remains some lack of clarity among law enforcementagencies as to the differences between the two options and which one would be the mostappropriate for their agency to utilize in the sharing of SAR information. During the initialimplementation of this project, there remained a great concern over the control of theinformation being shared. Many of the participant agencies were adamant that the datashould not be located in a central location where they would lose control of their localinformation. Recommendation 1: Continue to provide a clear understanding of the process involved with both the ISE-SAR Shared Spaces and eGuardian through briefingsand outreach efforts. This will enable agencies to determine the best process fortheir agency to participate in any future phase of the project. Recommendation 2: There should be a unified training effort for the two systems so that participants fully understand both methods of enteringinformation into the ISE-SAR Shared Spaces. SHARED SPACE ACCESS Lesson Learned: At the beginning of the project, there was a lack of clarity regarding which agencies could access the ISE-SAR Shared Spaces. Background: The ISE-SAR EE Implementation Guide states that “only criminal investigative/analytical personnel from other evaluation project participating federal, state,and local law enforcement agencies, by express agreement, are permitted access to thesystem.” This allows participating fusion centers to decide who has access to the system. Some have restricted access to only a few members of the fusion center, whereas othersdesire to open system access to other local law enforcement agencies, fire, emergencymedical services, and public sector organizations with which they have a workingrelationship. As the system continues to grow, additional agencies may have need to accessthe information but may not be one of the participating agencies. Recommendation 1: The proposed program management office, working with the participating agencies, should develop an appropriate policy to governaccess to users outside of law enforcement. Recommendation 2: As the ISE-SAR EE expands, user agreements should be developed and signed by all participants agreeing to abide by the policies. Thiseffort should be led and controlled by the states and local participants.

Page 53Final Report: ISE-SAR EEObservations and Lessons Learned Page 45 TRAINING PROJECT-DELIVERED TRAINING Lesson Learned: The three training courses developed for the ISE-SAR EE— executive level, analyst/investigator, and line officer—ensured that consistenttraining was received nationwide and assisted in the successful developmentand initial implementation of the agencies’ SAR process. Background: During the initial development of the ISE-SAR EE, the project team identified three (3) levels of training that should be developed and delivered to the agenciesparticipating in the ISE-SAR EE. The three levels focus on the roles of the executive,analyst/investigator, and line officer and established consistency among the participants ofthe ISE-SAR EE as they developed and implemented their SAR process. Recommendation 1: The three training programs should be delivered to all agencies that are developing a SAR process and will participate in theNationwide SAR Initiative (NSI). If at all practical, trainings should be heldcontemporaneously. Recommendation 2: Because it will be a large challenge to deliver these three training courses to the more than 18,000 state, local, and tribal law enforcementagencies, varied methods of delivery—including CD-based training, Web-basedtraining, and video streaming—should be considered as delivery mechanisms forthese courses. Recommendation 3: The Chief Executive Officer Briefing should be delivered to organizations representing chiefs of police, sheriffs, and other public safetyexecutives to maximize chief executives’ exposure to the NSI and theirresponsibilities. ADDITIONAL TRAINING Lesson Learned: As agencies began to implement their SAR process and provide SARs to the ISE-SAR Shared Spaces, it became evident that additionaltraining beyond the three initial courses was necessary to assist agencies infully and consistently implementing a SAR process. Background: As the ISE-SAR EE sites were identified, they were provided the three initial levels of training—executive, analyst/investigator, and line officer. However, as the projectmoved forward and agencies institutionalized their SAR process, it became apparent thatadditional, more specific training should be developed and delivered to the agenciesparticipating in the ISE-SAR EE. The additional training identified included SAR Vetting Tool(SVT) user training, first-line supervisor training, continued privacy and civil liberties training,and technical assistance on developing policies.Page 54Final Report: ISE-SAR EEObservations and Lessons Learned Page 46 SAR Vetting Tool (SVT) User Training—During the ISE-SAR EE, a tool (the SVT) was developed by the BJA team to assist state or regional fusion centers in the vetting of SARinformation. This program allows agencies to enter their SAR data (either manually or byautomated interfaces to existing legacy systems) into the SVT and use the tool to determinethat appropriate and high-quality information is being pushed to the ISE-SAR Shared Spaces. It is important that the users of the program be provided sufficient training with the SVT toallow for the correct utilization of the tool. Lack of sufficient training could ultimately lead toinappropriate information being pushed to the ISE-SAR Shared Spaces. First-Line Supervisor/Midlevel Manager Training—A review of the processes of the source agencies submitting SAR information to state and regional fusion centers determined thatthe first real analysis for SAR information is conducted by first-line supervisors of these lawenforcement agencies. Further review of the information and process is conducted bymidlevel managers in the agencies. If first-line supervisors and midlevel managers areunfamiliar with the ISE-SAR EE and the behaviors critical to determining precursor activitiesto potential terrorist attacks, then important SAR information may not be reported andshared. The first-line supervisors and midlevel managers should also ensure that they gaina complete understanding of their local agency policies and procedures for the review andforwarding of SAR information to the appropriate fusion center. A key aspect of trainingfirst-line supervisors was the use of Terrorism Liaison Officers (TLO) or similar type ofprograms. These officers provide fusion centers with direct liaison officers to fieldoperational units and provide for continuation training and programmatic understanding. Continuing Privacy Training—An important component of the ISE-SAR EE is ensuring that all sites are fully educated regarding privacy and civil liberties protections, as well

as federalrules and regulations concerning these topics. Prior to the ISE-SAR EE, training andtechnical assistance were delivered to state and major urban area fusion centers. Thetraining focused on the understanding of privacy, civil rights, and civil liberties rules andregulations to state and local law enforcement agencies. Additionally, during the ISE-SAREE, a basic privacy and civil liberties training program was developed. Recommendation 1: Training programs should be developed for both users of the SVT and the first-line supervisors/midlevel managers. These additionalcourses will ensure a complete training package for agencies implementing aSAR process. Recommendation 2: Privacy-related training and technical assistance should continue to be provided to fusion centers and agencies participating in the ISE-SAR EE, as well as agencies not participating in the NSI. Recommendation 3: The Terrorism Liaison Officer (TLO) programs proved to be very beneficial in providing continuation training to field personnel. Support andtraining for the development of TLO programs should be enhanced andexpanded.Page 55Final Report: ISE-SAR EEObservations and Lessons Learned Page 47 INSTITUTIONALIZATION OF THE SAR PROCESS ANALYTIC TOOLS AND PROCESSES Lesson Learned: Although it was not originally part of the project plan, agencies participating in the ISE-SAR EE expressed the need for common analytic tools tobe developed and/or identified and made available to all users accessing thedata in the Shared Spaces, allowing for additional analysis of ISE-SARinformation. Background: The analysis of information derived from suspicious activity reports is key to identifying potential threats. There was recognition that additional analytic tools would bebeneficial; however, because of the limited time frame for this project, not all aspects couldbe fully developed. Although each participating agency can analyze its own data or searchdata from other participating agencies through the ISE-SAR search tool, there are currentlyno tools available to allow analysis of all SARs. Additionally, there is no process to ensurethat all SARs collected nationwide are being analyzed. Typically, agencies conduct detailedanalysis of information that relates directly to their jurisdiction but do not have the time orresources to conduct nationwide analysis of incoming information. Recommendation 1: Conduct research and identify analytic tools that can operate in the distributed environment. These tools would need tosimultaneously protect the confidentiality and privacy of the informationcontained within the shared space. The proposed program management officeshould consider the adoption and provision of these tools to enhance thecapability of the search. Recommendation 2: Create a capability at the national level that would be responsible for analyzing on a national basis all SARs entered into the ISE-SARShared Spaces. This capability would also provide analysis and feedback to theagencies participating in the NSI. NETWORK CONFIGURATION Lesson Learned: Because the ISE-SAR Shared Space servers and applications were not considered a “production” system by most of the site informationtechnology staff, site system and network administration responsibilities werenot clearly defined. Background: The Virtual Private Network (VPN) approach to the ISE Shared Spaces connectivity was generally effective. However, because the ISE Shared Spaces configurationwas considered to be a pilot, had demilitarized zone (DMZ) components, and was time-limited, in many cases separate subnetworks were established for the ISE-SAR EEequipment for security reasons. At the beginning of the project, most participating agenciesshowed a concern about a VPN access to their internal networks. While this offeredPage 56Final Report: ISE-SAR EEObservations and Lessons Learned Page 48 desirable security protection to the site information technology (IT) facility, it also led to a“one-off” situation, and site IT staff did not always monitor the subnet for performance oroutages on a scheduled basis. Staff at the NCIRC.gov site most often were the first torecognize subnet problems and had to advise fusion center staff. These outages causedsome problems with participating agencies’ ability to fully search all servers in the project. Recommendation: Reconfigure the ISE-SAR EE network architecture at each site to “elevate” its status as a production system, and as necessary, integratethe ISE-SAR Shared Spaces into existing

network monitoring processes currentlyinstalled in the centers. BACKGROUND CHECKS Lesson Learned: As a result of the site visits, it was determined that there was no consistent background check process that applied to all participatingagencies and contract personnel involved in the ISE-SAR EE. Background: While not necessarily required by the project, the Technical Deployment Team requested that each site “clear” contractor staff who would be involved in on-site installationand test activities, as well as postdeployment remote access to a site’s ISE-SAR SharedSpaces equipment and data via the NCIRC.gov portal. The requirement for backgroundchecks was not due to the nature of ISE-SAR EE data (which is unclassified) but the potentialaccess to a fusion center’s internal network that hosts the Shared Spaces environmentalong with other systems. None of the contractor staff had any prior federal background checks that might suffice thefusion centers’ specific requirements. As a result, each fusion center site required somelevel of background check before the deployment staff could begin work. Some sitesrequired only limited personal information and ran local checks in their jurisdiction, whileothers completed full investigations requiring fingerprints and FBI background checks forthe ten contractor staff members assigned to the project. In only one case did a fusioncenter accept the background check performed by another agency.Participating agencies were also asked to accept existing state and local agency backgroundchecks as being sufficient for allowing other agencies to view their data in the shared space. Although this did not present a problem in the ISE-SAR EE, it could become a larger issue ifthe SAR initiative is deployed nationwide. Recommendation: The proposed program management office (PMO) should coordinate obtaining appropriate background checks for staff working at thesites to implement any future rollout of this project. The clearances protocolshould cover all participating agencies as well as the staff for operations andmaintenance duties.Page 57Final Report: ISE-SAR EEObservations and Lessons Learned Page 49 OUTREACH OUTREACH AND AWARENESS Lesson Learned: Agencies that develop and institute a SAR process should include outreach and awareness programs to better inform law enforcement,the general public, privacy advocates, and private sector entities regarding thetypes of information that should be reported. Background: Various outreach and public awareness programs have been developed by the agencies involved in the ISE-SAR EE. The purpose of these programs is to supportagencies in successfully implementing a comprehensive SAR process while engaging lawenforcement agencies, private sector entities, and the public. These programs clearlyidentify the types of behavior that should be reported and information that adheres toappropriate privacy and civil liberties protections. These outreach and awareness effortsassist in mitigating many concerns about improper police activities. Some of the programs that have been developed to assist in outreach efforts include theSafeguarding America: It All Starts With You DVD and associated material, a joint effort byDOJ and DHS; BJA’s Communities Against Terrorism (CAT) program;31 the Los Angeles PoliceDepartment’s iWATCH program;32 and fusion center tip lines and Web sites. Additionally,fusion centers have utilized their Fusion Liaison Officer (FLO) programs as a link to engagepublic safety and private sector entities and organizations and increase awareness ofsuspicious activity and what to report to law enforcement. The New York State Policedeveloped a Field Intelligence Officer (FIO) program that is designed to enable local agenciesto forward terrorism and other criminal information to the New York State Intelligence Center(NYSIC). FIOs are trained in all aspects of intelligence, including privacy/civil libertiesconcerns and requirements of the NSI. The Las Vegas Metropolitan Police Department, theArizona Counter Terrorism Information Center, and others used videos to inform the publicabout behaviors that should be reported to law enforcement. A public awareness campaignwas found to be extremely useful in getting the public and private sector businesses toreport relevant and useful information concerning possible criminal activity. Many of thecenters worked with privacy advocates when developing their local policies concerningsuspicious activity reporting. Recommendation 1: Agencies engaged in a SAR program should further engage and train their liaison officers to assist in public, private sector, and

lawenforcement outreach and awareness opportunities. Providing additionaltraining to FLOs utilizing the Safeguarding America DVD and providing additional 31The Communities Against Terrorism program was created to assist law enforcement in the development of partnerships with community members to make them aware of potential indicators of terrorism activities. Templates of flyers containing potential indicators have been created for law enforcement to distribute tospecific industries. 32More information about the iWatch program can be found at www.iwatchla.org.Page 58Final Report: ISE-SAR EEObservations and Lessons Learned Page 50 outreach material to the officers to interact with the public and private sector willprovide greater awareness of behaviors indicative of potential terrorism activity. Recommendation 2: Agencies should develop and implement an awareness program for other law enforcement agencies that are engaged in the end-to-endSAR process. This program would assist agencies in the development of astatewide strategy for both the gathering and dissemination of SARs, as well asidentify the types of behaviors of which law enforcement officers should beaware. Agencies that have instituted liaison officer programs may use the TLOsto assist in these outreach opportunities. Recommendation 3: Agencies engaged in a SAR program should consider an active public awareness program to inform the public of specific needs of lawenforcement and to build communities of trust. This may include thedevelopment and use of tip lines, Web sites, e-mail addresses, and various typesof outreach materials, such as the iWATCH and the CAT programs. Recommendation 4: Law enforcement agencies and fusion centers engaged in a SAR program should develop and implement a private sector awarenessprogram. This program may utilize the CAT program and tenets of theSafeguarding America DVD, as well as incorporate TLO programs to assist inthese outreach efforts. Recommendation 5: Resources should continue to be made readily available to distribute as educational tools, such as the Safeguarding America DVD andthe CAT material, to state and local fusion centers to assist in outreach andawareness efforts. Engagement with other stakeholders and privacy advocatesshould be conducted on both a national and local basis. SAR TECHNICAL PROCESS SYSTEM DEPLOYMENT PLANNING Lesson Learned: Agencies must have certain system standards in place to ensure the seamless sharing of information. Background: The ISE-SAR EE deployment team followed normal IT business practices and defined a “standard” template to plan each system deployment. The template included atask plan, activities, timelines, and roles and responsibilities. The average deployment timewas approximately three weeks. In addition, a preoperational “checklist” was used toensure that everything was in order technically before each system went live. A host ofcenter management processes and staffing issues unexpectedly impacted the schedule anddelivery of the systems. For example, after one center agreed to participate in the ISE-SARPage 59Final Report: ISE-SAR EEObservations and Lessons Learned Page 51 EE, it then had to formally request permission from a state IT resources board to commitresources. Unfortunately, the board met only once per month. As another example, afteragreements were made to reimburse center staff for labor costs to support the installationand testing of hardware and software, the agency’s legal counsel requested that a formalmemorandum of understanding (MOU) be drafted and approved to document the agreement(to cover about 24 hours of work) before the work could begin. As a final example, thedeployment team was advised by another center that according to its state Department ofPublic Safety, the NCIRC.gov site would have to comply with FBI Criminal Justice InformationServices (CJIS) IT Security Standards and submit a 40-page assessment of mandatoryrequirements. Although the BJA team worked through each of the above issues, impacts toschedule and deployment activities were unavoidable. Recommendation: Significantly expand the planning phase activities, communications plan, documentation, and schedule to account for all of thefusion center-driven overhead requirements. Ensure that all of the stakeholders,especially senior leadership, are identified and agree to the plan before actualdeployment resources are scheduled or significant work begins. In

addition tosenior leadership, these stakeholders need to include agencymanagement/oversight groups, IT security, center legal/privacy resources,system and network administrative staff, and key end-users. SITE SYSTEM SOFTWARE AND HARDWARE Lesson Learned: A single Shared Spaces site software and hardware solution may not be the best method for implementing a Shared Space technology. Background: To support the accelerated schedule for the ISE-SAR EE infrastructure, a Microsoft-based architecture was selected (Windows Server 2003/2008, MS SQL Server2005/2008, .NET Framework V3.5, IIS Server ASP.NET V3.5, etc.) for ISE-SAR EE sites. Although this configuration matched the skills of the development team, it was not the bestor preferred technology fit for several of the sites. For example, of the 14 sites participatingin the ISE-SAR EE,33 5 sites would have preferred a different operating system (e.g., UNIX), adifferent relational database management system (RDBMS) (e.g., Oracle), or a differentprogramming environment (e.g., JAVA). In several instances, site IT staff assigned to supportthe fusion center were familiar with, but not fully competent, in the selected technologies.Key components of the software architecture require knowledge of Extensible MarkupLanguage (XML) and the National Information Exchange Model (NIEM), specifically theLogical Entity eXchange Specifications (LEXS) formats for Search and Retrieval (SR) andPublish and Disseminate (PD). It was assumed that site IT staff would at some point be ableto provide necessary system, network, and database administration services as the project 33These 14 sites include the 12 sites, eGuardian, and DHS.Page 60Final Report: ISE-SAR EEObservations and Lessons Learned Page 52 moved forward, replacing contractor staff who managed the initial deployment. As withsystem software, site IT staff may not have had an opportunity to become proficient in XMLor familiar with NIEM and LEXS.Early on in the ISE-SAR EE, a decision was made to select a standard, economical hardwareand software configuration that provided adequate CPU power and RAM and disk storagebut also minimized RDBMS license costs. Since most IT centers use rack-mountedequipment, suitable midlevel Dell, HP, and IBM servers were selected. Each center wasgiven some leeway to request modifications to the standard configuration to match existingsite standards or preferences. This flexibility was greatly appreciated by the site ITmanagement and helped solidify their acceptance of the ISE-SAR EE. Unfortunately,because of the enterprise nature of the ISE-SAR EE, in terms of internal and external users,CPU-based licensing was required for the RDBMS (MS-SQL Server). Consequently, singleCPU servers were purchased for each site for the evaluation period. With the exception ofDHS, the FBI (eGuardian), and the Washington, DC, Metropolitan Police Department, whoopted for a single-server configuration, all sites requested two servers—a Web server and adatabase server. Recommendation 1: The proposed program management office should evaluate the best method of deploying operating systems and examine the prosand cons of other programming languages. Recommendation 2: Specific training courses or targeted technical assistance should be identified to help site staff improve their technical systemadministration capabilities. Recommendation 3: To support more robust usage, particularly from external users, a second CPU and additional memory should be added to both servers. Inorder to support traditional system redundancy and higher system availabilityrequirement, the proposed program manager’s office should evaluate the needfor backup servers. DATA MAPPING TO THE ISE-SAR FUNCTIONAL STANDARD Lesson Learned: Legacy data concerning SAR information at the participating agencies was not in compliance with the ISE-SAR Functional Standard. Background: Since the ISE-SAR Functional Standard was developed with input from selected fusion center subject-matter experts, there was a general sense that legacydatabases at fusion centers contained most of the information reflected in the standard. Atthe state level, this assumption was generally true. At the local level, however, there wassignificant variability from the ISE-SAR Functional Standard since major city urban areafusion centers selected for the ISE-SAR EE had very little of the data enumerated in the ISE-SAR Functional Standard. For those sites that did have fairly comprehensive data, the key

Page 61Final Report: ISE-SAR EEObservations and Lessons Learned Page 53 ISE-SAR fields describing “observed behavior,” threats, and privacy controls were absent orincomplete. As a result, searches issued by users against other Shared Space databasesusually resulted in few or no hits. Compounding the issue was the situation in which onefusion center provided only SARs associated with critical infrastructure incidents. However,data about subjects or vehicles associated with the suspicious activity was not included inthe ISE-SAR because the legacy system was designed for another purpose. Recommendation 1: Evaluate legacy systems at each of the potential future sites and determine whether common vendor products might be candidates fortechnology improvements to better support the ISE-SAR Shared Spaces datarequirements. If found, facilitate meetings with the vendor(s) to evaluate optionsthat might benefit multiple fusion center participants. Recommendation 2: Deploy the SAR Vetting Tool (SVT) as a bridge between a center’s existing RMS or other database used for SARs so that key fieldsnecessary for effective information sharing can be populated or augmented byfusion center staff before ISE-SARs are stored at that center’s shared space. This common tool should continue to be supported by the proposed programmanager’s office. LACK OF STRUCTURED DATA IN LEGACY SAR RECORDS Lesson Learned: Structured data was not available at most participating agencies for the population of the Shared Space data fields. Background: This problem impacts many records management systems in use today and reflects the reliance of most agencies on paper forms used by frontline officers to recorddetails of suspicious behavior as well as any other incident that the officer may bedocumenting. Even if online systems provide specific fields to capture names, vehicles, andother descriptive structured data, users of those systems frequently just enter a free-textnarrative of the incident. This tendency defeats initiatives to improve the mapping of dataand frustrates users trying to search multiple Shared Spaces using structured fields. Havingto search long strings of narrative text takes time and often results in the retrieval of recordsthat have no true relationship to the actual subject of the search. Recommendation 1: At the analyst level, enforce data quality standards and request that structured data fields be updated as necessary (e.g., suspiciousactivity codes, subject names, location data, threat codes) even if theinformation is also included in a narrative description. The SVT could be used tosupport this task. In practice, the number of ISE-SARs that might requireadditional quality checks and data entry is quite low and does not represent anexcessive burden to any fusion center participating in this initiative. Theproposed program manager’s office should provide support to accomplish thisrecommendation.Page 62Final Report: ISE-SAR EEObservations and Lessons Learned Page 54 Recommendation 2: As part of a technology refresh cycle, examine new technology that might support more powerful text recognition and searchalgorithms to be applied to each shared space database upon the ingest of ISE-SAR records that would significantly improve the speed and quality of searchoperations. SITE SHARED SPACE DATABASE DESIGN Lesson Learned: The database design at each site may not be robust enough to support a wider deployment to users nationwide. Background: Because of the pilot nature of the ISE-SAR EE, the common ISE-SAR Shared Spaces database structure was organized based upon the ISE-SAR Functional Standard butnormalized to improve efficiency from a search perspective (search fields were limited). However, the database was fully compliant in terms of the NIEM-based content and formatwithin the LEXS-SR standard. This was accomplished by building the LEXS/NIEM recordupon data ingest into the Shared Spaces repository so that if queried by a remote NCIRC.govuser, the CPU time necessary to build query results would be minimized. Although thisapproach worked for the limited-use ISE-SAR EE, additional analysis is necessary to supporta production environment. Recommendation 1: Verify the database design, broaden searchable parameters, conduct performance modeling and tuning activities, and performsome level of stress testing, with particular focus on sites that are hosting theSAR Vetting Tool (SVT) application on the ISE-SAR Shared Spaces Databaseserver. Recommendation 2: Modify the database schema to include all information exchange

package documentation (IEPD) fields to provide for attachments andother desired meta-data that will improve the robustness of ISE-SAR recordsmaintained at each site. Recommendation 3: Include indicators on each IEPD data element that identify it as a “privacy field” based on the IEPD and augmented by state or localstatute or policy. Recommendation 4: Conduct a review of the database schemas for all systems that will feed into the shared space to ensure compliance with the ISE-SAR Functional Standard.Page 63Final Report: ISE-SAR EEObservations and Lessons Learned Page 55 DEPLOYED SHARED SPACE APPLICATIONS Lesson Learned: No common process for extracting, transforming, and loading legacy data was available. Background: For the ISE-SAR EE, various approaches were taken to import data from legacy systems into the Shared Spaces database. These approaches generally includedboth reusable components and custom components to support the overall extracting,transforming, and loading (ETL) process. Primarily, two approaches were used: (1) processing an input file containing candidate records with a traditional ETL script and(2) using a database replication approach in which the source database pushed an extractto a staging area on the Shared Spaces database for subsequent processing and loading inthe Shared Spaces repository. A third approach was created for processing records from theSVT. Two additional approaches were discussed but not implemented in the pilot: a Webservice option to allow legacy systems to push candidate SARs to the Shared Spaces and anapproach involving a direct query of a legacy database from the Shared Spaces to “pull”records designated as candidates for sharing with ISE-SAR EE members. Recommendation 1: Create an interface toolkit that fusion center IT staff or other law enforcement agencies might use which contains various proven anddocumented applications to process SARs into a Shared Spaces database. Recommendation 2: Provide the capability to ingest attachments as part of the ISE-SAR record, if available from the legacy system. Recommendation 3: Reevaluate the current Shared Spaces database “smash and replace” approach to see whether other options might be possible that stillpreserve the integrity of the Shared Spaces but improve the timeliness of ISE-SARs being made available to the user community. Other options could includeAdd, Update, Hide, and Purge features that would act upon individual SARrecords being pushed to the Shared Spaces. This approach may better supportsituations in which multiple legacy systems are feeding a single Shared Spacedatabase, such as the situation envisioned by DHS. Recommendation 4: Design and implement an automated approach to provide feedback to users who may have retrieved SAR records from a site’s SharedSpace on earlier searches that a previously viewed SAR has been purged fromthat site’s Shared Space. Recommendation 5: Evaluate the feasibility of a subscription-based alerting capability that would provide two basic functions.Page 64Final Report: ISE-SAR EEObservations and Lessons Learned Page 56 1. Alert users when they add a new ISE-SAR to their Shared Space that apossible related SAR exists in another fusion center’s Shared Space.2. Allow an analyst at a fusion center to request notification when anyfusion center adds an ISE-SAR to its Shared Space that meets basiccriteria established by that user.While the “smash and replace” technique discussed above in Recommendation 3complicates the design of this alerting capability, the ability to receive notificationsautomatically without the need to manually search the Shared Spaces periodically couldprovide significant benefits to the analyst community. SYSTEM DEPLOYMENT PROCESS Lesson Learned: Preplanning readiness and postdeployment checklists were beneficial to the installation of systems at each site. Background: Overall, the deployment of computer systems and software at most of the ISE- SAR EE sites went surprisingly well, primarily due to a series of readiness check telecoms inthe weeks and days leading to the on-site visit. In every case, site personnel agreed toinstall the servers and VPN in their facility and support connectivity and application testing. In addition, on most occasions, IT staff also loaded the server system and databasesoftware. Some delays were experienced at sites where the fusion center relied upon stateor city IT for support and additional

coordination was necessary. The process and sequenceof tasks was proven to be effective. Recommendation 1: Document the process and include templates for future use, including a more extensive checklist to cover unanticipated issues and/orconstraints both before and after system deployment. Recommendation 2: It is imperative that specific points of contact for all facets of the Shared Space support be provided and maintained. This will assist notonly with the setup of the Shared Space for that location but also in addressingany issues arising in the everyday operation and ability to connect to thatlocation. USE OF EXISTING REPORT FORMS Lesson Learned: Modification of existing law enforcement reporting forms eases the implementation of the ISE-SAR EE project in the participatingagencies. Background: One of the major challenges for agencies when implementing a SAR process within an agency is getting the reported suspicious activity from the patrol officer or otherPage 65Final Report: ISE-SAR EEObservations and Lessons Learned Page 57 person taking the initial report to the unit charged with analyzing the information. Ratherthan creating a new form or implementing a new process, the agencies modified currentlyused forms and processes, which made the process more acceptable to the officers initiallytaking the information. The Los Angeles Police Department (LAPD) modified its existing Investigative Report used byofficers to report crimes as previously described in the report. The Washington, DC, Metropolitan Police Department initiates a SAR whenever a crime orincident report in the field is tagged as involving suspicious activity. This cataloging occurswhen a box on the report labeled “Suspicious Activity” is checked. As Terrorist IncidentPrevention Program (TIPP) forms and crime/incident reports are reported to MPD andidentified as suspicious, they are immediately forwarded to the Intelligence Fusion Division(IFD) for review and analysis by a trained analyst. Recommendation: Agencies implementing a SAR process within their agency should review current processes and modify existing forms and processes tosimplify internal reporting. REVIEW OF LEGACY SAR DATA Lesson Learned: Legacy SAR data should be carefully reviewed before it is shared in the ISE-SAR Shared Spaces. Background: The three initial agencies to place data into the ISE-SAR Shared Spaces had legacy SAR systems that contained several years’ worth of existing data. The New YorkState Intelligence Center, the Virginia Fusion Center, and the Florida Fusion Center allloaded their legacy data into the ISE-SAR Shared Spaces system. In an effort to test thesystem, a comprehensive review was not conducted on the existing legacy data to ensurethat all the data met the four-step process required by the ISE-SAR Functional Standard. After reviewing the legacy data tagged for sharing in the ISE-SAR Shared Spaces, it wasdetermined that a comprehensive review needed to be completed on each individual SARcontained within the legacy systems. Recommendation: Agencies that have a legacy SAR system with stored data should complete the four-step process required by the ISE-SAR FunctionalStandard before tagging the data to be included in the ISE-SAR Shared Spaces.Page 66Final Report: ISE-SAR EEObservations and Lessons Learned Page 58 INTERFACE WITH THE FBI’S EGUARDIAN AND DHS’S SHARED SPACE Lesson Learned: Building interfaces to the FBI’s eGuardian and DHS’s Shared Space allowed for a single search interface for local, state, and federal users toaccess all SAR data and to operate with a common understanding and process. Background: The ISE-SAR Shared Space concept was designed to allow the systems to share information while allowing the submitting agencies to maintain control of their data,and all agencies would be able to implement the processes and policies enumerated in theISE-SAR Functional Standard. One of the project challenges was how to share informationwith the FBI and DHS without having to utilize different systems or processes. The solution was twofold: build Shared Space servers for use by the FBI and DHS to allowthem to share their data with other users from a single interface and build a utility intoeGuardian that allows state and local agencies to share data with eGuardian via the SharedSpaces user interface. Users who place SAR data into their Shared Space server can tag thedata to be uploaded into eGuardian, which allows the SAR information to be shared with theFBI’s Joint Terrorism Task Forces. Recommendation: The FBI and DHS should continue to support the interface with the Shared

Space environment to allow continued ease of sharing SAR datawith all law enforcement agencies. NCIRC.GOV PORTAL USER INTERFACE Lesson Learned: During the ISE-SAR EE, it was determined that the User Search functionality may need to be evaluated and enhanced to ensure that it canmeet the technical and functional requirements of any future national rollout ofthis project. Background: As with other facets of the ISE-SAR EE software architecture, the user interface evolved as the project moved forward. Functional and relatively easy to use with asmall number of records in the Shared Spaces, the user interface was designed to quicklypermit information sharing activities between participating sites. However, to allow for anearly deployment of Shared Space search capabilities, user interface functions wereconstrained when compared to other similar search tools used by law enforcementagencies, such as “read-only” restrictions, lack of analytics or geospatial visualization, lackof attachments, lack of role-based access mechanisms, and limited workflow and queryresults navigation.Although the SAR User Search functionality is accessed through the NCIRC portal, it is notthe only application or information source available on the portal. Recommendations in thisdocument refer only to the SAR User Search functionality.Page 67Final Report: ISE-SAR EEObservations and Lessons Learned Page 59 Recommendation 1: A group of subject-matter experts, to include analysts, should be utilized to establish firm user interface requirements, conduct a gapanalysis against the ISE-SAR EE user interface, and document an enhancementplan for the user interface. Recommendation 2: Upon completion of the gap analysis, evaluate the desirability of providing a Shared Space Search LEXS-SR-based Web servicecapability to allow existing fusion centers to conduct searches of ISE-SARs usingexisting legacy records management systems or case management systemsinstead of having to physically log on to the NCIRC site. This option, thoughtechnically feasible under the LEXS-SR standard, introduces possible privacy andcivil liberties concerns that need to be considered. Recommendation 3: Evaluate the use of commercial or government off-the- shelf technology or portal tools to assist in the integration of additional functionalcapabilities, with particular focus on the user-interface challenges of federatedsearches against numerous databases (potentially up to 72). Other capabilitiesshould include the integration of analytical tools, inclusion of attachments inquery results (images, documents, video and/or audio, etc.), storing retrievedresults (perhaps only temporarily in a personal queue or file), screenpersonalization, and other techniques to avoid information overload. Recommendation 4: Provide a report generation capability so that users can create various reports based upon the results of ISE-SAR Shared Spacesearches. This capability would allow users to tag individual retrieved records tobe included in a report. Consideration should be given to making these reports“read only” to preserve the ownership of the data for the contributing agency. Recommendation 5: Provide a capability to search audit logs based on various criteria—such as monitoring of system use, enforcement of security and privacypolicies, and performance management—and produce a series of formattedreports. This feature would be restricted to management users.Page 68Final Report: ISE-SAR EEObservations and Lessons Learned Page 60Page 69Page 61 LEVERAGING PROMISING PRACTICES The agencies involved in the Information Sharing Environment-Suspicious Activity ReportingEvaluation Environment (ISE-SAR EE) are professional and respected law enforcementagencies. A significant component of the project was the ability to observe and codifycritical enabling activities of these agencies and adopt the promising practices for use whereappropriate. During the course of this project, an initial analysis of four major city policedepartments in Los Angeles, California; Boston, Massachusetts; Chicago, Illinois; and Miami-Dade, Florida, revealed a number of promising practices regarding the gathering,processing, analysis, and sharing of SARs. These promising practices were instrumental inthe foundation of the project and were shared through the ISE-SAR EE user group to bereplicated as the project was implemented.

Additionally, a number of promising practiceswere documented and shared in professional journals in the law enforcement community. Below are some of the significant promising practices identified during the course of theEvaluation Environment.These promising practices were discussed at all user group meetings and conference calls,as well as shared in the monthly newsletter to all participating agencies. Many of thepromising practices were discussed and refined and later adopted by many of the users. Allpartners agreed that this was critical to establishing common practices and procedures forhandling SAR information. EXECUTIVE LEADERSHIP Critical to the success of any program is the support from the agency’s executive leadership. However, it takes more than just a word of encouragement or a statement of support; theremust also be an active commitment to ensure that the agency’s members, the public, andother government policymakers are informed and supportive of the operation. Executiveleadership should visibly and regularly support the adoption and implementation of anagency SAR process. Without the agency leadership’s continued sponsorship and a senseof importance, it will be increasingly difficult to knit together all the process pieces over time.The Los Angeles Police Department’s (LAPD) leadership took an active role in developing acomprehensive program to collect, analyze, and distribute suspicious activity informationrelated to terrorism. The chief of police at the time of the initiation of the ISE-SAR EE sharedthe lessons learned from LAPD with other agencies nationwide. LAPD frequently providedstaff members to cross-train other SAR agencies regarding their behavior codes and SARprocesses. Presentations were made by LAPD representatives to police organizations suchas the International Association of Chiefs of Police (IACP) and the Major Cities ChiefsAssociation (MCCA), as well as members of Congress and officials in the White House. These efforts were a major impetus in the development of the NSI. LAPD developed anagency-wide General Order, amended its incident report to simplify the reporting ofsuspicious information, created a SAR Unit with the responsibility to analyze the information,Page 70Final Report: ISE-SAR EELeveraging Promising Practices Page 62 and communicated to the organization the importance of the SAR process. All of its effortscreated a synergy that led to other innovative concepts for developing and analyzingterrorism-related information. The director of the Miami-Dade Police Department provided a SAR brief on two separateoccasions to the local Chiefs of Police Association. This was part of a larger process toobtain support from various law enforcement and other government agencies in the SouthFlorida area. The Miami-Dade Fusion Center has trained various county governmentdepartments—including fire, emergency medical services, aviation, and public works—on theprocess of the SAR program and how to report suspicious activity to the fusion center. Thedirector has also supported the creation of the South Florida Virtual Fusion Center, whichprovides a platform for all agencies in the South Florida area to participate in the sharing ofterrorism-related information throughout the region.The chief of police of the Seattle Police Department and the sheriff of the Las VegasMetropolitan Police Department were principal participants in the efforts of the MCCA todevelop recommendations for a nationwide SAR process. The MCCA, through its IntelligenceCommanders Group, helped spearhead the SAR effort among law enforcement agencies inthe country’s major cities. Without this initiative, efforts to establish a nationwide processfor sharing of SAR information would have been greatly hampered.The chief of police of the Washington, DC, Metropolitan Police Department was often calledupon to represent the interests of law enforcement agencies nationwide in articulatingpolicies needed to ensure that suspicious activity information was being collected andevaluated throughout the country. The chief represented local law enforcement agenciesnationwide before Congress and the White House. The police department also had a majorrole in the supporting preparations for the Inauguration of a new President and was able totest many of the concepts being developed by the project. The lessons learned from thoseefforts were shared with project participants to better develop their own policies. SHARED SPACE CONCEPT At the onset of discussions concerning the sharing of terrorism-related suspicious activity,there was concern by many of the state and local law enforcement agencies regarding theimpact of state and local

laws, rules, and regulations governing the sharing of information. There was a concern about the agency’s ability to maintain control of the information if theinformation were placed in a data warehouse. Consequently, the concept of Shared Spaceswas built to provide both the ability to share SAR information and ensure that the originatingagency would retain control of the information developed by its agencies. This conceptallows participating agencies to select the information they are willing and able to share andplace it in a “shared space” server. Although other technology solutions could have beenemployed, the shared space servers were developed to be maintained by the originatingagency but made accessible for search by a common user interface available to all agenciesPage 71Final Report: ISE-SAR EELeveraging Promising Practices Page 63 involved in the project. The following are the agreed-upon attributes that were keystones todeveloping the shared space: The➢ data contained in ISE-SAR Shared Spaces is not intended for use in statistical research and/or reports. Participants are not able to downloadthe shared data in order to ensure that outdated data will not be stored insystems outside of the participating agency’s system. The ISE-SAR Shared Spaces database➢ is not a criminal intelligence system or database. The data in ISE-SAR Shared Spaces is managed➢ and maintained (controlled) by the submitting agency, which is operating under individual state andlocal jurisdictional laws and policies. Data in ISE-SAR Shared Spaces is accessible by➢ authorized ISE-SAR EE participants in fusion centers, law enforcement agencies, Joint TerrorismTask Forces (JTTFs), and Federal Bureau of Investigation (FBI) FieldIntelligence Groups via the Sensitive But Unclassified (SBU) networks thatprovide secure communication. Vetting of data for inclusion in➢ the ISE-SAR Shared Spaces should include contact with the local JTTF/National JTTF and the Terrorist Screening Center(for Violent Gang and Terrorist Organization File queries) in order todetermine whether current investigative activity is ongoing. The query provides the opportunity➢ for a search of all selected ISE-SAR Shared Spaces, to include eGuardian and the U.S. Department of HomelandSecurity (DHS) Shared Space servers as resource availability allows. The user interface➢ utilizes commonly accepted, secure Internet-based technologies. Items presented in the initial results➢ list displays submitting organization, contact information, and ISE-SAR information. Selection of a➢ record from the query results list retrieves the specific ISE- SAR identified in that selection. An➢ audit log is used to capture search transactions at a central query site and agency database. User➢ access to the ISE-SAR distributed search is provided utilizing the secure government networks: Regional Information Sharing SystemsSecure Intranet (RISSNET), Homeland Security Information Network (HSIN),and Law Enforcement Online (LEO). Shared-space ISE-SAR systems provide a➢ uniform data representation of agency data based on the ISE-SAR Functional Standard.Page 72Final Report: ISE-SAR EELeveraging Promising Practices Page 64 A capability is provided to allow➢ agencies to forward designated SARs to the eGuardian system from the shared space environment. THE SAR VETTING TOOL In developing the ISE-SAR Shared Spaces concept, it was anticipated that SAR informationcould be extracted from each agency’s legacy database and submitted to the ISE-SARShared Spaces. However, it was determined that many of the participating agencies did nothave a separate SAR database that could be utilized to analyze SAR information before itwas shared with the other agencies. Several agencies had the data in multiple databases,and others used paper processes to analyze and store the information. To this end, the ISE-SAR EE technical team developed a SAR Vetting Tool (SVT) for use by the participatingagencies that did not have a sufficient legacy system to support the sharing of information inthe Shared Spaces environment. This is a technology that can continue to be refined andutilized as this concept is implemented nationwide. Significant development assistance forthe SVT was received from the police departments of Boston, Massachusetts; Miami-Dade,Florida; and Chicago, Illinois. These agencies outlined the specifications needed for thistype of tool and were instrumental in the technical team’s implementation of the SVT.This tool was developed using common database standards and protocols, which allowedfor quick development and

deployment. Using the input from analysts from the participatingagencies, the team developed a method to import data from multiple systems, allow formanual information input, and ultimately track the vetting of the information to ensurecompliance with the ISE-SAR Functional Standard. Now developed and deployed, the SVTcan easily be replicated and distributed to additional participants. USE OF NATIONAL INFORMATION EXCHANGE MODEL (NIEM) AND LOGICALENTITY EXCHANGE SPECIFICATIONS (LEXS) The National Information Exchange Model (NIEM) is a partnership of DOJ and DHS. Themodel was built from the foundational elements of the Global Justice XML Data Model andits companion documents, training, and technical support mechanisms. It is designed todevelop, disseminate, and support enterprise-wide information exchange standards andprocesses that can enable jurisdictions to effectively share critical information in emergencysituations, as well as support the day-to-day operations of agencies throughout the nation. NIEM enables information sharing, focusing on common processes and definitions forinformation exchanged among organizations as part of their current or intended businesspractices. This model and its associated business processes were developed by more than50 state and local participants.DOJ established the Law Enforcement Information Sharing Program (LEISP) to achieve theDepartment’s vision of creating relationships and methods for sharing criminal informationroutinely and securely across jurisdictional boundaries. The LEISP developed the LogicalPage 73Final Report: ISE-SAR EELeveraging Promising Practices Page 65 Entity eXchange Specifications (LEXS), which is a family of Information Exchange PackageDocuments that implement NIEM for many common types of law enforcement informationexchanges. LEXS specifies how law enforcement information should be packaged anddelivered to information sharing applications and how partnering applications canimplement federated search capabilities.All of the applications utilized in the ISE-SAR EE were built utilizing these common datasharing standards. The ISE-SAR Shared Spaces database, the SVT, and the FBI’s eGuardiansystem all utilize these standards, which allow for the ease of sharing law enforcementinformation. Because these standards were utilized during development, these systems cannow easily be used to accomplish additional information sharing based on these commonstandards. LEVERAGING EXISTING SECURE BUT UNCLASSIFIED NETWORKS Critical to the success of any law enforcement information sharing system is the ability toprovide security for the information during storage and transmission. When accessprotocols for the shared space concept were designed, it was determined that access toinformation needed to be provided over a secure network that would protect the informationand provide for user authentication. Three SBU networks were identified as being suitablefor this function: the DOJ-supported RISSNET; the FBI-supported LEO; and DHS-supportedHSIN. Each of the participating agencies had access to all three networks.Access to the Shared Space query tool user-interface is supported using all three of thesecure networks. This is the first time a single application was accessible by all threenetworks. Participating law enforcement agencies were concerned about the creation ofanother system requiring another set of usernames, passwords, and credentialing. Thecreation of an interface among the three SBU networks to a single application made for aneasy and common method for user access and authentication to the system. DEVELOPMENT OF PRIVACY POLICY TEMPLATES AND TECHNICAL ASSISTANCE Central to the design of this project was adherence to the ISE Privacy Guidelines. Manyagencies had policies in place that were designed to guard the privacy and civil liberties ofindividuals. However, it was determined that a more comprehensive privacy frameworkconcerning safeguards for the sharing of suspicious activity reports would be needed for useby all participating agencies. Aimed at protecting privacy rights and civil liberties, thesesafeguards were intended to avoid the gathering, documenting, processing, and sharing ofinformation such as race, ethnicity, national origin, or religious preference that has noreasonable relation to the criminal activity. The project team provided subject-matter experts to review the privacy policies for each ofthe pilot sites. The reviews were made to ensure that the policies were consistent with the

Page 74Final Report: ISE-SAR EELeveraging Promising Practices Page 66 applicable requirements of the ISE Privacy Guidelines. Additionally, technical assistancewas provided to all sites to assist in the development of the policies. As a result, allparticipating agencies are utilizing privacy policies that are common and acceptable by allparticipants. DEVELOPMENT OF A SAR TRAINING PROGRAM Training was recognized as critical to the successful implementation of the Nationwide SARInitiative. The ISE-SAR Functional Standard outlines a new set of protocols and standardsthat need to be utilized by law enforcement before SAR information can be shared amongthe agencies nationwide. Therefore, three levels of training were designed andimplemented to ensure that agency personnel at all levels had a clear understanding ofwhat information was to be collected and shared in the ISE-SAR EE. Additionally, it wasimportant to reinforce the need to protect individuals’ civil rights and civil liberties. Acollaborative design method was established utilizing the MCCA, the IACP, and the Bureau ofJustice Assistance (BJA) to develop the three different levels of training and deliver to all theparticipating agencies.Participating agencies also developed training to meet their local needs. The Los AngelesPolice Department built regional awareness of SARs by providing training to local lawenforcement partners, including the Los Angeles Port Police, the Los Angeles Unified SchoolDistrict Police, the Los Angeles Airport Police, and the City of Long Beach Police. Allcommand staff were trained on the agency’s Special Order, with follow-up briefings andPowerPoint presentations at general staff meetings. LAPD developed a training frameworkfor the training of every officer in the development and submission of SAR reports. Trainingprograms—including e-learning, PowerPoint presentations, and roll call presentations—weredeveloped and provided to all command staff, new recruits, and civilian and swornpersonnel before the implementation of the SAR process.All officers of the Houston Police Department have undergone a four-hour training course onterrorism indicators and have been trained on identifying suspicious activity. The trainingcourse includes privacy protections, and the need for a criminal nexus when reportingsuspicious activity. The Houston Regional Information Service Center (HRISC) hasconducted a terrorism indicator training program for private sector personnel, including oilindustry officials. ANALYST PROFESSIONAL DEVELOPMENT The analytic function is a critical component of the Nationwide SAR Initiative. The ISE-SARFunctional Standard calls for a four-part analysis and vetting process to ensure thatinformation developed by a law enforcement agency concerning potential terrorism activitiesmeets the criteria to be shared in the ISE-SAR Shared Spaces. Although most lawenforcement agencies have long had well-developed training programs for sworn officers,Page 75Final Report: ISE-SAR EELeveraging Promising Practices Page 67 developing high-level training programs for criminal intelligence analysts is a more recentdevelopment. The Florida Department of Law Enforcement (FDLE) previously developed a six-week lawenforcement analyst training program that has been delivered to more than 400 state, local,and federal law enforcement intelligence analysts in the state of Florida. The coursedelivers training in the following areas: Intelligence Analysis and➢ the Intelligence Process Analysis and Analytical Processes Data Management and Analysis➢ ➢ ➢ Effective Briefings and Teamwork Crime-Specific Investigations and Analysis An important➢ component of the Analyst Academy Program is the continuing educationopportunities. The department took the BJA-developed analyst training course and deliveredit to more than 100 Analyst Academy graduates representing 36 state, local, county, andfederal agencies.The New York State Intelligence Center (NYSIC), working with DHS, developed an analystprofessional development program that includes analytic training as well as a mentoringprogram. The department created an analyst development workbook that allows the agencyto track the professional development of its analysts to ensure they have received theappropriate level of training needed to conduct the analytic process. UTILIZATION OF ROLL CALL TRAINING AND E-TRAINING PROGRAMS Law enforcement agencies have long used roll call training as a method of deliveringimportant information to patrol

officers without having to take them away from their normalpatrol duties. Although it varies in different agencies, roll call training is generally a brieftraining delivery that emphasizes a particular issue determined to be important by theagency command. Agencies are increasingly using some form of electronic training to fulfillthis training need. This method of training provides an excellent way for patrol officers tounderstand the tenets of the Nationwide SAR Initiative and their critical role in the process.The Miami-Dade Police Department provided in-person roll call training to all districts andshifts. The training was provided on the SAR effort by the commander of the HomelandSecurity Bureau. This provided the bureau the opportunity to answer all questions and tostress the importance of the street officers providing the information according todepartment protocols. The officers were also informed of privacy concerns and the need forthe suspected information being reported to be based upon the activities identified in Part Bof the ISE-SAR Functional Standard.Page 76Final Report: ISE-SAR EELeveraging Promising Practices Page 68 The Washington, DC, Metropolitan Police Department had the task of providing training to itsown officers and the visiting out-of-area officers who would be participating in lawenforcement details associated with the 2009 Presidential Inauguration. The departmentdeveloped a roll call training stressing the behaviors to be reported to the fusion center. Thetraining was delivered via an online system due to the need to provide the training tothousands of officers in a short period of time.The Chicago Police Department disseminates suspicious activity alerts, warnings, andnotifications via intelligence bulletins to all law enforcement officers, as well as selectedmanagers of critical infrastructure and other government agencies. The distribution of thesereports includes the command staff, the Deployment Operations Center’s Web site, roll calldistribution in each district office, the LEO Special Interest Group, Homeland Security Stateand Local Intelligence Community of Interest, and RISSNET. LIAISON OFFICER PROGRAMS It is important that fusion centers and agency intelligence bureaus have appropriatelytrained officers from other sections and departments who are trained in the intelligenceprocess to assist in the collection and reporting of information needed for the intelligenceprocess. Many agencies have developed formalized programs to select and train theofficers who become an extension of the fusion center or intelligence bureau. CalledTerrorism Liaison Officers (TLOs), Intelligence Liaison Officers, or Field Intelligence Officers,each performs an important role in the ISE-SAR process.The state of Arizona has developed an extensive cadre of TLOs throughout the state who areboth law enforcement and other emergency response personnel. These individuals serve asprimary contacts with local agencies to develop and report suspicious activity information. These TLOs may enter information directly into the center’s database, which promotes thedevelopment of a SAR within the fusion center.The Chicago Police Department has a TLO program consisting of officers selected from all25 districts and units, one per watch—approximately 80 members of the department. Theseofficers meet quarterly, have organized training programs with guest speakers, and keeplines of communication open with the department’s Deployment Operations Center. Theseofficers also function as distribution points for information to be delivered to the streetofficers in the department.LAPD has a highly developed TLO program within the department. Every division office hasat least two officers trained for that function. In addition, the department has trained anumber of TLOs to interact with other government agencies to assist the Counter Terrorismand Criminal Intelligence Bureau in the implementation of the SAR process within their ownagencies and in the community. TLOs are responsible to liaise with officers at their assignedLAPD division, as well as with other government agencies and local business partners withinPage 77Final Report: ISE-SAR EELeveraging Promising Practices Page 69 their area of responsibility. The TLOs are utilized to provide feedback to the officers and/orlocal agencies or business partners who originally submitted the SAR data. In addition, theBureau Commander provides personalized e-mails and written commendations in responseto SAR reports that have been received.NYSIC has developed a Field Intelligence Officer program consisting of 1,600 officers,representing 85 percent of the state’s

law enforcement agencies. These officers alsodeliver training to the business community through the department’s Operation Safeguardprogram using tools developed by BJA, such as the Safeguarding America—It All Starts WithYou video training for first responders and the Communities Against Terrorism program. Anexample of the success of the program is a report of suspicious activity that was provided bya business that was a recipient of the training:In May of 2009, an employee noticed something unusual while working at aself-storage facility. A group of suspicious-looking men had begun to meetaround an outdoor storage unit. They aroused suspicion because they metfrequently—as much as 20 or 30 times in the span of a few days. They werealso very careful to conceal their property by backing their SUV right up to thestorage unit door. The self-storage facility had been visited by local lawenforcement in the past and had been provided information on indicators andwarnings of suspicious activity as part of the New York State’s OperationSafeguard outreach program. The employee contacted the local policedepartment to report the suspicious activity observed. He also provided themwith information on the vehicle and renter. The police department ran checksand found that the New York FBI Joint Terrorism Task Force (JTTF) had anactive investigation and the individuals associated with the storage unit werecurrently under surveillance. Two weeks after the employee’s report, the New York JTTF arrested four men on a number of terrorism charges, includingcharges arising from a plot to detonate explosives near a synagogue and toshoot military planes with Stinger surface-to-air guided missiles. Theemployee’s information demonstrated the effectiveness of the OperationSafeguard efforts to help prevent terrorist attacks in New York State. COMMUNITY OUTREACH Incorporating the community into the SAR process is very important to build trust andsupport for the agency’s SAR program. There is a need to clearly identify the types ofinformation that should be reported to law enforcement by the community and to stress theimportance of adhering to appropriate privacy and civil liberties protections. These outreachand awareness efforts should assist in mitigating many concerns about improper policeactivities.Page 78Final Report: ISE-SAR EELeveraging Promising Practices Page 70 FDLE has developed several methods of reaching out to the public. The state has developedthe BusinesSafe Web site for use by private industry in the state of Florida to inform them ofterrorism-related concerns and to provide a method for supplying information to the FloridaFusion Center. FDLE’s Computer Crime Center maintains a “Secure Florida” Web site toprovide information about cyber security to the public and the state’s business community.HRISC has an outreach program with the public and has conducted community meetings,trained members on the Crime Stoppers program, and coordinated with the Houston-areaJTTF, which operates a tip hotline that the public may use to report suspicious activity. HRISC also works with the U.S. Attorney’s Office and the Anti-Terrorism Advisory Council toprovide outreach to the private sector and has provided training to human trafficking/smuggling enforcement groups. Special training has been provided to the area’spetrochemical industry because of its major presence and potential to be a target of aterrorist attack.LAPD introduced the SAR program to the community through Community Forums andmeetings, and there is a unit within LAPD that specifically deals with community outreach. The program educates the public on what suspicious activities are, the behaviors andindicators of suspicious activity, and the need to report suspicious activity. The programintroduces a Web site (www.iWATCHLA.org) for national application to be used for thereporting of suspicious activity. The Web site is the central site/host for a network ofinformational reports on past terrorist-related acts, terrorism indicators, case studies, andother such educational tools currently available through open source networks. The Website provides links nationwide to local law enforcement agencies and notifications to varioussectors.LAPD has also developed media commercials to explain how the SAR program works andthe need to report information concerning terrorism to the police department. LAPD TLOsalso share in the responsibility to make presentations to community groups and otherinterested sectors concerning the reporting of suspicious activity. The American CivilLiberties Union was involved with the development of the iWATCH program and

providedcomments on the script of the Public Service Announcement. Informational flyers have alsobeen developed for release at the community trainings, and a DVD was developed thatrelates to the reporting of suspicious activity and contains all the information found on theWeb site. NYSIC works closely with the New York Office of Homeland Security, which maintains apublic Web site (http://www.security.state.ny.us) to conduct community outreach. NYSICuses the “If you see something, say something” program to inform the public as to whatactions they should take if they see suspicious activity. Additionally, the OperationSafeguard initiative was created to inform the private sector on suspicious activities thatshould be reported to law enforcement and the state’s Field Intelligence Officers.Page 79Final Report: ISE-SAR EELeveraging Promising Practices Page 71 The Seattle Police Department is heavily involved in the Northwest Warning, Alert andResponse System Web site (NW-WARN), which is designed to provide real-time alerts andwarnings to both government and private sector partners. Information developed by thefusion center and determined to be important for distribution to the other partners isdistributed over this closed system. The Web site provides the capability for those partnersto provide SARs and other crime-related information to the fusion center.The Washington, DC, Metropolitan Police Department has a robust community and businesscommunity outreach program. The department conducted a Homeland Security EmergencyManagement seminar, which was a public and private sector event that attracted 100people. The representatives discussed how to recognize and report suspicious activity. Thedepartment has also distributed the SAR tip information to storage facilities, pharmacies,and several hotels to help these entities understand how to recognize and report suspiciousactivity. Billboards on buses have also been utilized to explain how to report SARs.The Arizona Counter Terrorism Information Center (AcTIC) has developed a DVD fordistribution to the public and first responders, titled 8 Signs of Terrorism, which educatesthe public about what to look for and report regarding terrorism-related suspicious activity. The center also maintains a public Web site (http://cid.dps.state.az.us) that providesinformation for the public and explains the operation and mission of the state fusion center: “The mission of the AcTIC is to protect the citizens and critical infrastructures of Arizona byenhancing intelligence and domestic preparedness operations for all local, state, andfederal law enforcement agencies. Mission execution is guided by the understanding thatthe key to effectiveness is the development and sharing of information between participantsto the fullest extent as is permitted by law or agency policy.”Based on the experiences gleaned from this project, BJA and PM-ISE developed the BuildingCommunities of Trust project. This project focuses on developing relationships of trustbetween police, fusion centers, and the communities they serve, particularly immigrant andminority communities, so that the challenges of crime control and prevention of terrorismcan be addressed. Effective crime control and the prevention of terrorism requiremeaningful sharing of information among police agencies and between the community andpolice. Underlying information sharing are a number of important federal initiatives thatseek to support an effective information sharing environment, reflecting full transparencyand protection of privacy rights and civil liberties of all people. This initiative seeks toexplore the intersection of three critical partners—the community, local law enforcement,and fusion centers—in our nation’s framework to improve information sharing and protectour local communities. The knowledge about communities that comes from trust-basedrelationships between law enforcement and the local community is critical, because it allowslaw enforcement officers and analysts to distinguish between innocent cultural behaviorsand behavior indicative of criminal activity.Page 80Final Report: ISE-SAR EELeveraging Promising Practices Page 72 The project stressed the importance of providing a robust outreach program. The ISE-SAREE outreach reached a multitude of agencies and organizations, including: 2008 and 2009 National Fusion Center Conference: Presentations,➢ Exhibits, and Hands-on-Lab Demonstrations 2007−2009 Regional Fusion Center meetings:➢

Presentations and Resource Materials 2008−2009 Global Justice Information Sharing Initiative➢ Advisory Committee: Semiannual Status Updates CICC: Quarterly Status Updates PM-ISE➢ ➢ Leadership: Quarterly Status Updates NIEM Program Management Office: Periodic Status Update➢ ➢ 2008−2009 IACP Annual Conference • Major Cities Chiefs Executive Committee: Presentations and Resource Material • Railroad Police Section: Presentation and Resource Material• University and College Committees: Presentation and Resource Material • Police Investigative Operations Committee: Presentation and Resource Material • Intelligence Coordination Panel: Presentation and Resource Material • Homeland Security Committee: Presentation and Resource Material • Criminal Justice Information Systems Committee: Presentation and Resource Material • Hands-on-Lab Demonstration of the SVT and SAR Search Tool• Facilitation of Breakout Panel regarding ISE-SAR EE Other➢ National Law Enforcement Organizations:• Major Cities Chiefs Association: Presentations and Resource Materials • Major County Sheriffs’ Association: Presentations and Resource Materials • National Sheriffs’ Association: Presentations and Resource MaterialsPage 81Final Report: ISE-SAR EELeveraging Promising Practices Page 73 These outreach opportunities were often led by state and local participants who were able toshare their experiences, promising practices, and lessons learned to a large population ofthe law enforcement community. INSTITUTIONALIZATION OF PROCESSES FOR THE HANDLING OF SARINFORMATION It is important that consistent processes be developed nationwide to ensure consistency inthe collection and sharing of SAR information. Internal agency policies are very important insuccessfully implementing an agency-wide process to ensure that all agency membersunderstand their role in gathering and analyzing suspicious activity reports. Written policiesshould be very specific as to the internal flow of SAR information and to reinforce the needto respect civil rights and civil liberties concerns when gathering, analyzing, anddisseminating SARs.The Arizona Counter Terrorism Information Center (AcTIC) has a policy to explain its use ofthe center’s Suspicious Activity Reporting System. After an entry is made, it is electronicallysent to an investigative supervisor, who reviews the information for investigative contentand assigns it to an investigator/analyst. The Watch Center Supervisor reviews all SARreport entries daily for completeness and potential terrorism nexus and continuouslymonitors and assesses situational awareness to determine if suspicious activity is present inany reporting coming in to the center. The SAR Gatekeeper reviews all entries daily for thestandardized behavior-specific activities, and if they are present, the entry is coded as a SARand prepared to be pushed to the ISE-SAR Shared Spaces.The Houston Police Department’s General Order No. 800-07, Criteria for Submitting IncidentReports, has a section on suspicious activity. The General Order requires all information tobe initially reported to the department’s Criminal Intelligence Division, where it is analyzed todetermine the type of information it contains and where the information should be routedwithin the department. By this process, the Houston PD is able to take an “all crimes”approach to monitoring suspicious activity and ensure that terrorism-related suspiciousactivity is properly monitored and forwarded for appropriate follow-up. All terrorism-relatedinformation is routed to the fusion center. The fusion center has a process in place toreview all SAR data consistent with the agency’s privacy framework. A fire program is nowbeing added to this routing process so that information from the fire department will berouted to the fusion center.LAPD modified its existing Investigative Report used by officers to report crimes. Threesimple changes were made: the addition of a check box to identify as a SAR report, a checkbox for distribution to the Counter Terrorism and Criminal Intelligence Bureau (CTCIB) MajorCrimes Division (MCD), and a check box for “Involved Party (IP)” information. Modifying anexisting report that officers were familiar with simplified the introduction of the SAR processthroughout the department. All SARs are forwarded to the MCD SAR Unit for processing andPage 82Final Report: ISE-SAR EELeveraging Promising Practices Page 74 analysis. The SAR Unit is the

centralized unit responsible for updating all incoming SARswith the SAR modus operandi codes, tracking for status, vetting, and investigativeassignment. Vetting includes informing the FBI of those SARs that meet the criteria. A SARis first reported by a line officer and reviewed by a supervisor. Both officer and supervisorhave been trained in recognizing the behaviors and indicators that terrorists may exhibit. Ifthe supervisor feels the SAR meets the criteria, it will then be sent to the MCD’s SAR Unit,where it is further vetted and moved to the ISE-SAR Shared Spaces. Following initial vetting,the SAR Unit at the MCD makes a determination whether to forward the information to theregional fusion center and/or to the JTTF.LAPD developed audit and management tools to evaluate the current SAR reporting processand continues to modify the program, as well as enhance training, based on emergingtrends and lessons learned during the SAR process. The LAPD audit process includes bothinternal and external audits. An internal audit is conducted daily by the SAR Unit to ensurethat all reported SARs are received and that all activity which indicates that a SAR should bereported does result in a SAR. The SAR process was added to the external audit schedule ofthe Inspector General’s Office and the semiannual internal audit schedule of LAPD. LAPDManagement Tools include reports to help identify emerging trends and to identify gaps.The Seattle Police Department’s Criminal Intelligence Bureau (CIB) initially receivesinformation from officers within the Seattle Police Department in the form of informationreports; field interview reports; and other reporting mechanisms. After review by the CIB, thereports are taken to the state fusion center, where they are further analyzed and distributedto the appropriate agency for follow-up investigation. This process has allowed the SeattlePD to merge its procedures for the handling of suspicious activity with those of the statefusion center, allowing for an efficient and streamlined effort.The Virginia State Police has a Standard Operating Procedure in place concerning the SARprocess within the agency. All employees of the Virginia State Police were provided withInformation Bulletin 2009–35, explaining suspicious activity reporting procedures for theVirginia Fusion Center. The directive goes on to explain the types of information and types ofactivities that should be reported to the fusion center, as well as the appropriate forms forreporting the information.The Southern Nevada Counter-Terrorism Center has developed outreach materials thatassist the community with recognizing the signs of terrorism. Because of the uniquejurisdictional challenges faced by the tourism and casino industry, Nevada has developed aspecialized liaison program. This outreach program focuses on hotel staff, including valetattendants, private security, bell captains, and housekeeping. In this effort, the Las VegasPolice Department (LVPD) is providing software (Trapwire) to several hotel/casino sites in itscity so that they can report suspicious activity. There are 14 sites currently involved. Thecasinos/hotels populate a node at their site with suspicious incidents that have beenobserved and reported, and they also enter proprietary data (which is not shared). ThePage 83Final Report: ISE-SAR EELeveraging Promising Practices Page 75 suspicious incidents are then shared with the other sites involved in the project and withLVPD. USING SAR INFORMATION IN AGENCY DECISION MAKING It is important that terrorism-related suspicious activity be shared with other lawenforcement agencies in the ISE-SAR Shared Spaces. It is equally important that thegathering agency utilize the information when making decisions on resource deploymentand asset allocations. Many law enforcement agencies have formalized processes forutilizing information developed from the SAR program in the agency’s decision-makingprocess.The Boston Police Department and the Boston Regional Intelligence Center (BRIC) utilize theexcellent relationships that have been built with the surrounding Urban Areas SecurityInitiative (UASI) regional partners and have a general agreement with the seven participatingUASI cities—Quincy, Brookline, Cambridge, Revere, Everett, Summerville, and Chelsea—tojointly implement a regional SAR initiative. The key component of the information sharinginitiative is daily conference calls with these agencies and components of the Boston PoliceDepartment in which information is shared and then utilized in the daily decision-makingand resource allocation processes. LAPD has a computerized statistics process whereby the

agency’s information analysisprocess feeds the agency’s decision-making process. Information from the SAR program isanalyzed and provided to LAPD commanders, who utilize that information to make decisionson officer deployments and assignments. The department has developed a crime-mappingprogram that includes information from the SAR initiative that allows the department’scommand staff to understand its crime environment and supports the decision-makingprocess. DEVELOPMENT OF THE TERRORISM INDICATORS DATABASE In order for law enforcement agencies to collect the correct information concerning activitiesthat may have a nexus to the planning of a terrorist attack, it is important that theyunderstand the indicators from previous terrorist attacks that were part of the planningprocess. An analysis has to be conducted of previous terrorist attacks so that lawenforcement can document those activities to provide a basis for gathering informationconcerning the indicators of future terrorist attacks.BJA’s State and Local Anti-Terrorism Training (SLATT) Program has long maintainedinformation on both domestic and international terrorist events that affect the United States. As a part of this project, the database was enhanced to include information concerning theactivities enumerated in the ISE SAR Functional Standard, Appendix B, relating to suspiciousactivities that can be shared in the ISE-SAR Shared Spaces. The information available in thePage 84Final Report: ISE-SAR EELeveraging Promising Practices Page 76 Terrorist and Criminal Extremist Events Database is available in four formats—chronological,by topic, search engine, and geospatial. The Calendar of Terrorist and Criminal Extremist Events is a chronology ofantigovernment, terrorist, and criminal extremist activities that occurred eitherin the United States or involved a U.S. interest from January 1997 to recenttime. These listings illustrate a broad spectrum of activities from large-scaleacts of terrorism to local acts of harassment and intimidation. They alsohighlight violent political attacks carried out by terrorist and extremist groups,cite the more significant criminal violations perpetrated by extremists, andinclude activist-related court decisions. The Terrorist and Criminal Extremist Incidents lists are categorized by topic,searchable, and arranged in chronological order, starting with the most recentevents. An explanation of the content included on each list is presented withthe data.The Suspicious Activity Search allows searches to be conducted on multipledata fields, including dates, locations, precursor terrorist indicators, affectedinfrastructure type, and/or group affiliation. The Geospatial Search allows events to be mapped and reviewed by a varietyof criteria, including date, location, precursor terrorist indicator, affectedinfrastructure type, and/or group affiliation in relation to distance from aspecified location.The SLATT project relied on the LAPD research of an extensive set of behavior-specific codesfor the reporting of suspicious activity. These codes provided the method for documentingbehavioral indicators that have a potential nexus to terrorism. LAPD used the codes to trainits personnel in the recognition of suspicious activity. The process continued to mature asLAPD conducted research to develop patterns and determine the frequency of use with thecodes. For this initiative, additional subject-matter experts from state and local agenciesreviewed the LAPD codes as well as those identified in the Functional Standard. Throughoutthe project, these behavior codes were consistently mapped and validated to ensure thatthey are representative of the current terrorism threat environment.Page 85Page 77 AppendicesPage 86Final Report: ISE-SAR EEAppendices Page 78Page 87Page 79 APPENDIX ONE: PROJECT PARTICIPANTS PROJECT SPONSORS AND PARTNERS: ➢ U.S. Department of Justice (DOJ), Bureau of Justice Assistance (BJA), http://www.ojp.usdoj.gov/BJA

Federal Bureau of Investigation (FBI), http://www.fbi.gov U.S. Department of Homeland Security➢ ➢ (DHS), http://www.dhs.gov Program Manager, Information Sharing Environment (PM-ISE),➢

http://www.ise.gov Major Cities Chiefs Association (MCCA), http://www.majorcitieschiefs.org➢ ➢ DOJ’s Global Justice Information Sharing Initiative (Global), Criminal Intelligence Coordinating Council (CICC), http://www.it.ojp.gov/global U.S. Department of Defense (DoD),➢ http://www.defenselink.mil/policy/sections/policy_offices/hd/index.html International Association➢ of Chiefs of Police (IACP), http://www.theiacp.org Major County Sheriffs’ Association (MCSA),➢ http://www.mcsheriffs.com PROJECT PARTICIPANTS: Arizona Counter Terrorism Information➢ Center (AcTIC)/Arizona Department of Public Safety Boston Regional Intelligence Center/Boston➢ Police Department Chicago Police Department Florida Fusion Center/Florida Department of Law➢ ➢ Enforcement Houston Regional Intelligence Service Center/Houston Police Department Los➢ ➢ Angeles Police Department Miami-Dade Police Department New York State Intelligence Center➢ ➢ (NYSIC)/New York State Police Washington State Fusion Center/Seattle Police Department➢ ➢ Southern Nevada Counter-Terrorism Center/Las Vegas Metropolitan Police Department Virginia➢ Fusion Center/Virginia State Police Washington Regional Threat and Analysis Center/Washington,➢ DC, Metropolitan Police DepartmentPage 88Final Report: ISE-SAR EEAppendix One: Project Participants Page 80Page 89Page 81 APPENDIX TWO: PROJECT TIMELINE ISE-SAR EVALUATION ENVIRONMENT TIMELINE Illustrated below is a comprehensive timeline highlighting documents developed, meetings,site visits, training, technology, and other significant milestones throughout the ISE-SAREvaluation Environment (ISE-SAR EE). Not captured below are the ad hoc planning effortsand countless conference calls that went into the development of a standardized SARprocess and the ISE-SAR EE. A special thank-you is extended to all the partners at the state,local, and federal levels that helped make this project a success in such a short period oftime. Law Enforcement Associations’ SAR Resolutions AssociationsDate Major Cities Chiefs Association (MCCA) SAR ResolutionJune 10, 2008Major County Sheriffs’ Association SAR ResolutionJune 29, 2008International Association of Chiefs of Police SAR ResolutionNovember 11, 2008National Sheriffs’ Association SAR ResolutionJanuary 31, 2009 ISE-SAR EE Publications DocumentsDate SAR for Local and State Entities IEPD v1.0January 22, 2008ISE-SAR Functional Standard, Version 1.0January 25, 2008ISE-SAR Functional Standard and Evaluation Environment: InitialPrivacy and Civil Liberties Analysis, Version 1September 2008Findings and Recommendations of the Suspicious Activity Report(SAR) Support and Implementation Project (SAR Report) October 24, 2008SAR Process Implementation ChecklistNovember 2008ISE-SAR Segment ArchitectureDecember 2008Nationwide SAR Initiative (NSI) CONOPSDecember 23, 2008ISE-SAR EE Implementation Guide, Version 1.0 January 9, 2009ISE-SAR Functional Standard, Version 1.5May 21, 2009NSI Activity SummaryMonthlyPage 90Final Report: ISE-SAR EEAppendix Two: Project Timeline Page 82 ISE-SAR EE Related Meetings EventDate PM-ISE hosted a State and Local LE SAR Meeting—Washington, DCFebruary 11, 2008SAR Executive Steering Committee Meeting—Baltimore, MDMay 6, 2008SAR Pilot Expansion Project Meeting—Washington, DCJune 2, 2008SAR Pilot Expansion Project Technology and Mapping Meeting—Washington, DCJune 2−3, 2008MCCA Intelligence Commanders Meeting—Las Vegas, NVJuly 8–9, 2008SAR Working Group Meeting—Washington, DCJuly 30, 2008Dialogue on Privacy and Civil Liberties—Washington, DCSeptember 3, 2008Criminal Intelligence Coordinating Council (CICC) Meeting: CICC unanimously approves the Findings and Recommendations ofthe Suspicious Activity Report (SAR) Support and ImplementationProject (SAR Report)—Bethesda, MDSeptember 9, 2008 ISE-SAR EE Related Meetings EventDate SAR Working Group Meeting—Washington, DCSeptember 11, 2008SAR Pilot Project Meeting—St. Louis, MOSeptember 16–17, 2008SAR Working Group Meeting—Washington, DCOctober 21, 2008DOJ’s Global Justice Information Sharing Initiative (Global) AdvisoryCommittee (GAC) Meeting: GAC unanimously approves the SARReport—

National Harbor, MDOctober 23, 2008SAR Working Group Meeting—Washington, DCDecember 2–3, 2008SAR Working Group Meeting—Washington, DCJanuary 29, 2009SAR Working Group Meeting—Washington, DCMarch 25, 2009SAR Team Meeting—Washington, DCJune 1, 2009ISE-SAR EE User Group Meeting—Bethesda, MDJune 2, 2009MCCA Intelligence Commanders Meeting—Baltimore, MDAugust 18−19, 2009ISE-SAR EE User Group Meeting—Washington, DCSeptember 16–17, 2009Page 91Final Report: ISE-SAR EEAppendix Two: Project Timeline Page 83 ISE-SAR EE Site Visits/Assessments EventDate Initial project site visit to Los Angeles Police Department by SARTeamApril 1, 2008Initial project site visit to Chicago Police Department by SAR TeamApril 3, 2008Initial project site visit to Boston Police Department by SAR TeamApril 9, 2008Initial project site visit to Miami-Dade Police Department by SARTeamApril 24, 2008Initial project site visit to New York State Police by SAR TechnicalTeamJune 16, 2008Initial project site visit to Florida Department of Law Enforcement bySAR Technical TeamJune 19, 2008Initial project site visit to Virginia State Police by SAR TechnicalTeamJune 24, 2008“As-Is” conference call with Washington, DC, Metropolitan PoliceDepartmentNovember 4, 2008“As-Is” site visit to Los Angeles Police DepartmentDecember 4, 2008“As-Is” site visit to Chicago Police DepartmentDecember 16, 2008“As-Is” site visit to Boston Police DepartmentDecember 17, 2008“As-Is” site visit to Las Vegas Metropolitan Police DepartmentJanuary 13, 2009“As-Is” site visit to Houston Police DepartmentJanuary 15, 2009“As-Is” conference call with Miami-Dade Police DepartmentFebruary 18, 2009“As-Is” site visit to Florida Department of Law EnforcementFebruary 19, 2009“As-Is” site visit to Seattle Police DepartmentFebruary 24, 2009“As-Is” conference call with New York State PoliceApril 23, 2009“As-Is” conference call with Virginia State PoliceMay 1, 2009“As-Is” site visit to Arizona Department of Public SafetyJuly 23, 2009ISE-SAR EE Final Assessment conference call with ArizonaDepartment of Public SafetySeptember 28, 2009ISE-SAR EE Final Assessment conference call with Miami-DadePolice DepartmentSeptember 28, 2009Page 92Final Report: ISE-SAR EEAppendix Two: Project Timeline Page 84 ISE-SAR EE Site Visits/Assessments EventDate ISE-SAR EE Final Assessment conference call with FloridaDepartment of Law EnforcementSeptember 30, 2009ISE-SAR EE Final Assessment conference call with Las VegasMetropolitan Police DepartmentSeptember 30, 2009ISE-SAR EE Final Assessment conference call with Houston PoliceDepartmentOctober 8, 2009ISE-SAR EE Final Assessment conference call with Washington, DC,Metropolitan Police DepartmentOctober 8, 2009ISE-SAR EE Final Assessment conference call with Virginia StatePoliceOctober 9, 2009ISE-SAR EE Final Assessment conference call with New York StatePoliceOctober 13, 2009ISE-SAR EE Final Assessment conference call with Seattle PoliceDepartment/Washington State Fusion CenterOctober 13, 2009ISE-SAR EE Final Assessment conference call with Chicago PoliceDepartmentOctober 14, 2009ISE-SAR EE Final Assessment conference call with Los AngelesPolice DepartmentOctober 16, 2009ISE-SAR EE Final Assessment conference call with Boston PoliceDepartmentNovember 12, 2009 ISE-SAR EE Training Agency and EventDateArizona Department of Public Safety Chief Executive Officer BriefingJune 4, 2009SAR Analyst/Investigator Training delivered to Arizona Departmentof Public SafetyJuly 23, 2009Line Officer TrainingTBDPage 93Final Report: ISE-SAR EEAppendix Two: Project Timeline Page 85 ISE-SAR EE Training Agency and EventDateBoston Police Department SAR Analyst/Investigator TrainingFebruary 3–4, 2009Chief Executive Officer BriefingFebruary 12, 2009Line Officer TrainingTBD Chicago Police Department SAR Analyst/Investigator TrainingMarch 3, 2009Chief Executive Officer BriefingMarch 19, 2009Line Officer TrainingTBD U.S. Department of Homeland Security SAR Analyst/Investigator Training delivered to Federal Air MarshalsServiceJune 16, 2009 Florida Department of Law Enforcement

(FDLE) SAR Analyst/Investigator Training to FDLE—MiamiJanuary 26, 2009SAR Analyst/Investigator Training delivered to FDLE—Tallahassee(funded by FDLE)June 5, 2009SAR Analyst/Investigator Training delivered to FDLE—Tampa (fundedby FDLE)June 23, 2009SAR Analyst/Investigator Training delivered to FDLE—Orlando(funded by FDLE)June 25, 2009Line Officer Training delivered to FDLE—Tallahassee (final pilot)August 6, 2009Chief Executive Officer BriefingSeptember 15, 2009 Houston Police Department SAR Analyst/Investigator TrainingMarch 5, 2009Chief Executive Officer BriefingApril 23, 2009Line Officer TrainingTBD Las Vegas Metropolitan Police Department Chief Executive Officer BriefingMarch 12, 2009SAR Analyst/Investigator TrainingApril 7, 2009Line Officer TrainingTBDPage 94Final Report: ISE-SAR EEAppendix Two: Project Timeline Page 86 ISE-SAR EE Training Agency and EventDateLos Angeles Police Department Chief Executive Officer BriefingFebruary 26, 2009SAR Analyst/Investigator TrainingJuly 21, 2009Line Officer TrainingTBD Miami-Dade Police Department SAR Analyst/Investigator TrainingJanuary 26, 2009Chief Executive Officer BriefingFebruary 19, 2009Line Officer TrainingTBD New York State Police SAR Analyst/Investigator TrainingMarch 18, 2009Line Officer Training (pilot) May 2009Line Officer Training (pilot) June 2009Chief Executive Officer BriefingSeptember 24, 2009 Seattle Police Department SAR Analyst/Investigator TrainingMay 14, 2009Chief Executive Officer BriefingMay 28, 2009Line Officer TrainingTBD Virginia State Police SAR Analyst/Investigator Training April 2, 2009Line Officer Training (pilot)June 9, 2009Chief Executive Officer Briefing October 29, 2009 Washington, DC, Metropolitan Police Department Line Officer Training December 2008SAR Analyst/Investigator Training December 12, 2008Chief Executive Officer Briefing December 18, 2008Page 95Final Report: ISE-SAR EEAppendix Two: Project Timeline Page 87 ISE-SAR EE Privacy Policy Privacy Policies determined to be consistent with the applicablerequirements of the ISE Privacy GuidelinesDate Miami-Dade Police DepartmentMay 6, 2009Florida Department of Law EnforcementMay 6, 2009Virginia State PoliceMay 6, 2009Boston Police DepartmentMay 12, 2009New York State PoliceMay 12, 2009Chicago Police DepartmentJuly 13, 2009Houston Police DepartmentAugust 13, 2009Los Angeles Police DepartmentSeptember 1, 2009Washington State Fusion CenterOctober 27, 2009 ISE-SAR EE Technology Milestones EventDate ISE-SAR EE Shared Space Install Completed at New York StatePoliceAugust 27, 3008ISE-SAR EE Shared Space Install Completed at Florida Departmentof Law EnforcementSeptember 19, 2008ISE-SAR EE Shared Space Install Completed at the Virginia StatePoliceSeptember 24, 2008ISE-SAR EE Shared Space Install Completed at Washington, DC,Metropolitan Police DepartmentDecember 17, 2008ISE-SAR EE Shared Space and SVT Install Completed at Miami-DadePolice DepartmentFebruary 23, 2009ISE-SAR EE Shared Space and SVT Install Completed at ChicagoPolice DepartmentMarch 13, 2009ISE-SAR EE Shared Space and SVT Install Completed at BostonPolice DepartmentMarch 29, 2009ISE-SAR EE Shared Space and SVT Install Completed at HoustonPolice DepartmentApril 24, 2009Page 96Final Report: ISE-SAR EEAppendix Two: Project Timeline Page 88 ISE-SAR EE Technology Milestones EventDate ISE-SAR EE Shared Space and SVT Install Completed at Las VegasMetropolitan Police DepartmentMay 19, 2009Chicago Police Department went “live” and was able to utilize theISE-SAR EE Shared SpacesJuly 22, 2009ISE-SAR EE Shared Space Install Completed at U.S. Department ofHomeland SecurityJuly 30, 2009Completed ISE-SAR EE eGuardian InterfaceAugust 15, 2009ISE-SAR EE Shared Space and SVT Install Completed at Los Angeles Police DepartmentSeptember 24, 2009ISE-SAR EE Shared Space Install Completed at eGuardianOctober 16, 2009Houston Police Department went “live” and was able to utilize theISE-SAR EE Shared SpacesNovember 30, 2009(estimated)Los Angeles Police Department went “live” and was able to utilizethe ISE-SAR EE Shared SpacesNovember 30, 2009(estimated)ISE-SAR EE Shared Space and

SVT Install Completed at SeattlePolice DepartmentDecember 3, 2009(estimated)ISE-SAR EE Shared Space Install Completed at Arizona Departmentof Public SafetyDecember 19, 2009(estimated)Page 97Page 89 APPENDIX THREE: ACRONYMS AND ABBREVIATIONS BJABureau of Justice AssistanceCFRCode of Federal RegulationsCICCCriminal Intelligence Coordinating CouncilCTISSCommon Terrorism Information Sharing StandardsCUIControlled Unclassified InformationDHSU.S. Department of Homeland SecurityDoDU.S. Department of DefenseDNI-UDirector of National Intelligence—UnclassifiedDOJU.S. Department of JusticeEAFEnterprise Architecture FrameworkEEEvaluation EnvironmentFBIFederal Bureau of InvestigationFIField InterviewFIGField Intelligence GroupGlobalGlobal Justice Information Sharing InitiativeHSINHomeland Security Information NetworkIACPInternational Association of Chiefs of PoliceIEPDInformation Exchange Package DocumentISEInformation Sharing EnvironmentJTTFJoint Terrorism Task ForceLEISPLaw Enforcement Information Sharing ProgramLEOLaw Enforcement OnlineLEXS-PDLogical Entity eXchange Specifications—Publication and DiscoveryLEXS-SRLogical Entity eXchange Specifications—Search and RetrievalMCCAMajor Cities Chiefs AssociationMCSAMajor County Sheriffs’ AssociationMOModus OperandiNCIRCNational Criminal Intelligence Resource CenterN-DExNational Data Exchange ProgramNIEMNational Information Exchange ModelPage 98Final Report: ISE-SAR EEAppendix Three: Acronyms and Abbreviations Page 90 NSISNational Strategy for Information SharingODNIOffice of the Director of National IntelligencePIAPrivacy Impact AssessmentPINPriority Information NeedPGC[ISE] Privacy Guidelines CommitteePM-ISEProgram Manager, Information Sharing EnvironmentRISSNETRegional Information Sharing Systems Secure IntranetRMSRecords Management SystemSARSuspicious Activity ReportingTSC[FBI] Terrorist Screening CenterVPNVirtual Private NetworkXMLExtensible Markup LanguagePage 99Page 91 APPENDIX FOUR: PARTICIPATING AGENCYASSESSMENTS ARIZONA COUNTER TERRORISMINFORMATION CENTER SAR PROCESS REPORT—POST-IMPLEMENTATION PHASE Following the conclusion of the Information Sharing Environment-Suspicious ActivityReporting Evaluation Environment (ISE-SAR EE), a discussion was held with the ArizonaDepartment of Public Safety’s (ADPS) Arizona Counter Terrorism Information Center (AcTIC)to document the implementation efforts conducted during the ISE-SAR EE. The results ofthe discussion are detailed below. EXECUTIVE LEADERSHIP ADPS has the lead role for the operation of AcTIC. Colocated with AcTIC are components ofthe U.S. Department of Homeland Security (DHS), the Joint Terrorism Task Force (JTTF), andvarious police departments, sheriffs’ departments, and other emergency response agenciesaround the state. It was noted that prior to the ISE-SAR EE, AcTIC had no standard operatingprocedure (SOP)/General Order regarding the SAR process.During the ISE-SAR EE, command staff and senior management were briefed on the ISE-SAREE. ADPS command staff attended the Major Cities Chiefs Association’s Chief ExecutiveOfficer Briefing in June 2009, in which nine personnel from seven agencies participated. The commander of AcTIC has been assigned to the SAR process development project; theprimary responsibility of the commander is to implement a formal SAR process within AcTIC. The day-to-day implementation has been tasked to a lieutenant within AcTIC. During the ISE-SAR EE, a SAR SOP had not been developed; however, command staff indicated that there isa plan to develop a SAR SOP. SAR BUSINESS PROCESS Prior to the ISE-SAR EE, AcTIC had developed a SAR process and collaborated with other lawenforcement agencies to develop policies and procedures concerning the reporting ofsuspicious activity. SARs are received by the center via phone calls directly to the center, e-mails, and electronic postings, using the NC4 TIP system software operated by AcTIC. Thecenter operates a 24-hour watch center, which is the initial

entry point for SAR informationinto the center. However, some SAR information is received from local agency casemanagement systems, such as the Phoenix, Arizona, Police Department. All SARinformation is eventually entered into the NC4 TIP system.Page 100Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 92 The state of Arizona has developed an extensive cadre of Terrorism Liaison Officers (TLOs)throughout the state who are both law enforcement agents and other emergency responseagents. These individuals serve as the primary contacts with local agencies to develop andreport SAR information. The TLOs may enter the information directly into the NC4 TIPsystem or call the center. The TLO program is central to the center’s ability to quicklyreceive suspicious activity information that is reported to law enforcement and otheremergency response agencies throughout the state. These officers have been speciallytrained and serve as liaisons to the respective agencies as well as to the public. Prior to theISE-SAR EE, AcTIC had a highly developed analytic section to conduct analysis of informationreceived at the center. This section is very successful because of the center’s large jointoperation, and information can quickly be analyzed and assigned for investigation andfollow-up.Prior to the ISE-SAR EE, AcTIC had submitted a privacy policy during the DHS/U.S.Department of Justice (DOJ)-sponsored Fusion Center Privacy Policy Development TechnicalAssistance.34 AcTIC was a late addition to the ISE-SAR EE, and it is currently reviewing andmodifying, as necessary, its current privacy policy to ensure that it includes the SAR processand meets the applicable requirements of the ISE Privacy Guidelines. During the ISE-SAR EE, AcTIC was in the process of developing a standard operatingprocedure (SOP) on SARs. In addition, it is also in the beginning stages of adopting thebehavior-specific codes identified in the ISE-SAR Functional Standard. During the ISE-SAREE, the NC4 TIP system was modified to include SAR information fields for transition withoutreentering information. SAR data is retrievable in the system and covers the response toand referrals and final disposition of SARs. AcTIC has developed a multilayer review processfor the vetting of SARs and moving them to the ISE-SAR Shared Spaces. An AcTIC TIP musthave two field values completed to trigger submission into the ISE-SAR Shared Spaces:(1) Under the “Basic Info” tab within the Information Sharing and AnalysisCenter (ISAC) area, the “Status” color code must be one of the following: green, yellow, orange, or red. This field is completed by the TIP initiatorand/or responsible supervisor.(2) Under the “Classified/Threat Assessment” tab and within the subreportlabeled “Target of Suspicious Activity” in the ISAC area, the drop-down tab“PIIR/SIIR” must have a “SAR” field selection. This field is to be completedonly by the AcTIC SAR Gatekeeper.Once both field values are completed, the selected TIP data fields are automatically pushedto the Arizona ISE-SAR Shared Spaces and the TIP database is synchronized daily atmidnight. Any updates to the TIP database are copied and pasted at this time. After an NC4 34The Fusion Center Privacy Policy Development Technical Assistance course is offered through the DHS/DOJ Fusion Process Technical Assistance Program and Services.Page 101Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 93 TIP entry is made, it is electronically sent to an investigative supervisor who reviews theinformation for investigative content and assigns it to an investigator/analyst. The WatchCenter Supervisor reviews all NC4 TIP entries daily for completeness and potential terrorismnexus. Daily, the gatekeeper reviews all NC4 TIP entries for the standardized behavior-specific points, and if they are present, the NC4 TIP is coded as a SAR and pushed to theISE-SAR Shared Spaces.Currently, access to the ISE-SAR Shared Spaces is restricted to the Watch Centersupervisory staff and the Situational Awareness Unit. Participants with access to the ISE-SAR Shared Spaces must sign a nondisclosure agreement. All queries on the informationwithin the ISE-SAR Shared Spaces must be completed for law enforcement purposes onlyand must have a criminal nexus. At this time, there is no formal process for notifying thesource agency if there in an error in content; however, this issue will be addressed in theSOP. SAR TECHNICAL PROCESS Prior to the ISE-SAR EE and for several years, AcTIC and other partner

agencies havecollected and managed SARs using the Tips and Leads application offered by NC4Corporation. During the ISE-SAE EE, AcTIC decided on a novel approach of using an existingreport generation capability on the NC4 system to generate a comma-separated values(CSV) file containing all of the SAR fields that AcTIC has decided to submit to its sharedspace. The CSV file is processed by an extract, transform, and load routine and loads all theSARs into the AcTIC Shared Spaces database. TRAINING Prior to the ISE-SAR EE, AcTIC had developed numerous training programs for state ofArizona and fusion center personnel to train them on the SAR process as well as terrorism-related information. In addition, AcTIC developed a high-level training program for its TLOswithin the state. This training has developed into a model for other states and fusioncenters for the training of its TLOs.Page 102Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 94 During the ISE-SAR EE, ADPS participated in the Chief Executive Officer Briefing and the SARanalyst/investigator course. During the SAR analyst/investigator course in the Phoenix areain July 2009, 28 personnel were trained from 10 law enforcement agencies. ADPS plans toutilize the line officer training once it is made available nationwide. INSTITUTIONALIZATION OF THE SAR PROCESS Prior to and during the ISE-SAR EE, AcTIC had a process to handle SARs. This process hasbeen institutionalized with the local, state, and federal agencies because of the colocationof critical components of each of those agencies in the center. The center has implementeda software solution to ensure that all SAR information leads are followed through withappropriate investigative activity.AcTIC analyzes all SARs and utilizes the all-crimes approach to identify emerging trends andbehavior patterns. The SAR process is modified to meet the needs as new information isreceived and new patterns and priority information needs are identified. Special reports,alerts, warnings, and notifications based on the analysis of SARs, crime, and arrest activityare developed and shared externally with regional partners, local law enforcement, andsecurity personnel at critical infrastructure/key resource locations. OUTREACH TO THE PUBLIC Prior to and during the ISE-SAR EE, the center had developed a DVD for distribution to thepublic and first responders titled 8 Signs of Terrorism, which educates the public about whatto look for and report regarding terrorism-related suspicious activity. The center alsomaintains a public Web site (http://cid.dps.state.az.us) that provides information for thepublic and explains the operation of the state fusion center. In addition, ADPS has a highlydeveloped TLO program that provides outreach to the public and first responder agencies inthe state. PARTNERING WITH OTHER AGENCIES AND CONNECTING TO INFORMATION SHARING AcTIC has healthy partnerships with the various state and local government agencies andpublic safety offices and agencies in the region. Components of DHS, the Federal Bureau ofInvestigation’s (FBI) JTTF, the Phoenix Police Department, the Maricopa County Sheriff’sOffice, the Phoenix Fire Department, and other emergency response agencies are colocatedat the center. The TLO program is utilized extensively by AcTIC for outreach to the privatesector as well as other government agencies. AcTIC has a strong relationship with DHS andthe JTTF through colocation at the center.AcTIC has access to the Regional Information Sharing Systems Secure Intranet (RISSNET),the Homeland Security Information Network, and the FBI’s Law Enforcement Online, whichallows the sending and receiving of secure e-mail via these secure networks. AcTIC also hasaccess to the state’s criminal justice network, participates in a number of regionalPage 103Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 95 information sharing initiatives, and operates a public Web site. AcTIC technical staffmembers are working with the SAR project team to develop the ability to export the recordsmanagement system data in the National Information Exchange Model format. PARTNERING TO DEVELOP GEOGRAPHIC RISK ASSESSMENTS AcTIC works with federal partners in Arizona as well as its federal headquarters counterpartsto develop the information needed to create geographic risk assessments. The

primaryresponsibility for these assessments rests with AcTIC. The center also works with federalagencies to develop information needs based on risk assessments as well as other reviewsand analyses of SARs. PROJECT RECOMMENDATIONS FROM THE ARIZONA COUNTER TERRORISM INFORMATIONCENTER There is no need for a national program office. If➢ ➢ nationwide standards are to be established and maintained, it is recommended that a national training program for this project be created. A national users group should be established for this project that➢ will assist with vetting changes, identifying lessons learned and success stories,networking, and identifying challenges. There is a need for ongoing technical support for the Nationwide SAR➢ Initiative. A national legal office for this initiative should be established to protect the data being➢ collected and to address concerns raised by the American CivilLiberties Union and other privacy advocates. Agencies should receive training, technical support, and funding for the servers during➢ this initiative.Page 104Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 96 BOSTON, MASSACHUSETTS, POLICEDEPARTMENT SAR PROCESS REPORT—POST-IMPLEMENTATION PHASE Following the conclusion of the Information Sharing Environment-Suspicious ActivityReporting Evaluation Environment (ISE-SAR EE), a discussion was held with the Boston, Massachusetts, Police Department’s (BPD) Boston Regional Intelligence Center(BRIC) to document the implementation efforts conducted during the ISE-SAR EE. Theresults of the discussion are detailed below. EXECUTIVE LEADERSHIP Currently, BPD has no General/Special Order relating to SAR; however, the agencysuperintendent fully supports the SAR process, and the department is in the developmentstage of issuing a SAR General/Special Order. The order will be released in conjunction withthe department-wide online SAR training. The BPD command staff received the Major CitiesChiefs Association’s Chief Executive Officer Briefing in February 2009, in which 46command staff personnel from 8 law enforcement agencies participated. During the ISE-SAR EE, a deputy superintendent within BRIC was assigned primary responsibility forimplementation of the SAR process throughout BRIC and BPD. SAR BUSINESS PROCESS Prior to the ISE-SAR EE, BPD had a check box on its incident reports that allowed officers toidentify a potential SAR. Once this box is checked, the information is flagged for BRIC toreview. Each district in the department files its SARs with BRIC, and BRIC assigns adetective to serve as the formal reviewer of all SARs submitted to the center. As part of thebusiness process, the detective reviews all SARs that have a potential terrorism-relatednexus within the first 24 hours. If a SAR is deemed to be terrorism-related, the detectiveforwards the SAR to the Joint Terrorism Task Force (JTTF). After the SAR is analyzed by BRICpersonnel, action is taken to either respond to the SAR, refer it to the investigative unit orJTTF, or take no further action and close the report. Feedback on the SAR’s disposition isprovided to the submitting officer. BRIC can access all of BPD’s automated systems through a data warehouse and canretrieve SAR data from any of the systems. BRIC utilizes an automated search capability forinformation in the records management system (RMS), computer-aided dispatch,intelligence systems, and field interview card process to identify reports that have certainterrorism-related behaviors requiring additional analysis. In addition, discussion hasPage 105Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 97 occurred between BRIC and the Massachusetts Commonwealth Fusion Center35 aboutstandardizing the SAR process between the two agencies. Additional jurisdictionsparticipating in the Urban Areas Security Initiative (UASI) have agreed to send their SARs toBRIC; BRIC and BPD will then serve as the regional “vetting authority” and send allappropriate SARs to the ISE-SAR Shared Spaces.During the ISE-SAR EE, BPD did not adopt the behavior-specific codes detailed in the ISE-SAR Functional Standard but reviewed its own codes and can classify its activities based onthe Functional Standard. BRIC developed and implemented a privacy policy regarding thereporting of suspicious activity that

meets the applicable requirements of the ISE PrivacyGuidelines. During the ISE-SAR EE, BRIC developed a multilayer review for the vetting ofSAR information. Once a potential SAR is identified and the box is checked, the report iselectronically sent to a data warehouse, where an analyst in BRIC vets the information andadds any value to the report. If the analyst deems the report to contain terrorism-relatedinformation, it is reviewed by a supervisor for final approval. If the supervisor designates theinformation as an ISE-SAR, it is manually entered into the ISE-SAR Shared Spaces via theSAR Vetting Tool (SVT). In order to protect the information within the ISE-SAR SharedSpaces, it was determined that access to the ISE-SAR Shared Spaces would be limited topersonnel within BRIC that have attended the analyst/investigator and privacy training. It isBRIC policy that all queries on the information within the ISE-SAR Shared Spaces be for lawenforcement purposes only and must have a criminal nexus. SAR TECHNICAL PROCESS Prior to the ISE-SAR EE, BRIC’s technical process included an in-house-designed datawarehouse solution with an interface to the Environmental Systems Research Institute, Inc.(ESRI), geographic information system software application. Each night, all incident data,including potential SARs, is loaded into the warehouse solution. BRIC analysts can thensearch the warehouse for new incident records that may support ongoing investigations,including general crimes, gang violence, and terrorist activities. Using the ESRI tools,analysts can also track crime patterns and trends on map background for use in dailybriefings and investigative reports.Once BRIC analysts determine that incident data (terrorism or criminal indicators) isimportant to an intelligence case, data from the data warehouse solution and/or RMS isexported to an intelligence case management system. This type of system is also used bythe Massachusetts Commonwealth Fusion Center. Plans are under way to connect the twosystems to provide effective data exchange between the two centers. During the ISE-SAR EE, BRIC requested the use of the SVT to augment existing legacy systemdata and act as a bridge between the legacy system and the Shared Spaces database. The 35The state-designated fusion center, as determined by the Federal Bureau of Investigation (FBI) and the U.S. Department of Homeland Security (DHS).Page 106Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 98 SVT application and database were installed on the ISE-SAR Shared Spaces Server as aneconomical approach to share hardware and MS-SQL resources. The common architectureis described below. TRAINING Prior to the ISE-SAR EE, the department had not developed nor implemented agency-widetraining on the SAR process. BPD was developing SAR training independent of the ISE-SAREE. This training will focus on homeland security and violent street crime and will beapplicable to personnel outside of the department, including university police, public schoolpolice, parking enforcement, and code inspectors. BPD was using portions of the State andLocal Anti-Terrorism Training (SLATT) Program instruction material in its in-service trainingand preservice curriculum in the academy.During the ISE-SAR EE, BPD and BRIC participated in the Chief Executive Officer Briefing andthe analyst/investigator course. During the SAR analyst/investigator course in the Bostonarea in February 2009, 24 personnel were trained from 10 law enforcement agencies. BPDplans to utilize the line officer training once it is made available nationwide. In addition, BPDcontinued its efforts to develop online SAR line officer training. It is anticipated that thetraining will be finalized in November 2009 and made available to line officers in December2009. INSTITUTIONALIZATION OF THE SAR PROCESS Prior to and during the ISE-SAR EE, several efforts were under way in BRIC to institutionalizethe SAR process. While there is no formal liaison officer program within BRIC, officers ineach of the BPD districts and surrounding agencies work closely with BRIC. The commanderfor BRIC conducts audits of the intelligence and SAR files, and the SAR reports are reviewedand analyzed on a regular basis. BRIC regularly compares its information needs against thecurrent jurisdictional trends and modifies its SAR process as needed. SAR review is also apart of BRIC’s alert and notification process, with alerts and notifications sent out todistribution lists maintained by BRIC. These distribution lists include BPD’s district officesPage 107

Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 99 and participating UASI agencies, and BRIC conducts daily conference calls with thoseentities to ensure that all information is shared on a timely basis. OUTREACH TO THE PUBLIC Prior to and during the ISE-SAR EE, BPD conducted citizen academies in order to inform thepublic on terrorism behaviors and how to report suspicious activity. In addition, there aremonthly forums that are held with the Middle Eastern community groups within the city. BPD is partnering with the state, local, and federal agencies for the Building Communities ofTrust program. Currently, the department conducts approximately 5,000 communityoutreach programs a year for all crime types, including terrorism. PARTNERING WITH OTHER AGENCIES AND CONNECTING TO INFORMATION SHARING Prior to and during the ISE-SAR EE, BRIC and BPD had various information sharing initiativesin place. External stakeholders in the Boston area are informed of and support BRIC’soperations. BRIC has excellent relationships with the surrounding UASI regional partnersand has a general agreement with the seven participating UASI cities—Quincy, Brookline,Cambridge, Revere, Everett, Summerville, and Chelsea—to jointly implement a regional SARinitiative. It was also indicated that several cities outside of the UASI region may elect to jointhe BPD SAR initiative.BRIC can access the Regional Information Sharing Systems Secure Intranet (RISSNET), theFBI’s Law Enforcement Online (LEO), and the Homeland Security Information Network and isable to send and receive secure e-mails through RISSNET and LEO. BRIC can also accessthe state’s criminal justice network. Although BRIC works closely with the MassachusettsCommonwealth Fusion Center (a state fusion center representative is staffed in BRIC), thetwo are not directly connected; therefore, information sharing is not automated.In addition, formal training develops partnerships among public safety, the private sector,and BRIC. After the formal training is completed, BRIC will meet with public safety andprivate sector personnel on an ad hoc basis depending on the emerging trends throughoutthe city. BRIC has access to independent e-mail alert systems within the financial and hotelindustries and hospitals throughout the city. Alerts can immediately be sent out over thesesystems, and the information is quickly disseminated by personnel within the industries. PARTNERING TO DEVELOP GEOGRAPHIC RISK ASSESSMENTS Prior to and during the ISE-SAR EE, BRIC worked with DHS and the FBI to develop riskassessments and information needs, and all terrorism-related SAR activity is reported to theJTTF. Many local-area agencies, as well as state and federal agencies, are represented, insome capacity, in BRIC and participate in the development of these assessments.Page 108Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 100 PROJECT RECOMMENDATIONS FROM THE BOSTON POLICE DEPARTMENT There is a need for some➢ form of governing body, such as a national program office, to monitor the Nationwide SAR Initiative (NSI) and take thelead in the coordination efforts between agencies at all levels ofgovernment. ➢ There should be a national training program to assist agencies in the development and/or delivery of SAR-related training. If it can be made affordable, there is tremendous value in the creation of a➢ national users group for the NSI. A national users group would bringagencies together so they can form relationships and discuss issues, bestpractices, and lessons learned regarding the NSI. There is a➢ need for ongoing technical support in order for the technology to evolve with the project. A national➢ legal office should not be created. Multiple legal resources already exist for law enforcement agencies at all levels of the government. A “daily digest” should be created for the ISE-SAR Shared Spaces.➢ This capability would allow agencies to monitor the SARs that are beingsubmitted to the ISE-SAR Shared Spaces on a daily basis and could savethe time and effort it takes to conduct multiple searches.

An appropriate threshold should be clearly defined for entering a SAR into the ISE-SAR Shared➢ Spaces. During the ISE-SAR EE, there seemed to be adisparate amount of SARs being entered between the agencies. BPD wantsto avoid the entry of information into the ISE-SAR Shared Spaces that is notof value and avoid large volumes of information being “dumped” into thesystem.Page 109

Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 101 CHICAGO, ILLINOIS, POLICE DEPARTMENT SAR PROCESS REPORT—POST-IMPLEMENTATION PHASE Following the conclusion of the Information Sharing Environment-Suspicious ActivityReporting Evaluation Environment (ISE-SAR EE), a discussion was held with the Chicago,Illinois, Police Department (CPD) to document the implementation efforts conducted duringthe ISE-SAR EE. The results of the discussion are detailed below. EXECUTIVE LEADERSHIP Prior to the ISE-SAR EE, CPD did not have a policy regarding the collection and analysis ofsuspicious activity information. The command staff in CPD’s Deployment Operations Centerhad been briefed on the initiative and had attended conferences and training events inwhich the SAR process implementation was discussed. CPD command staff and seniormanagement had shown their full support for this effort. During the ISE-SAR EE, CPD command staff received the Major Cities Chiefs Association’sChief Executive Officer Briefing in May 2009, and 36 command staff personnel fromapproximately 31 law enforcement agencies participated. Currently, there is no separatepolicy for the collection and analysis of SAR information; however, there is a comprehensivepolicy on the handling of information reports. As the project matures, the chief of theCounterterrorism and Intelligence Division (CID) will be responsible for drafting a SAR policy. A commander from CID has been assigned to the SAR process development project; theprimary responsibility of the commander is to implement a formal SAR process at CPD. SAR BUSINESS PROCESS Prior to the ISE-SAR EE, CPD utilized an “information report” to collect data regardingsuspicious activity. CPD forwarded all of the information reports containing terrorism-relatedissues to CID. Based on its analysis and investigation, CID made a determination as to thedisposition of these reports. The disposition included either referral for full investigation orreferral to another agency for its review. A database was designated to document and trackthe reported terrorism-related suspicious activity information. CID is responsible forproviding feedback to the officers who submit the suspicious activity.Prior to the ISE-SAR EE, CPD had not adopted the behavior-specific codes listed in the ISE-SAR Functional Standard. All terrorism-related information reports were vetted within 24hours and a report provided to the on-duty lieutenant in CID. After the lieutenant’s review,relevant terrorism-related information reports were forwarded to the Illinois StatewideTerrorism and Intelligence Center, the U.S. Department of Homeland Security’s (DHS)National Operations Center (NOC), and the Federal Bureau of Investigation’s (FBI) JointPage 110Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 102 Terrorism Task Force (JTTF) for further vetting. Prior to the ISE-SAR EE, the department wasusing the eGuardian system to submit terrorism-related SARs to the JTTF. During the ISE-SAR EE, CPD continued to use the same SAR mechanisms that were usedprior to the ISE-SAR EE. However, CPD created a multilayer review process for reviewing andvetting SARs and moving them to the ISE-SAR Shared Spaces. The department requesteduse of the SAR Vetting Tool (SVT) to input its SAR data for ultimate migration to the ISE-SARShared Spaces. CID adopted the behavior-specific codes illustrated in the ISE-SARFunctional Standard and developed and implemented a privacy policy regarding thereporting of suspicious activity that meets the applicable requirements of the ISE PrivacyGuidelines. In order to protect the information within the ISE-SAR Shared Spaces, it wasdetermined that access to the ISE-SAR Shared Spaces would be limited to personnel withinCID, and by policy, all queries on the information within the ISE-SAR Shared Spaces is for lawenforcement purposes only and must have a criminal nexus. It was indicated that if SARinformation is identified as having an error, CID will immediately contact the source agencyand rectify the error. SAR TECHNICAL PROCESS Prior to the ISE-SAR EE, the center of CPD’s information technology infrastructure was theCitizen Law Enforcement Analysis and Reporting (CLEAR) system. Initially deployed in April2000, the CLEAR system is the foundation for a growing set of integrated CLEARapplications used by CPD officers and civilians in and around the Chicago area. Handlingthousands of queries daily, the CLEAR system

supports all law enforcement andinvestigative functions within CPD.During the ISE-SAR EE, CPD requested the use of the SVT to augment existing legacy systemdata and act as a bridge between the legacy system and the Shared Spaces database. TheSVT application and database was installed on the ISE-SAR Shared Spaces Server as aneconomical approach to share hardware and MS-SQL resources. The common architectureis described below.Page 111Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 103 TRAINING Prior to the ISE-SAR EE, CPD had developed a five-day terrorism training program and was inthe process of training all of its officers. CID continuously monitors all incoming terrorism-related information in order to identify new trends and emerging issues. The results of thisanalysis are provided to the training bureau.During the ISE-SAR EE, CPD continued its efforts to train all officers in its five-day terrorismawareness program, and SAR-related training has been provided to all Terrorism LiaisonOfficers (TLOs) within the department. It was indicated that CID continually monitors allincoming SARs and evaluates those for new trends and emerging issues. The results of theanalysis are provided to the Training Bureau. In addition, CPD participated in the ChiefExecutive Officer Briefing and the SAR analyst/investigator course. During the SARanalyst/investigator course in the Chicago area in March 2009, 21 personnel were trainedfrom three law enforcement agencies. CID plans to utilize the line officer training once it ismade available nationwide. INSTITUTIONALIZATION OF THE SAR PROCESS Prior to and during the ISE-SAR EE and continued throughout the ISE-SAR EE, CPDmaintained a robust TLO program within the department. Officers are selected from 25districts, one per watch, and include approximately 80 members. TLOs meet quarterly andhave organized training programs with guest speakers. CPD disseminates suspiciousactivity alerts, warnings, and notifications via intelligence bulletins to all law enforcementofficers, as well as selected managers of critical infrastructure and other governmentagencies. The audience for these reports includes the command staff, the DeploymentOperations Center’s Web site, roll call distribution in each district office, the LawEnforcement Online (LEO) Special Interest Group, Homeland Security State and LocalIntelligence Community of Interest, and the Regional Information Sharing Systems SecureIntranet (RISSNET). OUTREACH TO THE PUBLIC Prior to and during the ISE-SAR EE, CPD had an aggressive outreach program to thecommunity. The Chicago Alternative Policing Strategy is used to educate the public andbusiness community regarding activities of CPD. A weekly bulletin is distributed to thebusiness community, and posters are provided in public areas such as mass transit utilizingthe “See something—Say something” concept. Additionally, officers are assigned to thedowntown business district to implement the department’s homeland security strategy. PARTNERING WITH OTHER AGENCIES AND CONNECTING TO INFORMATION SHARING Prior to and during the ISE-SAR EE, CPD had developed partnerships with other public safetyagencies and utilizes the TLO program to maintain and enhance relationships with itsPage 112Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 104 partners. Additionally, the mayor of Chicago and city council committees are briefed on aregular basis concerning homeland security activities. As noted during the site visits, CPD is a member of RISSNET, LEO, and the HomelandSecurity Information Network and can send and receive secure e-mails via RISSNET andLEO. CPD can access the Illinois criminal justice network and operates several city andregional information systems that are accessible by CID. CPD had a working relationshipwith the state fusion center; however, there is no direct electronic connectivity. PARTNERING TO DEVELOP GEOGRAPHIC RISK ASSESSMENTS Prior to and during the ISE-SAR EE, CPD indicated that it had developed threat assessmentsand special assessments using data from the FBI, DHS, and CPD information reports. Although it does not have a formal information needs process, CPD works closely with theFBI, DHS, and U.S. Immigration and Customs Enforcement to gain relevant information andto

provide that information to relevant partners. To determine and coordinate informationneeds, CPD staff members noted that they regularly work with the JTTF as well as the NOCand incorporate these information needs as appropriate. They also explained that theHuman Intelligence Squad is responsible for developing information needs and managinghuman assets. These efforts provide additional feedback to CPD for further evaluation andanalysis. PROJECT RECOMMENDATIONS FROM THE CHICAGO POLICE DEPARTMENT There needs to be some federal-level coordination; however,➢ the initiative is primarily a local-agency issue. Training on SAR should be handled at the local➢ level. A national users group would be beneficial to help local agencies coordinate their activities. ➢ ➢ There is a need for ongoing technical support for the current technology that has been deployed for the ISE-SAR Shared Spaces. There is no need for a national legal office; legal issues for the Nationwide➢ SAR Initiative are mostly a local concern.Page 113Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 105 FLORIDA DEPARTMENT OF LAW ENFORCEMENT SAR PROCESS REPORT—POST-IMPLEMENTATION PHASE Following the conclusion of the Information Sharing Environment-Suspicious ActivityReporting Evaluation Environment (ISE-SAR EE), a discussion was held with the FloridaDepartment of Law Enforcement’s (FDLE) state-designated Florida Fusion Center (FFC) todocument the implementation efforts conducted during the ISE-SAR EE. The results of thediscussion are detailed below. EXECUTIVE LEADERSHIP Prior to the ISE-SAR EE, FDLE had no specific General/Special Order relating to SAR;however, it has several other investigative procedures that cover the receipt anddocumentation of SAR information. FDLE is currently completing an Intelligence ProceduresManual that will address the handling of SAR information by all FDLE and FFC personnel. The FFC Standard Operating Procedures Manual, as well as the InSite Operating Guidelines,addressed the receipt of domestic security and terrorism tips; these manuals have beenupdated to reflect the ISE-SAR process. During the ISE-SAR EE, the FDLE command staff and senior management were briefed onthe initiative and have shown their full support for this effort. Throughout the project, theFFC Director personally briefed the command staff as well as other state agencies’command staffs. FDLE utilized the Major Cities Chiefs Association’s Chief Executive OfficerBriefing to train more than a dozen law enforcement officials. During the project, thecommand staff attended conferences and meetings in which the SAR processimplementation was discussed. As part of the SAR process planning development, a directorwas assigned to the project. The primary responsibility of the director is to implement a SARprocess throughout FDLE, including the FFC. SAR BUSINESS PROCESS Prior to the ISE-SAR EE, FDLE had a robust process for the collection of SARs. The FFCserves as the intake point for the collection of domestic security tips and suspicious activitydata within the state. Law enforcement agencies throughout the state can electronicallyenter SARs into FDLE’s Florida Intelligence Site (InSite36). Before this initiative, tips/SARswere initially reviewed by analysts within the Counter-Terrorism Intelligence Center (CTIC)37to determine their disposition, forwarded to appropriate agencies, and used to produceintelligence products, as necessary. 36InSite is the statewide intelligence system.37CTIC is a component of the FFC.Page 114Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 106 During the ISE-SAR EE, the FFC modified InSite to capture and retrieve suspicious activitydata utilizing the ISE-SAR Functional Standard list of behaviors and indicators to determinewhether an entry is an ISE-SAR. It is standard policy that tips/SARs entered into InSitereceive an initial vetting by a local supervisor who will approve the report for entry. Thesesupervisors can assign these tips/SARS for review and investigation. As tip/SAR informationis entered into InSite, analysts within the CTIC, immediately upon receipt, conduct initialvetting of each SAR received and move the SAR to the ISE-SAR Shared Spaces. If, during thereview process, information is determined to have errors in the content or found to beincomplete, a formal process exists through which the source agency is contacted by theanalyst for

follow-up. All tips/SARs entered into InSite are reviewed every 90 days todetermine their dispositions and to ensure that they have been fully investigated.During the ISE-SAR EE, the FFC developed and implemented a privacy policy regarding thereporting of suspicious activity that met the applicable requirements of the ISE PrivacyGuidelines. In order to protect the information within the ISE-SAR Shared Spaces, the FFCdetermined that only fusion center personnel would be allowed access to the ISE-SARShared Spaces. By policy, all queries on the information within the ISE-SAR Shared Spacesare for law enforcement purposes only and must have a criminal nexus. To ensure theprotection of individual rights, the FFC has adopted internal operating policies and/orprocedures that are in compliance with applicable laws and regulations protecting privacy,civil rights, and civil liberties, including but not limited to the U.S. Constitution and state,local, and federal privacy, civil rights, civil liberties, and legal requirements applicable to theFFC.Prior to the ISE-SAR EE, all trained InSite users—including personnel from FDLE, FFC, thestate’s urban area fusion centers, and the Joint Terrorism Task Force (JTTF)—also hadelectronic access to the Florida data via InSite and could retrieve SAR data for further follow-up. When appropriate, information is forwarded to the Regional Domestic Security TaskForce (RDSTF) and the JTTF. The Federal Bureau of Investigation (FBI) has access to InSite,which contains FDLE’s tips and leads (SARs) as well as intelligence information. Unfortunately, the fusion center has no way to determine which SARs have been actioned bythe FBI. The assignment of an FBI analyst to the FFC to assist with this follow-up processand analysis on InSite and eGuardian of SARs with a nexus to Florida would have beenbeneficial. During the ISE-SAR EE, FDLE maintained its partnerships with the previouslymentioned agencies. SAR TECHNICAL PROCESS FDLE uses an intelligence system called InSite that is provided by ACISS Systems, Inc. InSitehas multiple modules, including a case management application that is used to track SARs. SARs are flagged for submission to the Shared Spaces by analysts at the FFC. Unlike theVirginia Fusion Center and the New York State Intelligence Center, FDLE informationtechnology staff recommended a database replication technique using MS-SQL Utilities toPage 115Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 107 “push” candidate SARs to a staging area database on the Shared Space Server. Aspecialized routine would then process the staged records and load the Shared Spacerepository. As indicated above, the deployment of the Shared Space Servers in FDLE is slightly differentfrom the standard deployment.1. The virtual private network (VPN) connection between FDLE and the NationalCriminal Intelligence Resource Center portal is over the Regional InformationSharing Systems Secure Intranet (RISSNET) rather than the Internet.2. The firewall between the database and Web servers was not required. TRAINING FDLE conducts numerous training events throughout the state of Florida; however, nospecific training on the reporting of suspicious activity existed before the ISE-SAR EE. A briefdescription of the reporting of suspicious activity was mentioned in the required InSitetraining material.38During the ISE-SAR EE, FDLE coordinated several SAR training events, including the ChiefExecutive Officer Briefing, the SAR analyst/investigator training, and the line officertraining.39 FDLE utilized the Bureau of Justice Assistance SAR analyst/investigator trainingwithin the state of Florida to target additional intelligence analysts. The analyst/investigatortraining was conducted throughout the state and had 103 attendees, representing 36 state,local, county, and federal agencies. The FFC indicated that additional training will be madeavailable during agent in-service classes and that all SAR training is evaluated by theattendees. 38Individuals who have access to InSite are required to receive training on the system.39The line officer training is under development, and the FFC worked with the International Association of Chiefs of Police during the pilot phase of the training.Page 116Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 108 The FFC is currently working with a vendor to develop training for all Florida law enforcementpersonnel on its SAR process. The training will include behaviors and indicators of terroristactivity and will also stress

the importance of protecting privacy, civil liberties, and civilrights. To accomplish the long-term goal of training all Florida law enforcement personneland fusion center partners, the FFC is seeking to deliver this as a Web-based training. Oncedeveloped, this training can quickly and efficiently be delivered to all applicable entities. INSTITUTIONALIZATION OF THE SAR PROCESS Prior to the ISE-SAR EE, the SAR process was not institutionalized agency-wide. However,since the inception of the ISE-SAR EE, the FFC has numerous initiatives under way toinstitutionalize the process. The FFC has an Intelligence Liaison Officer (ILO) program inpartnership with 12 state agencies to assist in the gathering of suspicious information. Additionally, the RDSTFs have developed intelligence liaison officers within their regions.The FFC has implemented quantitative measures to gauge the effectiveness of the SARprocess; however, there are no performance metrics for qualitative data. The FFC currentlyreviews all SAR data in the InSite system for quality control purposes. To fully integratecritical infrastructure and key resources (CIKR) into the SAR process, the FFC coordinated itsefforts with the FBI and the U.S. Department of Homeland Security (DHS) to develop alerts,warnings, and notifications and other relevant reports for CIKR entities. The center currentlyhas a list of coordinated information needs that have been developed with DHS. OUTREACH TO THE PUBLIC Prior to the ISE-SAR EE, FDLE had instituted multiple outreach initiatives throughout thestate of Florida and, due to the ISE-SAR EE, began including the SAR process information inits community outreach. FDLE has previously divided the state into seven regions tomaximize regional support for local law enforcement. To harness this regional landscape foroutreach efforts, each of the RDSTFs was tasked with outreach efforts in its respectiveregion.The FFC continues—as it has in the past—to post information to the public Web site and hasan extensive e-mail notification system to reach out to stakeholders within the state. Additionally, FFC has provided further public outreach through the delivery of training andhas developed a public Web site for business owners that describes how these owners canhave a “safe business.” The Computer Crime Center maintains a “Secure Florida” Web siteto provide information about cyber security. The FFC has provided each RDSTF and regionaloffice with the Safeguarding America—It All Starts With You DVD to identify the types ofsuspicious activity the public should be aware of. PARTNERING WITH OTHER AGENCIES AND CONNECTING TO INFORMATION SHARING Prior to the ISE-SAR EE, the FFC had developed strong partnerships with other agencies andengaged in various forms of information sharing. During the ISE-SAR EE, partnershipsPage 117Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 109 became stronger because of the time devoted to the project and the additional collaborationrequired to make this initiative a success. To ensure comprehensive information sharing, theFFC has engaged in various efforts to demonstrate its current information sharing effortsand expand on these efforts. The FFC has worked closely with other state fusion centers,homeland security officials, and the JTTF. The FFC has regularly conducted domesticsecurity briefings to the Florida Legislature and routinely provides briefings to the state’shomeland security advisor. The center has also provided high-level and general situationalawareness information within the state to FDLE command staff in preparation for legislativecommittee meetings.The FFC has partnered with numerous public safety agencies—including the Florida FireChiefs’ Association, the Florida Sheriffs Association, the Florida Chiefs of Police Association,the Florida Division of Emergency Management, and the Florida Department of Health—in aneffort to effectively share information. The FFC continues to work with other organizationsand agencies in its information sharing efforts, including the Nationwide SAR Initiative (NSI)partners, Southern Shield, and the Law Enforcement Intelligence Unit.The FFC has access to numerous information sharing networks, including RISSNET, LawEnforcement Online (LEO), and the Homeland Security Information Network (HSIN). The FFCcan send and receive secure e-mails and has access to the state criminal justice networks,databases, and regional intelligence databases. Access to these systems allows forcomprehensive information sharing with all of the FFC’s constituents.

PARTNERING TO DEVELOP GEOGRAPHIC RISK ASSESSMENTS Prior to the ISE-SAR EE, the FFC worked with the FBI and DHS in the development ofgeographic risk assessments, which were mostly driven by special events in Florida (e.g., theSuper Bowl). However, the FBI does not provide these assessments routinely to the state. The FFC has instituted a production calendar plan for the regular development ofcoordinated risk assessments with federal, state, and local agencies and fusion centers. Once the risk assessments are complete, a process will be developed to understand andaddress the identified information needs, to task the RDSTFs with gathering informationrelated to these needs, and to incorporate them into the SAR process.Although FDLE and the FFC have a process for developing geographic risk assessments withfederal agencies, during the ISE-SAR EE, there has been no additional emphasis placed onthis effort. PROJECT RECOMMENDATIONS FROM THE FLORIDA DEPARTMENT OF LAW ENFORCEMENT The FFC believes that there needs to be a➢ national program office for the NSI that is a strong, centrally coordinated effort. The office should not bedivvied out to multiple federal agencies.Page 118Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 110 A national➢ training program is recommended to maintain consistency in the collection of SAR information. The center suggested the creation of a train-the-trainer program, with template teaching materials, so that the statescould train their own regions and jurisdictions. A small national users group for the➢ initiative was suggested. The group should meet regularly and should be divided into subgroups to deal withpolicy/legal issues, training, and technology. There needs to be continual technical support for➢ the applications developed by the project. There needs to be legal assistance to help develop policies➢ for participating agencies. However, the legal office should not be so large that it createsproblems for the state and local agencies. The legal assistance could behandled by two or three full-time subject-matter experts. The FFC commented that there are no policy, technical, or legal issues that it could➢ not overcome. The privacy policy template was very helpful in developing the FFC privacy policy.➢Page 119Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 111 HOUSTON, TEXAS, POLICE DEPARTMENT SAR PROCESS REPORT—POST-IMPLEMENTATION PHASE Following the conclusion of the Information Sharing Environment-Suspicious ActivityReporting Evaluation Environment (ISE-SAR EE), a discussion was held with the Houston,Texas, Police Department’s (HPD) Houston Regional Intelligence Service Center (HRISC) todocument the implementation efforts conducted during the ISE-SAR EE. The results of thediscussion are detailed below. EXECUTIVE LEADERSHIP Prior to the ISE-SAR EE, HPD Chief Harold Hurtt issued General Order No. 800-07 regarding“Criteria for Submitting Incident Reports” on June 12, 2007.40 The order includes a sectionon suspicious activity and lists 13 behaviors that officers are required to report, if observed. The command staff/senior management had been briefed on HPD’s SAR policy.During the ISE-SAR EE, Chief Hurtt gave his full support to the SAR initiative and has been anationwide leader in the development of SAR policy. Chief Hurtt and other members of theHPD command staff attended the Major Cities Chiefs Association’s (MCCA) Chief ExecutiveOfficer Briefing (CEOB) held in April 2009, which included 30 participants from 27 lawenforcement agencies. In addition, the entire HPD command staff has been fully briefed onthe ISE-SAR EE and the SAR process. The commanding officer of the Criminal IntelligenceDivision (CID) has been assigned primary responsibility for handling and processing SARs,and a CID lieutenant has been assigned to implement the ISE-SAR EE efforts within theHRISC. SAR BUSINESS PROCESS Prior to the ISE-SAR EE, HPD had a robust process for the reporting of suspicious activity. HPD’s reporting process for suspicious activity requires that all officers complete an“Investigation CID” report (information report) concerning any suspicious activity that isidentified in the General Order. If a suspect identified in an information report is in custodyor suspicious circumstances require additional investigative assistance, the involved officerwill contact CID. For reports forwarded to HRISC, the center will attempt to

contact theofficer who submitted the information report; however, no formal process was in place.CID is the intake point for all information reports and immediately reviews the reports toidentify any behaviors and indicators associated with terrorist activity. Within 24 hours, allterrorism-related SARs are forwarded to HRISC, which is designated as the primary entity toanalyze SAR data within the department. Prior to the ISE-SAR EE, the HRISC did not use the 40A copy of the General Order is available upon request.Page 120Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 112 behavior-specific codes identified in the ISE-SAR Functional Standard for SAR data buttracks the suspicious activity in similar categories that can be translated to the codes.All SARs are also forwarded to the Joint Terrorism Task Force (JTTF), which is given the “rightof first refusal” for follow-up activity relating to the SAR. If the JTTF chooses not to follow up,the SARs are then investigated by HRISC. HRISC also downloads all Terrorist ScreeningCenter (TSC) reports from Law Enforcement Online (LEO) daily and compares the reportswith local information. HRISC creates weekly summaries based on the TSC reports andsends those summaries to appropriate federal, state, and local agencies.During the ISE-SAR EE, HPD adopted the behavior-specific codes specified in the ISE-SARFunctional Standard. The command staff decided that they would continue to use theirprevious “Investigative CID” report because of its comprehensiveness and familiarity to theofficers. The department has created a “tips and leads” form for the fire department andother government agencies so that suspicious activity information can be routed to HPD. The department continues to use its current records management system (RMS); however, itis reviewing and planning for a new system that will include new forms for SARs.During the ISE-SAR EE, HPD enhanced its multilayer review process to enter SARs into theISE-SAR Shared Spaces. The department utilizes its previous vetting process butimplemented a final supervisory approval before a SAR is entered into the ISE-SAR SharedSpaces. This will ensure that multiple trained personnel have reviewed the information foraccuracy and completeness before submission. This continual review is in place to preventany erroneous information from entering the ISE-SAR Shared Spaces. If an error is everdetected, the source agency or individual is contacted and the information is corrected. TheCID and HRISC developed and implemented a privacy policy regarding the reporting ofsuspicious activity that met the applicable requirements of the ISE Privacy Guidelines. Access to the ISE-SAR Shared Spaces is limited based upon the individual’s role within theHRISC, and by policy, all querying of SAR information must have a criminal nexus and be forlegitimate law enforcement purposes. SAR TECHNICAL PROCESS Prior to the ISE-SAR EE, HPD utilized an RMS as the central location for all HPD officers’information reports. CID conducts daily searches in the RMS system and identifies anyterrorism-related reports to forward to HRISC. Once forwarded to HRISC, the reports areentered and maintained electronically in an internally developed SAR database. During theISE-SAR EE, HRISC requested that the SAR Vetting Tool (SVT) augment existing legacysystem data and act as a bridge between the legacy system and the ISE-SAR Shared Spacesdatabase. The SVT application and database were installed on the ISE-SAR Shared SpacesServer as an economical approach to share hardware and MS-SQL resources. The commonarchitecture is described below.Page 121Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 113 TRAINING Prior to the ISE-SAR EE, all HPD officers had undergone a four-hour training course onterrorism indicators and trained on identifying suspicious activity. The training courseincludes privacy protections, 28 Code of Federal Regulations (CFR) Part 23, and the need fora criminal nexus when reporting suspicious activity. As new trends emerge and lessonslearned are identified, the training programs will be modified and enhanced as necessary. Additionally, officers receive updates from the fusion center concerning current activities.During the ISE-SAR EE, HPD maintained its current terrorism indicator and identifyingsuspicious activity training during in-service and recruit training. In

addition, HPDparticipated in the CEOB and the SAR analyst/investigator course.41The SARanalyst/investigator course was delivered in March 2009, and 32 individuals received thetraining from 8 agencies in the Houston area. INSTITUTIONALIZATION OF THE SAR PROCESS Prior to the ISE-SAR EE, yearly audits were conducted on SAR data to determine relevanceand to ensure that the data meets agency purge requirements. SARs are reviewed foremerging trends and behaviors to determine priority information needs within thedepartment, and SAR information is used in the development and issuance of alerts,warnings, and notifications. HPD also works closely with agencies such as the U.S. Department of Homeland Security (DHS), the JTTF, and the Texas Department of PublicSafety (DPS) to determine additional information needs. Assessments are conducted withinthe department to determine the effectiveness of the SAR process. During the ISE-SAR EE, HPD continued the previously mentioned institutionalization effortsand began developing a Terrorism Liaison Officer (TLO) program with other agencies in theHouston area. HPD is currently using the TLOs that have been trained to assist the fusioncenter with providing tips and leads within their respective sectors. 41The CEOB was previously discussed in the Executive Leadership section.Page 122Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 114 OUTREACH TO THE PUBLIC Prior to the ISE-SAR EE, HRISC had an outreach program with the public and has conductedcommunity meetings, trained members on the Crime Stoppers program, and coordinatedwith the Houston-area Federal Bureau of Investigation’s (FBI) tip hotline. The hotline can beused to report suspicious activity. HRISC also works with the U.S. Attorney’s Office and theAnti-Terrorism Advisory Council (ATAC) to provide outreach to the private sector and hasprovided training to human trafficking/smuggling enforcement groups.During the ISE-SAR EE, HPD continued its outreach efforts and is developing an iWATCHprogram based upon the lessons learned from the Los Angeles, California, PoliceDepartment. PARTNERING WITH OTHER AGENCIES AND CONNECTING TO INFORMATION SHARING Prior to the ISE-SAR EE, HPD worked with MCCA, the FBI, DHS, and the Texas DPS tocollaborate on fusion center issues and policies. External stakeholders, including membersof Congress, have been briefed on the SAR process, and educational outreach has beenprovided to public safety and the private sector entities.HRISC is a member of the Regional Information Sharing Systems Secure Intranet (RISSNET),LEO, and the Homeland Security Information Network and has the ability to send andreceive secure e-mails primarily through the LEO e-mail system. HRISC has access to thestate’s criminal justice network, and a Texas DPS representative who can access the state’sintelligence database is assigned to the center. HRISC has access to eGuardian but doesnot input information into the system. HRISC also posts information to a special-interestgroup on LEO.During the ISE-SAR EE, HPD continued its previous partnerships and efforts to connect toinformation sharing systems. HPD officers work with the public health and private sectorindustries on identifying suspicious activity. PARTNERING TO DEVELOP GEOGRAPHIC RISK ASSESSMENTS Prior to the ISE-SAR EE, multiple assessments were being conducted in the Houston area. HRISC works closely with DHS, the JTTF, the U.S. Attorney’s Office, and the ATAC to developgeographic risk assessments. Threat assessments are completed with the FBI and otherlocal agencies within the 13-county Urban Areas Security Initiative, and these assessmentsdrive HPD information needs. Critical infrastructure assessments are completed by anotheragency within the city of Houston.During the ISE-SAR EE, HPD continued its partnerships in the development of informationneeds and risk assessments.Page 123Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 115 PROJECT RECOMMENDATIONS FROM THE HOUSTON POLICE DEPARTMENT HPD felt that there is no need for a national program office; however, there is a need fornational consistency in how SAR information is handled because every jurisdiction is unique.There is a need for consistent SAR training nationwide. The fundamentals are already inplace with the CEOB, SAR analyst/investigator course,

and the line officer training.A national users group would be helpful as the project expands nationwide to share bestpractices and to develop methods for the best use of the information.There is a need for nationwide analysis of the data that is being gathered by agenciesaround the country.There is a continuing need for technical support as information systems change andagencies need assistance in purchasing compatible systems.There is a need for reporting tools to be used in order to conduct analysis of the agency’sinformation.There is a need for a national legal office, since there are many difficult legal issues thatagencies face as they try to share information.Page 124Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 116 LAS VEGAS, NEVADA, METROPOLITAN POLICEDEPARTMENT SAR PROCESS REPORT—POST-IMPLEMENTATION PHASE Following the conclusion of the Information Sharing Environment-Suspicious ActivityReporting Evaluation Environment (ISE-SAR EE), a discussion was held with the Las Vegas,Nevada, Metropolitan Police Department’s (LVMPD) state-designated fusion center, theSouthern Nevada Counter-Terrorism Center (SN/CTC), to document the implementationefforts conducted during the ISE-SAR EE. The results of the discussion are detailed below. EXECUTIVE LEADERSHIP Prior to the ISE-SAR EE, LVMPD had no General/Special Order related to SAR; however, Sheriff Douglas Gillespie had been a principal participant in the creation of the Major CitiesChiefs Association’s (MCCA) SAR process. During the ISE-SAR EE, the command staff wasbriefed on the Nationwide SAR Initiative (NSI) and the implementation of the SAR process,which was a priority of the sheriff. There is a plan to develop a standard operatingprocedure (SOP), but it has not been implemented yet. As part of the LVMPD SAR processplanning development, a lieutenant was assigned to implement a SAR process throughoutLVMPD, including SN/CTC.During the ISE-SAR, the LVMPD received the MCCA’s Chief Executive Officer Briefing inMarch 2009, and 24 command staff personnel from approximately 8 law enforcementagencies participated. SAR BUSINESS PROCESS Prior to the ISE-SAR EE, SN/CTC served as the intake point for the collection and receipt ofSARs and provides “real-time” monitoring of all LVMPD reports. The field interview reportsand information reports used by LVMPD were not modified to report SAR data, but all reportswere reviewed by district supervisors for suspicious activity. If a report is deemed to containsuspicious activity, it is forwarded to SN/CTC for immediate investigation. All SARs arereviewed and a decision is made whether to respond, refer, determine unfounded, or takeother action, including investigative action. Feedback to the reporting officer is a routineinternal operating procedure. Computer-aided dispatch (CAD) data is also reviewed bySN/CTC for potential suspicious activity.During the ISE-SAR EE, LVMPD adopted the behavior-specific codes specified in the ISE-SARFunctional Standard. The department is in the beginning stages of developing a formalized,policy-driven SAR process within the agency. There is a plan to evaluate and simplify thereporting process and develop an internal multilayer review and vetting process to identifyISE-SARs and a procedure for moving SARs to the ISE-SAR Shared Spaces. The newPage 125Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 117 processes and procedures will be included in the yet-to-be-developed SOP. SN/CTC has notmodified the basic report and is creating a data warehouse of police databases to accessthe SAR information. In addition, SN/CTC is developing a search tool to allow for the reviewof police reports for SAR data. During the ISE-SAR EE, SN/CTC utilized the SAR Vetting Tool(SVT) for storing terrorism-related SARs. Currently, SN/CTC is establishing a Web site toenable direct SAR reporting from the public and other agencies. The center is also in theprocess of staffing a 24-hour homeland security hotline as another form of reporting SARs. During the ISE-SAR EE, SN/CTC developed a privacy policy regarding the reporting ofsuspicious activity; however, due to departmental review processes the policy has not beenfinalized. It is anticipated that once finalized, the policy will meet the applicablerequirements of the ISE Privacy Guidelines. In order to protect the information within theISE-SAR Shared Spaces, it

was determined that only personnel within the fusion centerwould be allowed access to the SVT and ISE-SAR Shared Spaces. By policy, all queries onthe information within the ISE-SAR Shared Spaces is for law enforcement purposes only andmust have a criminal nexus. SAR TECHNICAL PROCESS Prior to the ISE-SAR EE, the SN/CTC SAR technical process utilized a records managementsystem and a CAD system to collect, store, and retrieve SAR data. SAR data determined tohave a potential link to terrorist activity was not stored separately. Prior to the ISE-SAR EE,LVMPD was developing a computer system—the All Data Virtual Information SharingEnvironment (ADVISE)—that will allow for the collation of SAR data within the department. ADVISE will also allow for real-time gathering, processing, analyzing, reporting, and sharingof department-wide SAR data.During the ISE-SAR EE, LVMPD requested the SVT to augment existing legacy system dataand act as a bridge between the legacy system and the Shared Spaces database. The SVTapplication and database were installed on the ISE-SAR Shared Spaces Server as aneconomical approach to share hardware and MS-SQL resources. The common architectureis described below.Page 126Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 118 TRAINING Prior to the ISE-SAR EE, LVMPD developed a terrorism training program based on thebehaviors and indicators learned from prior terrorist attacks around the world, including theLondon bombings, the World Trade Center attacks, and the train bombings in Spain. LVMPDalso utilizes a very robust Terrorism Liaison Officer (TLO) program. The TLOs receive a four-hour training class and are assigned to LVMPD district offices. The TLOs are responsible forthe implementation of the terrorism training program within the department. In thedepartment’s academy, officers receive training on SN/CTC and its operations. The trainingemphasizes privacy protections and the observation of behaviors relating to precursoractivities of terrorist attacks. However, prior to the ISE-SAR EE, no specific training on theSAR process existed.During the ISE-SAR EE, LVMPD participated in the Chief Executive Officer Briefing and theanalyst/investigator course. During the SAR analyst/investigator course in the Las Vegasarea in April 2009, 35 personnel were trained from 10 law enforcement agencies. Inaddition, SN/CTC is currently developing a training program for line officers and will trainofficers based upon the SAR process, which will be defined in the SOP. The agency willdevelop a mechanism to capture feedback on the value of the information being collected. INSTITUTIONALIZATION OF THE SAR PROCESS Prior to the ISE-SAR EE, SN/CTC had numerous initiatives under way that will aid in theinstitutionalization of the SAR process once it is formalized within the department. Inaddition to LVMPD officers, the TLO program includes other first responders, such as firerepresentatives and the private sector. SN/CTC is also working to involve the universitycampus police in the TLO program.Prior to the ISE-SAR EE, no audits were being conducted on SAR data and no processes werein place to determine the effectiveness of the SAR system; however, once implemented, theADVISE system will allow for audits and performance analysis.Prior to the ISE-SAR EE, the SAR process and priority information needs were interconnectedwithin LVMPD. The emerging trends, behaviors, and indicators from SAR data drove theidentification and enhancement of the department’s information needs. SN/CTC also workswith the Federal Bureau of Investigation (FBI) and the U.S. Department of Homeland Security(DHS) to determine information needs and to develop crime and terrorism alerts andadvisories and homeland security threat assessments. SAR information received by SN/CTCis the primary driving force behind the issuance of alerts and warnings. During the ISE-SAR EE, SN/CTC continued its efforts to institutionalize the SAR processthroughout the department.Page 127Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 119 OUTREACH TO THE PUBLIC Prior to the ISE-SAR EE, SN/CTC had a very aggressive outreach program. When SN/CTCfirst opened in January 2008, the media was invited to the center and was provided a fullbriefing on the center’s operations.42Since the center became operational, numerouspublic

documents and publications have been produced to explain terrorism indicators andthe purpose of the center. More than 60,000 Seven Signs of Terrorism DVDs and If You SeeSomething, Say Something CDs have been produced and distributed to the public. Thecenter also has an online SAR form43that the public can access and use to submit “all-crimes, all-hazards” suspicious activity. Additionally, the center is developing a Web site anda statewide toll-free terrorism hotline.During the ISE-SAR EE, SN/CTC continued its robust outreach program and is currentlydeveloping an iWatch program similar to the program initiated by the Los Angeles PoliceDepartment. Additionally, due to the unique characteristics of Las Vegas, LVMPD is focusingits outreach on hotel staff—valet attendants, security, bell captains, and housekeeping aswell as the casinos. PARTNERING WITH OTHER AGENCIES AND CONNECTING TO INFORMATION SHARING Prior to the ISE-SAR EE, SN/CTC held on-site briefings and invited external stakeholders—including congressional delegates—to the center to learn about SN/CTC activities andoperations. Outreach opportunities and partnerships have also been developed withmultiple agencies through the utilization of the TLO program and public media outlets.The center can access the Regional Information Sharing Systems Secure Intranet (RISSNET),Law Enforcement Online, and the Homeland Security Information Network and throughthese networks, as well as through the Homeland Security Data Network, has the ability tosend and receive secure e-mail. SN/CTC has representation from DHS, the FBI’s JointTerrorism Task Force, and other law enforcement entities within the center. However,SN/CTC does not have access to eGuardian. The center can also access the state’s criminaljustice network and the regional intelligence system. The Nevada State Fusion Center wasnot fully operational at the time of the site visit, but once the state’s center has informationsharing capability, SN/CTC will pursue a relationship with the center.During the ISE-SAR EE, SN/CTC continued its aforementioned partnerships in order tomaintain connectivity with other fusion centers. PARTNERING TO DEVELOP GEOGRAPHIC RISK ASSESSMENTS Prior to the ISE-SAR EE, SN/CTC noted that there is no formal process in place for the centerto work with federal agencies to develop geographic risk assessments, but the center 42The LVPD press release is available at http://www.lvmpd.com/news/pdfs/2008/011808release.pdf.43The SAR form is available at http://www.lvmpd.com/pdf/SAR_form.pdf.Page 128Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 120 receives risk assessments from DHS and the FBI when requested and does coordinate todevelop information needs. SN/CTC has developed vulnerability assessments for criticalinfrastructure and key resources in the Las Vegas area and has also developed threatassessments on specific events, such as highly publicized sporting events. During the ISE-SAR EE, SN/CTC continued its aforementioned partnerships in thedevelopment of information needs and risk assessments. In addition, SN/CTC participatesin a multilogo assessment with federal agencies. SN/CTC indicated that threat assessmentsfrom the federal agencies are so general as to not be able to develop specific informationneeds. It is the responsibility of the local fusion center to take the general threatassessments and enhance them to fit its specific jurisdiction. PROJECT RECOMMENDATIONS FROM THE LAS VEGAS METROPOLITAN POLICE DEPARTMENT There is a need for an NSI national program office only as it relates to➢ consistency, funding, and coordination nationwide. There is a need for an NSI national training➢ program that can illustrate the value of the initiative to agencies. A national training program will alsoprovide more exposure of the program to agencies nationwide. There is a need for an NSI➢ national users group for the purpose of having a good feedback loop and to define performance matrix.

There is a continued need for ongoing NSI technical assistance. There is a need for a general➢ ➢ domestic security officer to address all national matters relating to fusion centers, including the NSI. ➢ There needs to be improvement on marketing efforts to make sure the general public, legislatures, and others are fully informed about the SARinitiative.Page 129Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 121 LOS

ANGELES, CALIFORNIA, POLICE DEPARTMENT SAR PROCESS REPORT—POST-IMPLEMENTATION PHASE Following the conclusion of the Information Sharing Environment-Suspicious ActivityReporting Evaluation Environment (ISE-SAR EE), a discussion was held with the Los Angeles,California, Police Department (LAPD) to document the implementation efforts conductedduring the ISE-SAR EE. The results of the discussion are detailed below. EXECUTIVE LEADERSHIP Prior to the ISE-SAR EE, Chief William Bratton issued Special Order 11 on March 5, 2008,titled “Reporting Incidents Potentially Related to Foreign or Domestic Terrorism.” With therelease of the Special Order, the SAR process was formalized within LAPD. After the orderwas issued, all command staff and personnel were trained on the processes noted in theorder. During the ISE-SAR EE, LAPD—in partnership with the Major Cities Chiefs Association(MCCA)—hosted a Chief Executive Officer Briefing in February 2009 with 51 attendees from26 law enforcement agencies. In addition, LAPD provides continuous training on the SARprocess to all new executive leadership within the department. SAR BUSINESS PROCESS Prior to the ISE-SAR EE, LAPD had an extremely robust process for the collection of SARs andwas used as a national model when developing the ISE-SAR EE. LAPD developed datacollection codes (modus operandi [MO] codes) for the reporting of suspicious activity. Thepurpose of the MO codes is to provide a standardized method to document behavioralindicators that may have a potential nexus to terrorism and to provide the ability to analyzethe data by date, time, and location, just as is done with crime codes. LAPD also uses thecodes to train its personnel on how to recognize suspicious activity. LAPD conductedresearch to develop patterns and determine the frequency of use of the codes. In additionto the development of the MO codes, LAPD modified its existing Investigative Report used byofficers to report crimes. Three changes were made: (1) the addition of a check box toidentify the report as containing suspicious activity, (2) the addition of a check box fordistribution to the Counter-Terrorism and Criminal Intelligence Bureau (CTCIB) Major CrimesDivision (MCD), and (3) “Involved Party (IP)” information. Modifying the existing reportallowed LAPD to simplify the introduction of the SAR process within the department and wasinstrumental in the institutionalization of the SAR process. Once an Investigative Report is identified as containing suspicious activity, it is forwarded tothe MCD SAR Unit for processing and analysis. The MCD SAR Unit serves as the centralizedunit responsible for updating all incoming Investigative Reports with either the SAR checkPage 130Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 122 box or CTCIB-MCD check box marked. The unit is also responsible for tracking, vetting, andassigning MO codes and investigative responsibility for all SAR reports. During the vettingstage, SARs that met certain criteria (as determined by the SAR Unit) were sent to theFederal Bureau of Investigation’s (FBI) Counterterrorism 6 (CT-6) Unit.44Investigative Reports written by LAPD officers that contain SAR information are forwardedwithin 24 hours to the SAR Unit at CTCIB’s MCD for initial vetting by trained personnel andappropriate response. A process is in place to forward SARs to the Joint RegionalIntelligence Center (JRIC), which serves as the Los Angeles-area fusion center. Followinginitial vetting of the information, the MCD SAR Unit makes a determination on whether toforward the information to JRIC and/or to the Joint Terrorism Task Force (JTTF). Informationis forwarded to JRIC electronically and uploaded to JRIC’s system using Memex software. For SARs maintained by LAPD, further vetting takes place to determine investigativeresponsibility within MCD. If a SAR is found to be erroneous or does not meet a certain levelof quality, the report is categorized as Unfounded and feedback is provided to the sourceagency or citizen. The SAR Unit maintains an up-to-date record of all SARs, including whohas investigative responsibility for the SAR, the current status of each SAR, the number ofunfounded reports, which reports are shared with JRIC and/or the JTTF, and which reportsare submitted to the ISE. Due diligence is given to each and every SAR report. The SAR Unitprovides a timely, consistent flow of SAR data and terrorism-related information to theTerrorism Liaison Officers (TLOs), who are assigned on a geographic basis to all LAPDdivisions. The TLOs’

responsibility includes communicating with the officers at theirassigned LAPD division and liaising with other government agencies and local businesspartners within the TLOs’ area of responsibility. The TLOs are also utilized to providefeedback to the officers and/or local agencies or business partners that submit SAR data tothe department. The bureau commander also sends e-mails and written commendations tothe entities that submit a SAR to the department highlighting excellent work.LAPD had an existing records management system, known as the Consolidated Crime andAnalysis Database (CCAD), which housed all crime and arrest data. CCAD was modified toinclude SARs and SAR MO codes. CCAD allows for the immediate retrieval of all SAR andcrime data and stores the data indefinitely, allowing for reach-back capabilities. During theISE-SAR EE, LAPD replaced its 30-year-old Crime Mapping Database (CMDB) system with theCrime Analysis Mapping System (CAMS). CAMS allows for the analysis and mapping of SARdata. LAPD also developed a procedure for moving SARs to the ISE SAR Shared Spaces. SARs that meet the behavior-specific codes outlined in the ISE-SAR Functional Standard areentered into the SAR Vetting Tool (SVT) by trained analysts in the SAR Unit and moved to the 44This is a regionally based FBI counterterrorism squad located in a command center in Norwalk, California, and is responsible for protecting seven counties and 18 million people. The CT-6 Unit was created in May 2004 after a series of reported threats diverted too much manpower from other counterterrorisminvestigators.Page 131Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 123 ISE-SAR Shared Spaces. Only a few personnel within the SAR Unit have access to the ISE-SAR Shared Spaces, however, and MCD plans to expand the access list. It is departmentpolicy that querying and use of the ISE-SAR Shared Spaces be for legitimate lawenforcement purposes. Prior to the ISE-SAR EE and the formalization of the SAR process within the department,LAPD had a long-standing privacy policy that was adjusted to include SAR processes. LAPDconsulted with the department’s legal section and the city attorney’s office to help in thatadjustment. LAPD also consulted with the American Civil Liberties Union (ACLU) and thedepartment’s Office of the Inspector General, as well as regional private sector groups. LAPD met regularly with ACLU representatives to continue communication and informationflow. During the ISE-SAR EE, LAPD submitted its privacy policy documents for the purposesof participation in the ISE-SAR EE; the policy was reviewed and determined to be consistentwith the applicable requirements of the ISE Privacy Guidelines. SAR TECHNICAL PROCESS LAPD captures all incident data, including SARs, in CCAD, which is then downloaded toCAMS. Based on flags in CAMS, an extraction routine pulls SARs from CAMS and loads theSVT. Once in the SVT, LAPD analysts can then review the basic information and augmentspecific SARs with other information it may possess and then elect to “push” the SAR to itsISE-SAR Shared Spaces. Although the network options and hardware equipment varied ateach site, the essential applications were the same. In the common architecture, thedecision was made to leverage existing hardware and database software resources tocolocate the SVT with the Shared Spaces database application and have both applicationsseparated from the Web server by a security firewall. LAPD has moved one step further byadding a legacy database to feed the SVT with SAR incident data as shown in the diagrambelow.Page 132Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 124 TRAINING Prior to the ISE-SAR EE, LAPD developed a framework for the training of each officer involvedin the development and submission of SARs. Training programs—including e-learning, atraining film, PowerPoint presentations, and roll call presentations—were created anddelivered to all command staff, new recruits, and civilian and sworn personnel prior to theimplementation of LAPD’s SAR process. Additionally, ongoing TLO training will be included inroll call training efforts. Training focuses on the importance of privacy and civil libertiesprotections; the gathering of suspicious activity through behavior-based policing, includingbehaviors and/or incidents known to be exhibited in terrorism-

related suspicious activity; themechanism for reporting SARs (standardization); the processing of SARs within thedepartment; steps taken in the analysis of SAR data; and the appropriate sharing ofsuspicious activity within and outside the department. During the ISE-SAR EE, LAPD continued its robust training throughout the department. Inaddition to agency training, in July 2009, LAPD participated in the SAR analyst/investigatortraining, in which 53 individuals from eight law enforcement agencies were trained. Theoutstanding level of SAR information being received by the SAR Unit has been a testimony tothe multiple training efforts conducted throughout LAPD. INSTITUTIONALIZATION OF THE SAR PROCESS Prior to and during the ISE-SAR EE and since the release of Special Order 11, LAPD hastaken numerous steps to institutionalize the SAR process within the department. Aspreviously indicated, LAPD has a highly developed TLO program. Each division officeincludes at least two officers trained as a TLO. The department also trains designated TLOsto interact with other government agencies; the goal of this training effort is to assist theCTCIB in the implementation and institutionalization of the SAR process among othergovernment agencies and throughout the community. The SAR process is also regularlyevaluated and modified, and training is enhanced as a result of identified emerging trendsand lessons learned. LAPD developed internal and external audits as well as management tools that evaluate thecurrent SAR reporting process. Internal audits are conducted daily by the SAR Unit to ensurethat a report is filed on all documented SARs. The SAR process was added to the annualexternal audit schedule of the Inspector General’s Office and the semiannual internal auditschedule of LAPD. LAPD’s management tools include reports to help identify emergingtrends and gaps. Additionally, the CTCIB developed management “at-a-glance” reports thatprovide the status of all SAR reports and track SAR activity by date, time, and location. Themanagement accountability reports provide a foundation for management decisions as wellas the allocation of resources.LAPD analyzes all SAR reports and utilizes the all-crimes approach to identify emergingtrends and behavior patterns. As new information is received and new patterns and priorityPage 133Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 125 information needs are identified, the SAR process is modified to meet these needs. TheCTCIB also leverages existing technology to develop the management of at-a-glance reportsto provide a complete overview of SAR activity in the jurisdiction at all times. Specialreports, alerts, warnings, and notifications based on the analysis of SARs, crime, and arrestactivity are developed and shared internally within the department and externally withregional partners, local law enforcement, and security personnel at critical infrastructureand key resources locations. OUTREACH TO THE PUBLIC Prior to and during the ISE-SAR EE, LAPD developed and launched the iWATCH45 program. This program educates the public regarding suspicious activity, including behaviors andindicators of suspicious activity, and the importance of reporting suspicious activity. Theprogram includes a Web site for the reporting of suspicious activity.46 Since the release ofiWATCH in October 2009, the Web site has already received several thousand hits. In addition, LAPD developed public service announcement (PSA) media commercials toexplain how the SAR program works and articulate the need to report informationconcerning terrorism to the police department. Department TLOs share in the responsibilityto present to community groups and interested sectors concerning the reporting ofsuspicious activity. LAPD also introduced the SAR program to the community throughforums, meetings, and the distribution of informational flyers during these events. LAPDdeveloped DVDs about suspicious activity reporting that contain all the information that willbe available on the Web site. LAPD also has officers assigned to a tip line—“(877) A-Threat”—that individuals can call to speak with an expert and let them decidewhether the activity is suspicious.During the development of iWATCH, LAPD involved the ACLU in the development of the scriptfor the PSA and, prior to the launch, met again with the ACLU officials to give them a previewof iWATCH and allow them to make comments. PARTNERING WITH OTHER AGENCIES AND CONNECTING TO INFORMATION SHARING Prior to the ISE-SAR EE, Chief Bratton was very public in informing external

stakeholdersabout LAPD’s SAR program to build on its strong partnerships within the region. Severalmeetings were held to introduce the SAR program to the department’s partners, includingstate and local government agencies and public safety agencies in the region. The TLOprogram has also been utilized extensively by LAPD for outreach to the private sector as wellas other government agencies. LAPD continues to have a strong relationship with the U.S. Department of Homeland Security (DHS) and the JTTF through JRIC. Additionally, LAPDhas built a regional awareness of SARs and provides training to local law enforcement 45See www.iwatchla.org.46The Web site may be applied nationally for other agencies to utilize in their SAR processes.Page 134Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 126 partners, including the Los Angeles Port Police, Los Angeles Unified School District Police,Los Angeles Airport Police, and City of Long Beach Police. As previously stated, LAPDprovides all vetted SAR information to JRIC, and the information is also provided to the FBI’sCT-6 Unit and other agencies as appropriate.LAPD can access the Regional Information Sharing Systems Secure Intranet (RISSNET), theFBI’s Law Enforcement Online, and the Homeland Security Information Network and cansend and receive secure e-mail via these secure networks. LAPD can also access thestate’s criminal justice network; can participate in a number of regional intelligencedatabases, including regional information sharing systems; and has a direct connection tothe regional fusion center as well as the other regional fusion centers within the state ofCalifornia.47LAPD is actively engaged with nationwide partners as well as federal officials in thedevelopment of its SAR program. After LAPD formalized the SAR process within thedepartment, it collaborated with state and local law enforcement agencies, the Office of theProgram Manager for the Information Sharing Environment, the ACLU, and members of theMCCA’s Intelligence Commanders Group to discuss policies and procedures concerning thereporting of suspicious activity.During the ISE-SAR EE, LAPD continued its strong partnerships with other agenciesthroughout the city, regional, state, and national levels. PARTNERING TO DEVELOP GEOGRAPHIC RISK ASSESSMENTS Prior to and during the ISE-SAR EE, LAPD worked with state and federal partners—the FBI;the U.S. Drug Enforcement Administration; the Bureau of Alcohol, Tobacco, Firearms andExplosives; the DHS Federal Air Marshal Service; the California State Board ofEqualization;48and the U.S. Social Security Administration—in the Los Angeles area toobtain the information needed to develop geographic risk assessments. LAPD has alsoworked with these federal agencies to develop information needs based on theseassessments. However, JRIC (the regional fusion center) has the primary responsibility forthe assessments. PROJECT RECOMMENDATIONS FROM THE LOS ANGELES POLICE DEPARTMENT A➢ national program office would assist in the nationwide coordination, and local agencies should have heavy involvement. There should be a national training program for the SAR process. 47All of the➢ regional fusion centers in California are connected to the state fusion center.48The Board of Equalization collects California state sales and use tax, as well as fuel, alcohol, and tobacco taxes and fees that provide revenue for state government and essential funding for counties, cities, andspecial districts.Page 135Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 127 A national➢ users group would be extremely helpful. LAPD received many calls regarding its SAR process from agencies around the country. Having anational users group would assist in reaching out to numerous agencies ona regular basis. The users group should have a strong involvement fromlocal law enforcement agencies. There is a need for ongoing technical support. There is a need for a national➢ ➢ legal office. Given the “new terrain” this project is covering, a legal office could assist with transparency on anational level. Agencies need a SAR “ABC Implementation Book” to assist in the➢ implementation of the SAR process. There is a need for an inspection/technical assistance team that➢ can assess agencies’ current SAR processes and assist with the implementationof a SAR process. ➢

Every SAR should be treated with the same importance as a crime report to ensure that it receives the attention and proper emphasis needed..Page 136Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 128 MIAMI-DADE, FLORIDA, POLICE DEPARTMENT SAR PROCESS REPORT—POST-IMPLEMENTATION PHASE Following the conclusion of the Information Sharing Environment-Suspicious ActivityReporting Evaluation Environment (ISE-SAR EE), a discussion was held with the Miami-DadePolice Department’s (MDPD) Homeland Security Bureau (HSB), known as the Miami-DadeFusion Center (MDFC), to document the implementation efforts conducted during the ISE-SAR EE. The results of the discussion are detailed below. EXECUTIVE LEADERSHIP Prior to the ISE-SAR EE, MDPD had no General/Special Order relating to SAR. MDPD hadissued a directive on February 27, 2008, regarding the “Handling of Criminal Intelligence.” Soon thereafter, another directive was issued on June 28, 2008, regarding “SuspiciousActivity Report” (SAR). Subsequent to the directive’s issuance, command staff and seniormanagement were briefed on the directive’s purpose.During the ISE-SAR EE, it was decided by command staff that the previously mentioneddirectives were sufficient to cover the reporting of suspicious activity. Director Robert Parkersent a letter to the Office of the Program Manager for the Information Sharing Environmentexpressing MDPD’s full support of the SAR process and offering MDPD’s participation in theNationwide SAR Initiative (NSI). MDPD command staff is fully aware of the SAR program andthe ISE-SAR EE and in February 2009 received the Major Cities Chiefs Association’s ChiefExecutive Officer Briefing, in which 33 command staff personnel from 16 law enforcementagencies participated. As part of the agency’s SAR process development, a major wasassigned the primary responsibility of implementing the SAR process within MDPD andMDFC. SAR BUSINESS PROCESS Prior to the ISE-SAR EE, officers’ reports were submitted in hard copy to MDPD. If an officerdetermined that the report included suspicious activity, the report was forwarded to MDFC,which served as the collection point for all SARs within the department. Officers were alsoencouraged to call MDFC to inform the center of the suspicious activity notated in theirreports. MDFC utilized an online form located on the South Florida Virtual Fusion Center49to collect SARs from agencies outside the department. Once a report is submitted, it is thenassigned to the sector-designated fusion center representative, depending on theinformation contained in the report. After a SAR is assigned, it is vetted and responded toas appropriate. If the information is found to be reliable, it is posted to the South Florida 49The South Florida Virtual Fusion Center is a collaboration site that allows government agencies from the South Florida area to post and share information.Page 137Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 129 Virtual Fusion Center, and if there is a terrorism nexus, the Joint Terrorism Task Force (JTTF)is notified. If a SAR is deemed to be credible, feedback is provided to the original submitterof the SAR and, depending on the validity of the information, commendations can be issued.During the ISE-SAR EE, it was decided by MDPD command staff that there would be nochanges made to the basic police report. Because MDPD does not have an automatedrecords management system, changing the report would not have affected the SARcollection process. However, the department is working on developing specific radio callsigns for suspicious activity. All SARs continue to be forwarded to MDFC, and it has adoptedthe behavior-specific codes specified in the ISE-SAR Functional Standard. MDFC is utilizingthe SAR Vetting Tool (SVT) provided by the NSI to retrieve and analyze SARs.During the ISE-SAR EE, the center developed a multilayer review and vetting process toidentify SARs. Once the initial report is submitted, a field supervisor reviews the report toensure accuracy and appropriateness of the report. Once it is sent to MDFC, it isimmediately reviewed by an analyst and investigative personnel to determine its relationshipto terrorism. If the SAR is credible, a detective will deploy to the scene for follow-up. Oncethe review is complete and analytical value added, the SAR is then reviewed and approvedby an

MDFC supervisor before entry into the ISE-SAR Shared Spaces. If at any time duringthe SAR process a report is determined to have an error or incomplete information, thereport is immediately dealt with at that time and the submitting agency or officer is notified. All SARs from source agencies are verified, validated, and corroborated. MDFC maintainsthe same process prior to the ISE-SAR EE for forwarding SARs to local, state, and federalagencies. During the ISE-SAR EE, MDFC developed and implemented a privacy policy regarding thereporting of suspicious activity that met the applicable requirements of the ISE PrivacyGuidelines. In order to protect the information within the ISE-SAR Shared Spaces, it wasdetermined that only personnel within MDFC’s Intelligence Operations Center would beallowed access to the SVT and ISE-SAR Shared Spaces. By policy, all queries on theinformation within the ISE-SAR Shared Spaces is for law enforcement purposes only andmust have a criminal nexus. SAR TECHNICAL PROCESS Prior to the ISE-SAR EE, MDPD did not maintain a database for the collection of SARs. During the ISE-SAR EE, MDPD requested the SVT to augment existing legacy system dataand act as a bridge between the legacy system and the Shared Spaces database. The SVTapplication and database were installed on the ISE-SAR Shared Spaces Server as aneconomical approach to share hardware and MS-SQL resources. The common architectureis described below.Page 138Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 130 TRAINING MDPD conducts numerous training events throughout the greater Miami region; however, nospecific training on the SAR process existed before the ISE-SAR EE. During the ISE-SAR EE, MDPD participated in several SAR training events—including theChief Executive Officer Briefing, the SAR analyst/investigator course, and agency-developedSAR training. In January 2009, MDPD attended the SAR analyst/investigator course in theMiami area, in which 58 personnel were trained from 26 law enforcement agencies. Duringa two-month initiative, MDFC provided SAR roll call training to more than 1,100 officerswithin the department. In addition, MDFC has trained various county governmentdepartments—fire, emergency medical services, aviation, and public works—on the processof the SAR program and how to report suspicious activity to the fusion center. It wasindicated that the training curriculum is continually revised based upon information that hasbeen analyzed from the gathering of SARs.50 INSTITUTIONALIZATION OF THE SAR PROCESS Prior to the ISE-SAR EE, MDPD had several institutionalization efforts for the SAR processwithin the department. In addition to the aforementioned directives, line officers receivedthe BJA Pocket Guides for Law Enforcement, and roll call training on terrorism was providedto line officers. County agencies and law enforcement agencies in the region had access tothe South Florida Virtual Fusion Center. MDFC is a controlled environment, so it wasdetermined by command staff that no formal audits were needed and qualitative andquantitative measures were made part of the review process. MDFC released alerts,warnings, and notifications as necessary.During the ISE-SAR EE, MDPD continued its efforts to institutionalize the SAR processthroughout the department. The Center has stringent security requirements, and all 50For example, training was developed for airport maintenance personnel to look for suspicious activity based upon the analysis of SAR information received.Page 139Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 131 assigned personnel have received an overview of SOPs, security, and the privacy policy, aswell as hard copies of all documents. OUTREACH TO THE PUBLIC Prior to the ISE-SAR EE, MDPD developed Seven Signs of Terrorism DVDs and CDs anddistributed them to surrounding agencies and private sector entities.51The SAR processwas presented to community groups and external government stakeholders in the region.During the ISE-SAR EE, MDPD continued outreach similar to what it was conducting prior tothe ISE-SAR EE by continuing to brief community groups; distribute DVDs, bulletins, andbrochures to the public; and conduct officer-to-citizen interaction programs. In addition, theMiami-Dade Fusion Center is involved in the joint “Building Communities of Trust” programwith the federal government and other local agencies. PARTNERING WITH OTHER AGENCIES AND

CONNECTING TO INFORMATION SHARING Prior to the ISE-SAR EE, MDFC was a U.S. Department of Homeland Security (DHS)-recognized fusion center and has a representative and analyst reports officer from DHSassigned to the center. Additional center personnel include representation from the JTTF;the FBI Field Intelligence Group; Miami-Dade Fire Rescue; the Florida Department of Law Enforcement; the U.S. Bureau of Alcohol, Tobacco, Firearms and Explosives; the Southeast Florida Regional Domestic Security Task Force; Miami-Dade Corrections; the U.S. Transportation Security Administration; and U.S. Immigration and CustomsEnforcement. MDFC also partners with surrounding government agencies via the SouthFlorida Virtual Fusion Center. MDFC can access the Regional Information Sharing Systems Secure Intranet (RISSNET) butdoes not post information to it to share SAR information. MDFC can also access the state’scriminal justice network and intelligence database but does not post intelligence to them. However, information is posted on the Homeland Security Information Network, LawEnforcement Online, and the South Florida Virtual Fusion Center. MDFC is able to send andreceive secure e-mail via the Homeland Secure Data Network and has securecommunications at the Secret level for fax, phone, and video. It also has an account withthe Secret Internet Protocol Router Network.During the ISE-SAR EE, MDPD continued the previously mentioned partnerships anddeveloped new partnerships by developing a Terrorism Liaison Officer (TLO) program forother public agencies. The mayor, city manager, and county commission have been briefedand are aware of the SAR program and have mandated that agencies work with the TLO 51The video is also available on the MDFC Web site at http://www.miamidade.gov/mdpd/BureausDivisions /bureau_Hls.asp.Page 140Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 132 program. In addition, MDPD has a working relationship with all the major private securityoperations in South Florida. PARTNERING TO DEVELOP GEOGRAPHIC RISK ASSESSMENTS Prior to the ISE-SAR EE, MDPD worked with the FBI, DHS, the U.S. Department of Defense,and the Bureau of Alcohol, Tobacco, Firearms and Explosives on a continual basis todevelop geographic risk assessments. MDFC also works with federal agencies to identify itsinformation needs based on the results of these risk assessments, including assigning twopersonnel to the FBI’s Field Intelligence Group in the development of the risk assessments. It was indicated that most of the assessments in South Florida are conducted by the FBI,and MDPD contributes to the assessments as necessary.During the ISE-SAR EE, MDPD continued its aforementioned partnerships in thedevelopment of information needs and risk assessments. PROJECT RECOMMENDATIONS FROM THE MIAMI-DADE POLICE DEPARTMENT There should be a national program to ensure that standards and measurements stay➢ consistent. It should be established so that localagencies have ownership in the sharing of information.

There is a need for a standard process for the sharing of SAR data from all of the DHS programs. ➢ ➢ There should be a national online training program for ease of delivery nationwide; however, the analyst training should be classroom-based sincethat is a complicated piece of the project. There is a➢ need for a national SAR users group, and the fusion center directors should be involved. There must➢ be ongoing technical support for at least three to five years until the systems become stabilized. ➢ There should be continuous technical assistance support for privacy policies; however, there is no need for a national legal officer for the project. It should be understood that the entire privacy policy➢ development is a lengthy and time-consuming process. A greater awareness is needed from the local➢ federal special agents in charge concerning the SAR process. The NSI needs to stay focused on➢ behaviors and not individuals.Page 141Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 133 NEW YORK STATE POLICE SAR PROCESS REPORT—POST-IMPLEMENTATION PHASE Following the conclusion of the Information Sharing Environment-Suspicious ActivityReporting Evaluation Environment (ISE-SAR EE), a discussion was held with the New YorkState Police’s (NYSP) state-

designated fusion center, the New York State Intelligence Center(NYSIC), to document the implementation efforts conducted during the ISE-SAR EE. Theresults of the discussion are detailed below. EXECUTIVE LEADERSHIP Prior to the ISE-SAR EE, NYSP had no specific standard operating procedure (SOP) orGeneral/Special Order relating to the SAR process. However, there is a section in the NYSPManual under “Article 30D: NYSP Law Enforcement Field Interview Card,” on the reportingof suspicious incidents or subjects. The center had also begun implementing a statewideprogram for the collection of suspicious activity with the creation of CounterterrorismIntelligence Units (CIUs) within each of the troops. No formal training on the SAR processhad been conducted for the command staff; however, command officials of NYSP had beenbriefed on the operations of NYSIC as well as its efforts to obtain and analyze SARs. Inaddition to the brief, leadership receives daily reports from NYSIC on suspicious activity andhas expressed its support of the statewide initiative.During the ISE-SAR EE, the NYSP command staff, as well as the state’s Office of HomelandSecurity (OHS), was briefed by NYSIC personnel on its efforts in the project. In addition, thecenter utilized the Major Cities Chiefs Association Chief Executive Officer Briefing to trainmore than 60 law enforcement officials. As part of the SAR process planning development,a captain was assigned to the project with the primary responsibility to implement a SARprocess throughout NYSP, including NYSIC. During the ISE-SAR EE, NYSIC leadershipdecided that the section on suspicious incidents or subjects in the NYSP Manual wassufficient and no SOP or General Order would be developed. SAR BUSINESS PROCESS Prior to the ISE-SAR EE, NYSIC had a process in place for gathering and handling SARinformation. The center continues to refine its processes and increase the involvement oftroopers in the field and other law enforcement agencies in the state. NYSIC also maintainsa tip line that gives the public an opportunity to provide information directly to the center. NYSIC includes representatives from the Federal Bureau of Investigation (FBI) and the U.S. Department of Homeland Security (DHS) who assist in the analysis and investigation ofSARs. Prior to the ISE-SAR EE, NYSIC was the central collection point for SARs in the state ofNew York. Once SARs are forwarded to NYSIC, they are reviewed immediately by an analystto determine whether there is a terrorism nexus and to ensure that an appropriate follow-upPage 142Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 134 investigation is conducted. Additionally, the CIUs assigned in each troop work closely withNYSIC on a variety of intelligence issues, including SARs. The CIUs in each troop work withNYSIC personnel to ensure that all SAR information is forwarded to the center. NYSIC alsoreviews all field interview cards completed by NYSP troopers to ascertain whether anyterrorism-related information is included in the reports.During the ISE-SAR EE, NYSIC adopted the behavior-specific codes located in the ISE-SARFunctional Standard and developed and implemented a privacy policy regarding thereporting of suspicious activity that meets the applicable requirements of the ISE PrivacyGuidelines. In order to protect the information within the ISE-SAR Shared Spaces, it wasdetermined that access to the ISE-SAR Shared Spaces would be limited to command staffand personnel assigned to the Counter Terrorism Center within NYSIC. By policy, all querieson the information within the ISE-SAR Shared Spaces is for law enforcement purposes onlyand must have a criminal nexus.It was decided during the project that NYSIC would not modify the current reporting processor the existing offense report, which were in place before the ISE-SAR EE, because both theprocess and report adequately address the project areas. NYSIC is currently in the processof developing a new intelligence and case management system that will house SAR data. SARs that are currently reported to the center are entered into a tips and leads database,where they receive the initial review by an intelligence analyst. After the analyst reviews theSAR, a supervisor will review and has the final determination to enter the SAR into the ISE-SAR Shared Spaces. If an error is found in the information during any period of the vettingprocess, it is immediately corrected and the source agency notified. SARs are assigned tothe relevant law enforcement agency for follow-up and disposition. All SARs are forwardedto the Joint Terrorism Task

Force, which has the first right of refusal to investigate the SAR. SAR TECHNICAL PROCESS The NYSP and NYSIC are currently engaged in building a new intelligence and casemanagement system to support all fusion center operations. For the ISE-SAR EE effort, theyplan to use a critical infrastructure analysis system called CI-SAR as the legacy system. Theconfiguration used is similar to the Virginia Fusion Center solution.Page 143Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 135 TRAINING NYSIC conducts numerous terrorism awareness training events throughout the state of New York; however, no specific training on the reporting of suspicious activity existed beforethe ISE-SAR EE.During the ISE-SAR EE, NYSP participated in several SAR training events, including the ChiefExecutive Officer Briefing, the SAR analyst/investigator course, and the line officer training. The line officer training is under development, and NYSIC worked with the InternationalAssociation of Chiefs of Police during the pilot phase of the training. The analyst/investigatorcourse was conducted in March 2009 and 19 analysts participated. The fusion centerindicated that there is a need for follow-up training on internal SAR processes. To addressthis issue, NYSIC will modify its annual training to incorporate specific examples of activitiesthat can be precursors to terrorism. INSTITUTIONALIZATION OF THE SAR PROCESS Prior to the ISE-SAR EE, NYSIC had a very robust program to institutionalize the SAR processthroughout the state. NYSIC’s existing SAR program is well-developed and provides aprocess outlining how to receive, review, and analyze suspicious activity information. FBIand DHS representatives are colocated within the center, giving it the ability to conductadditional follow-up investigation and analysis of SAR data. All troopers in the state havebeen trained in terrorism awareness and are aware of the process for feeding relevantinformation to NYSIC. The development of a Field Intelligence Officer (FIO) program hasbeen a critical component of the NYSIC SAR process. The FIO program is designed for localagencies so that they have a method of forwarding terrorism and other criminal informationto NYSIC. The program is similar to the Terrorism Liaison Officer programs developed inother fusion centers. FIOs are trained in all aspects of intelligence, including privacy/civilliberties concerns and requirements of the Nationwide SAR Initiative. Also important to theinstitutionalization of the SAR process has been the aforementioned development of CIUs ineach of NYSP’s troops. These units give NYSIC access to trained individuals in each area ofthe state to help support statewide intelligence operations. NYSIC also produces alerts,warnings, and notifications that can be sent to law enforcement agencies statewide. Inaddition, NYSIC works closely with the state’s OHS, which has the primary responsibility fordistribution of information to the private sector.During the ISE-SAR EE, NYSIC indicated that it is in the process of developing quantitativeand qualitative measures to engage the effectiveness of the SAR process. Currently, it hasmore quantitative than qualitative data but will develop these evaluation criteria further asthe process matures. NYSIC reported that it has trained approximately 1,600 FIOs, which is85 percent of the state’s law enforcement agencies. Currently, its FIO program is focusingon law enforcement and corrections personnel.Page 144Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 136 OUTREACH TO THE PUBLIC In comparison to other ISE-SAR EE sites, NYSIC has a different approach regarding outreachto the public. Before and during the ISE-SAR EE, the OHS has had the primary responsibilityfor public outreach concerning terrorism-related issues in the state of New York. OHSmaintains a public Web site that includes updates concerning terrorism and otherawareness information that citizens should be aware of and report to law enforcement.52NYSIC supports the operations of OHS and provides information to it that can be madeavailable to the public.The state utilizes the Seven Signs of Terrorism DVD to inform the public of behaviors andsuspicious activity that they should report. In addition, NYSIC has a program called “SeeSomething, Say Something” that advises the public on what they should do if they seesuspicious activity. The program also explains how

to identify suspicious activity.NYSP also has a program that posts signs on interstate highways and at highway rest stopsproviding information about terrorism and describing the types of suspicious behavior thatcitizens should look for. The signs encourage citizens to call the state terrorism tip line ifthey see something suspicious.During the ISE-SAR EE, outreach to the public continued through the OHS, with NYSICproviding support to its efforts. PARTNERING WITH OTHER AGENCIES AND CONNECTING TO INFORMATION SHARING Prior to the ISE-SAR EE, NYSIC had developed strong partnerships and engaged in variousforms of information sharing. Members of NYSIC have been leaders in the Northeast RegionFusion Center Group and have worked to develop information sharing protocols amongagencies in the region. NYSIC personnel have actively participated in the U.S. Department ofJustice’s Global Justice Information Sharing Initiative’s (Global) Intelligence Working Groupas well as Global’s Criminal Intelligence Coordinating Council. NYSIC is also developing aWeb portal that will provide local law enforcement agencies with an additional opportunity toshare information with the center. Additionally, NYSIC shares intelligence electronically withthe New York Police Department—the largest metropolitan agency in the state. NYSIC canaccess the Regional Information Sharing Systems Secure Intranet (RISSNET), LawEnforcement Online, and the Homeland Security Information Network and can send andreceive secure e-mail via these secure networks. NYSIC can also access the FederalProtective Service Internet portal and can post intelligence information to the portal to sharewith other fusion centers. 52The New York OHS Web site address is http://www.security.state.ny.us.Page 145Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 137 During the ISE-SAR EE, NYSIC actively engaged with partners, including the Bureau of JusticeAssistance, DHS, the FBI, and OHS in the development of its SAR program. In addition, theGovernor’s Office was briefed on the goals of the ISE-SAR EE. To ensure communicationwith public health, NYSIC indicated that two fire officers were assigned to the center anddistribute the intelligence products to the emergency medical services and fire communities. PARTNERING TO DEVELOP GEOGRAPHIC RISK ASSESSMENTS Prior to the ISE-SAR EE, the OHS had primary responsibility for the development of riskassessments in the state. NYSIC works closely with OHS to develop the assessments andobtain critical information to analyze and publish as part of the assessments. Thecolocation of federal law enforcement agencies in the center allows NYSIC to obtain criticalfederal information to incorporate into the state’s assessments. NYSIC works closely withthe FBI and DHS to develop priority information needs and is working with them to develop atemplate for use by fusion centers nationwide to assist in the development of their ownpriority information needs.During the ISE-SAR EE, OHS maintained the responsibility of developing geographic riskassessments. Due to this unique circumstance, there has been no additional emphasisplaced on this effort. NYSIC continues to work closely with the FBI and DHS to developpriority information needs. PROJECT RECOMMENDATIONS FROM THE NEW YORK STATE POLICE Due to the scope of the➢ project, there should be a national program office to assist in the nationwide coordination. To➢ maintain consistency throughout the nation, there should be a national training program; however, every agency is somewhat unique in its trainingneeds. There is a need for a national users group in➢ order to maintain consistency and share lessons learned and issues within the initiative. Due to➢ ongoing changes with information technology systems, there is a need for ongoing technical support to maintain connectivity with thedifferent law enforcement systems. Most of NYSIC’s legal issues➢ were at the state level; therefore, there is no need for a national legal office. However, there should be some form oflegal assistance available. There is a need for a privacy checklist for analysts to utilize➢ during the initial vetting of the SAR.Page 146Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 138 ADDITIONAL COMMENTS NYSIC personnel indicated that there were no policy, legal, or technical issues that

theycould not overcome. They suggested that there should be improvements to the search toolfor the ISE-SAR Shared Spaces.Page 147Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 139 SEATTLE, WASHINGTON, POLICE DEPARTMENT SAR PROCESS REPORT—POST-IMPLEMENTATION PHASE Following the conclusion of the Information Sharing Environment-Suspicious ActivityReporting Evaluation Environment (ISE-SAR EE), a discussion was held with the Seattle,Washington, Police Department (Seattle PD) to document the implementation effortsconducted during the ISE-SAR EE. The results of the discussion are detailed below. EXECUTIVE LEADERSHIP Prior to the ISE-SAR EE, Seattle PD had no General/Special Order regarding SARs. However,Seattle PD had worked closely with the Major Cities Chiefs Association (MCCA) to enhanceits current SAR process. Command staff and senior management have been briefed on theNationwide SAR Initiative (NSI) and support the department’s efforts. Additionally, Chief Gil Kerlikowski had served as the President of MCCA, which helped organize the SAR effortamong law enforcement agencies in the country’s major cities. During the ISE-SAR EE, Seattle PD worked closely with the Washington State Fusion Center(WSFC) and the local office of the Federal Bureau of Investigation (FBI), which both stronglysupport the effort to enhance the SAR process among the agencies and the participation ofSeattle PD in the initiative. The command staff is fully aware of the SAR program and theISE-SAR EE and in May 2009 received the MCCA’s Chief Executive Officer Briefing, in which31 command staff personnel from approximately 18 law enforcement agencies participated. During the ISE-SAR EE, the command staff decided that existing policies were sufficient andgeneral enough to cover the reporting of suspicious activity, so a new General Order was notnecessary. A deputy chief from the Criminal Intelligence Bureau (CIB) was assigned to theSAR process development project; the primary responsibility of the deputy chief was toimplement a SAR process at Seattle PD. SAR BUSINESS PROCESS Prior to the ISE-SAR EE, Seattle PD indicated that the department had a process forgathering and handling suspicious information, and it continues to refine this process andincrease involvement from line officers and other law enforcement agencies in the area. Seattle PD provides all of its collected suspicious activity information to WSFC. WSFC iscolocated with the FBI’s Joint Terrorism Task Force to facilitate effective SAR informationsharing with both federal and state agencies.Seattle PD utilizes information reports, field interview reports, and other reportingmechanisms in its SAR process. Officer reports are entered into the department’s recordsmanagement system (RMS). From there, terrorism-related reports are forwarded to CIB,Page 148Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 140 where the reports are printed for review and vetting by CIB personnel. All reports that aredetermined to be terrorism-related are then “hand-carried” to WSFC for further review.Prior to the ISE-SAR EE, Seattle PD’s SAR process was not formalized and the departmentdid not assign behavior codes to SARs. Once the reports are received by WSFC, they arereviewed and vetted by WSFC analysts along with FBI and U.S. Department of HomelandSecurity (DHS) personnel.During the ISE-SAR EE, the agency continued to use the same reporting mechanisms thatwere used prior to the ISE-SAR EE. However, Seattle PD adopted the behavior-specific codesillustrated in the ISE-SAR Functional Standard and developed and implemented a privacypolicy regarding the reporting of suspicious activity that meets the applicable requirementsof the ISE Privacy Guidelines. In order to protect the information within the ISE-SAR SharedSpaces, it was determined that access to the ISE-SAR Shared Spaces would be limited tocommand staff and personnel assigned to the fusion center. By policy, all queries on theinformation within the ISE-SAR Shared Spaces is for law enforcement purposes only andmust have a criminal nexus. If SAR information is identified as having an error, the fusioncenter has an affirmative responsibility to notify in writing the source agency.During the ISE-SAR EE, a multilayer review process was established to identify ISE-SARswithin 24 hours. SARs that are submitted to Seattle PD

are reviewed by CIB and then sentto WSFC for review and analysis. Once the fusion center determines that the informationhas a nexus to terrorism, the ISE-SAR is entered into the ISE-SAR Shared Spaces. Duringthis review process, SARs are assigned to an investigator, and the disposition is trackedutilizing the Fusion Core Solutions application. SAR TECHNICAL PROCESS Prior to the ISE-SAR EE, the initial information concerning suspicious activity at Seattle PDwas reported by officers in either the RMS, if a Seattle PD officer writes an informationreport, or in a field interview report, if the officer conducts a field interview; CIB can thenretrieve the information for analysis. The information in the RMS is not maintained in amanner that allows the information to be exported to the ISE-SAR Shared Spaces. SeattlePD tracks all SARs received by CIB in a spreadsheet. Additionally, the Washington JointAnalytical Center (WAJAC) enters all statewide SAR data received into an agency-developeddatabase and also enters SARs into the FBI’s classified eGuardian system.During the ISE-SAR EE, it was decided by Seattle PD and WSFC that the servers for the ISE-SAR Shared Spaces would be housed at WSFC. Seattle PD and WSFC requested the SARVetting Tool (SVT) to augment existing legacy system data and act as a bridge between thelegacy system and the Shared Spaces database. The SVT application and database wereinstalled on the ISE-SAR Shared Spaces Server as an economical approach to sharehardware and MS-SQL resources. The common architecture is described below.Page 149Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 141 TRAINING Prior to the ISE-SAR EE, Seattle PD trained all of its officers on suspicious activity relating toterrorism and terrorism awareness. Once the agency’s privacy policy is in place, tenets ofthe policy will be included in officer in-service training. During the ISE-SAR EE, Seattle PD participated in the Chief Executive Officer Briefing and theanalyst/investigator course. During the SAR analyst/investigator course in the Seattle areain May 2009, 23 personnel were trained from 12 law enforcement agencies. In addition,officers have been sent bulletins explaining the SAR program and the need for informationto be sent to CIB. The Seattle PD plans to utilize the line officer training once it is madeavailable nationwide. INSTITUTIONALIZATION OF THE SAR PROCESS Prior to the ISE-SAR EE, Seattle PD institutionalized a well-developed program to receive,review, and analyze SAR data. Representatives from the FBI and DHS are colocated with thestate fusion center, giving Seattle PD and WSFC the ability to conduct additional follow-upinvestigation and analysis. All officers in the city of Seattle have been trained in terrorismawareness and are aware of the process for feeding information to WSFC.Prior to the ISE-SAR EE, Seattle PD did not have a Terrorism Liaison Officer (TLO) program,although they work closely with law enforcement agencies in the area to share informationand intelligence. Seattle PD is also working on the development of a private sector SARprocess utilizing the FBI’s InfraGard system. Seattle PD produces alerts, warnings, andnotifications that are sent to the department’s officers and command staff, as well as arealaw enforcement agencies. The department also coordinates with WSFC in the production ofIntelligence and Information Bulletins to distribute statewide. It was noted that allintelligence functions of Seattle PD are the subject of an annual audit by the Office of theChief of Police. In addition, provisions are in place for regular outside audits of allintelligence and information systems within Seattle PD.Page 150Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 142 During the ISE-SAR EE, Seattle PD continued the previously mentioned institutionalizationefforts throughout the department. Currently, the department is working to develop a TLOprogram within government agencies in the Seattle area. In addition, Seattle PDincorporated the SAR data into the development of alerts, warnings, and notifications. OUTREACH TO THE PUBLIC Prior to and during the ISE-SAR EE, Seattle PD developed several informational materials forthe public. The city of Seattle’s Office of Emergency Management has the responsibility ofproviding the public with information concerning terrorism,53 and Seattle PD supports thoseefforts. Seattle PD also supports the Northwest Warning,

Alert and Response Network(NW WARN), which is an e-mail alert system developed to inform the public. NW WARN is acollaborative effort between government and private sector partners within different regionsof the state. The goal of NW WARN is to maximize real-time sharing of situationalinformation without delay and provide immediate distribution of intelligence to those in thefield who need to act on it. NW WARN uses readily available communication methods torapidly disseminate actionable information between members. Additionally, Seattle PD isplanning on participating in the Communities of Trust Program. PARTNERING WITH OTHER AGENCIES AND CONNECTING TO INFORMATION SHARING Prior to the ISE-SAR EE, personnel from Seattle PD were involved in the U.S. Department ofJustice’s (DOJ) Global Justice Information Sharing Initiative’s (Global) Intelligence WorkingGroup and Global’s Criminal Intelligence Coordinating Council. In addition to participating inWSFC, Seattle PD participates in other regional information and intelligence organizations. Seattle PD has developed an outreach program to the fire services and has utilized theDHS/DOJ Fusion Process Technical Assistance Program and Services to develop its outreachprogram.Prior to and during the ISE-SAR EE, Seattle PD accessed the Regional Information SharingSystems Secure Intranet (RISSNET), Law Enforcement Online, and the Homeland SecurityInformation Network and can send and receive secure e-mail via these secure networks. The department has actively engaged with NSI partners in the development of its SARprogram and works closely with the state’s Emergency Management Division and the city’sOffice of Emergency Management to develop partnerships with other government agenciesand the private sector. PARTNERING TO DEVELOP GEOGRAPHIC RISK ASSESSMENTS Prior to the ISE-SAR EE, Seattle PD was working with WSFC and the colocated FBI office todevelop its information needs based on the results of risk assessments. WAJAC and the FBI 53The link to the Seattle Emergency Management public Web site is http://www.seattle.gov/emergency /hazards/terrorism.htm.Page 151Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 143 jointly develop risk assessments according to local needs and are working on assessmentsfor the Olympics and developing an Olympic Intelligence Coordination Center in Bellingham,Washington.During the ISE-SAR EE, Seattle PD continued the previously mentioned efforts in thedevelopment of geographic risk assessments. PROJECT RECOMMENDATIONS FROM THE SEATTLE POLICE DEPARTMENT ➢ There is a need for a national program office—not necessarily a federal office—with joint operation by local, state, and federal agencies. The officeneeds to look at the all-crimes approach to SARs and recommend that thedeputy directors of a national program office be state and local officials. There is➢ a need for a national training program to maintain consistency with the initiative. The analyst➢ training should include scenarios so that everyone is doing the same type of analysis. A checklist for analysts would be very helpful whenthey are reviewing any potential terrorism-related SARs. There➢ is a need for a national user group for the initiative; however, the group should have a well-defined function within the NSI. There is a need for continued initial implementation, research,➢ development, and technical assistance as it relates to technologythroughout the NSI. There is no➢ need for a national legal officer, but perhaps access to legal advice. The legal needs are at the local level. There is a need for this project to be more than just terrorism-related SARs and should expand➢ to all crimes.Page 152Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 144 VIRGINIA STATE POLICE SAR PROCESS REPORT—POST-IMPLEMENTATION PHASE Following the conclusion of the Information Sharing Environment-Suspicious ActivityReporting Evaluation Environment (ISE-SAR EE), a discussion was held with the VirginiaState Police’s (VSP) state-designated Virginia Fusion Center (VFC) to document theimplementation efforts conducted during the ISE-SAR EE. The results of the discussion aredetailed below. EXECUTIVE LEADERSHIP Prior to the ISE-SAR EE, VSP had no specific General/Special Order relating to SAR; however,during the ISE-

SAR EE, VSP developed Information Bulletin—2009—No. 35 that explainedsuspicious activity reporting procedures. No specific command staff training on the SARprocess existed before the project. During the ISE-SAR EE, the command staff was given details on the projects, and the FusionCenter Advisory Board was briefed on the ISE-SAR EE. The superintendent released theaforementioned information bulletin regarding suspicious activity reporting procedures. Inaddition, VSP utilized the Major Cities Chiefs Association’s Chief Executive Officer Briefing totrain command staff personnel throughout the state. As part of the SAR process planningdevelopment, a VSP lieutenant and first sergeant were assigned to the project; the primaryresponsibility of the lieutenant and first sergeant is to implement a SAR process throughoutVSP, including VFC. SAR BUSINESS PROCESS Prior to the ISE-SAR EE, VFC had a process for the reporting of suspicious activity. VFC wasdesignated as the intake point for the collection and receipt of all SARs within VSP. SARsare processed internally within VSP by submitting54 an intelligence report to the center;externally, the public or other law enforcement agencies can file a Suspicious IncidentReport via the VFC Web site.55 An intelligence report filed with VFC receives an initial vettingwithin 24 hours. When a report is submitted, the watch center within VFC documents whathas occurred with the SAR and provides additional analytical value at the time of initialvetting. The report is then sent back to the original submitter as well as other agencies thatmay have a need for the information. Field Intelligence Officers in the regions have theresponsibility of updating the disposition of the intelligence reports. All SARs with a NorthernVirginia nexus are sent to the National Capitol Region Intelligence Center as well as the JointTerrorism Task Force. VFC works closely with all local jurisdictions to share SAR information 54Intelligence reports are sent to VFC via Email, telephone and the VSP website. 55The Web site is located at http://www.vsp.state.va.us/FusionCenter/index.shtm.Page 153Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 145 throughout Virginia and the National Capital Region Intelligence Center located in Fairfax,Virginia, as well as jurisdictions in Washington, DC, and the Maryland area.Because of its robust SAR process prior to the ISE-SAR EE, VSP had only minorenhancements to its SAR process as it implemented this project. The center adopted andmodified its current report to comply with the behavior-specific codes located in the ISE-SARFunctional Standard; however, not all codes are being utilized in the current system becauseof records management system (RMS) limitations. In addition, the center modified its RMSto add check boxes to indicate the data is a SAR; this function allows the RMS to besearched for SAR information. Lastly, VFC developed a multilayer review for vetting SARs. Information that comes into the watch center is analyzed within 24 hours, and if it meets thecriteria for an ISE-SAR, it is then sent to a supervisor for review. Once approved by thesupervisor, the SAR is then entered into the ISE-SAR Shared Spaces. All SARs that meetthese requirements are also sent to the Federal Bureau of Investigation (FBI), DHS, affectedVSP personnel, and affected local jurisdictions.During the ISE-SAR EE, VFC developed and implemented a privacy policy regarding thereporting of suspicious activity that met the applicable requirements of the ISE PrivacyGuidelines. In order to protect the information within the ISE-SAR Shared Spaces, it wasdetermined that only trained fusion center personnel would be allowed access to the ISE-SAR Shared Spaces. By policy, all queries on the information within the ISE-SAR SharedSpaces is for law enforcement purposes only and must have a criminal nexus. During thevetting process, if an error in the information is identified, the reporting agency is notifiedand the error is corrected. SAR TECHNICAL PROCESS VFC relies upon an aging mainframe to process SARs received and/or generated by VSP,partner organizations, and/or VFC analysts. The VFC information technology staff modifiedthe system to identify SARs for submission to the ISE-SAR Shared Spaces. Periodically, a filedownload routine on the mainframe would pull designated SARs for processing by anextraction, transformation, and load process on the ISE-SAR Shared Spaces Server andupdate the ISE-SAR Shared Spaces database. The installation in Virginia is depicted below.Page 154

Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 146 TRAINING VFC conducts numerous terrorism awareness training events throughout the state of Virginiaand provided SAR specific training on the reporting of suspicious activity before the ISE-SAREE.During the ISE-SAR EE, VFC participated in several SAR training events, including the ChiefExecutive Officer Briefing, the SAR analyst/investigator course, and the line officer training.56The analyst/investigator training was conducted in April 2009 and had 49 analystsparticipate. The superintendent’s Information Bulletin regarding the reporting of suspiciousactivity was distributed to all employees within VSP, and once available, VSP plans to followup the release of the bulletin with the online version of the line officer training to train allsworn personnel on the SAR process. VFC indicated that there is no formal review processfor modifying or enhancing the existing SAR training program based on emerging trends andpatterns; however, the center is considering implementing this type of enhancement. INSTITUTIONALIZATION OF THE SAR PROCESS Prior to the ISE-SAR EE, VFC had taken steps to begin institutionalizing the SAR processagency-wide. VFC continues to build relationships with its fusion center partners. To furtherenhance the process of gathering suspicious activity, a Fusion Liaison Officer (FLO) programhas been developed within VSP. The first phase of this program is to concentrate on trainingone officer in each of the state’s seven regions to serve as the FLO. Once this phase iscomplete, the center will expand the program and train other fusion partners, such as firstresponders, health agencies, and government agencies.VFC created information requirements based on priority information needs for emergingtrends and behaviors, and the center will modify the SAR process based on these needs. The SAR process is incorporated into the current alerts, warnings, and notification process,and information is distributed via e-mail or through the Homeland Security InformationNetwork (HSIN) to VSP and other fusion center partners. Also, VFC works with the DHS tosatisfy the center’s information needs requirements and is developing collection plans thataddress these needs.During the ISE-SAR EE, VFC continued with the implementation of its FLO program. VFCindicated that it is in the process of developing quantitative and qualitative measures togauge the effectiveness of the SAR process, as well as an audit process. The center hasdecided to utilize the behavior-specific codes described in the ISE-SAR Functional Standardas the basis for collection of information. 56The line officer training is under development, and VFC worked with the IACP during the pilot phase of the training.Page 155Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 147 OUTREACH TO THE PUBLIC Prior to the ISE-SAR EE, VSP and VFC had instituted numerous outreach initiatives thatinclude the need for the public to submit suspicious activity to the center. Personnel fromthe agency continuously attend and present at public forums regarding how the public canreport suspicious activity. VFC developed the Seven Signs of Terrorism video, which isavailable to view on the VSP Web site.57In addition to the video, VFC has a toll-freeTerrorism Hotline, available at (877) 4VA-TIPS, that citizens can call to report suspiciousactivity.During the ISE-SAR EE, VFC utilized and distributed the Safeguarding America—It All StartsWith You DVD to assist the public in identifying the types of suspicious activity. In addition,VFC continued to promote its Web site, where citizens may review information concerningterrorism as well as report suspicious activity to the fusion center. PARTNERING WITH OTHER AGENCIES AND CONNECTING TO INFORMATION SHARING Prior to the ISE-SAR EE, VFC worked closely with the U.S. Department of Homeland Security(DHS), the FBI, and local jurisdictions to share information throughout the state. The centerhas developed partnerships with public safety personnel and has five analysts from thepublic safety/emergency management sector and one fire programs analyst in the center,as well as a U.S. Postal Inspector. VFC has a strong relationship with the U.S. Department ofDefense and has established many military points of contact. Additionally, one U.S. ArmyNational Guard representative is assigned to the center. VSP is also a member of a numberof professional working groups throughout Virginia and the Southeast, including the VirginiaInformation Sharing Working Group (VISWG), which includes information

sharing partnersfrom agriculture, health, power, and electric. VISWG conducts periodic meetings, where itshares information that is “for official use only.” In addition to VISWG, VSP is also a memberof Southern Shield, an information sharing group that has members throughout thesoutheastern United States. VFC can access the Regional Information Sharing Systems Secure Intranet (RISSNET), LawEnforcement Online, HSIN, and the Homeland Security State and Local IntelligenceCommunity of Interest and has the ability to send and receive secure e-mail through all ofthese sites. VSP maintains the Virginia Criminal Information Network and has access to theVirginia Law Enforcement Information Exchange and the FBI’s Law Enforcement NationalData Exchange. Although the current VSP information technology systems are not NationalInformation Exchange Model (NIEM)-compatible, the systems being developed will be able toshare data with fusion partners in the NIEM format. Because of its robust partnerships prior to the ISE-SAR EE, during the project, the center hadonly a few additional SAR-related efforts with fusion center partners. The center conducted 57The Sevens Signs of Terrorism is available at http://www.vsp.state.va.us/FusionCenter/7-Signs.shtm.Page 156Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 148 SAR presentations with local agencies and has provided SAR training materials to its publicsafety and private partners. Letters were also sent to all chiefs and sheriffs in thecommonwealth of Virginia expressing the importance of and providing information on privacyissues and concerns. In addition, VSP prepares an annual report to the Governor’s Office,and the next report will include information about the SAR process. PARTNERING TO DEVELOP GEOGRAPHIC RISK ASSESSMENTS VFC has worked with DHS and the FBI in the development of geographic risk assessments. VFC also worked with numerous local, state, and other federal agencies, as well as state andurban fusion centers, to develop risk assessments. An example is the recent work with theWashington, DC, Metropolitan Police Department to develop risk assessments for the 2008election year and the 2009 Presidential Inauguration. During that time, VFC identifiedintelligence gaps and provided this information to DHS and the FBI as well as to its fusionpartners. In addition, VFC releases an Annual Threat Assessment to convey potentialterrorism threats affecting the commonwealth of Virginia.Although VSP and VFC have a process for developing geographic risk assessments withnumerous local, state, and federal agencies prior to the ISE-SAR EE, during the ISE-SAR EEthere has been no additional emphasis placed on this effort. PROJECT RECOMMENDATIONS FROM THE VIRGINIA STATE POLICE There is a➢ need to coordinate with federal partners for consistency nationwide; however, the initiative focuses on state and local agency issues,so there is no need for a national program office. There is a need for a➢ train-the-trainer program for the states to help integrate the SAR process into local agencies. ➢ Elements of the Chief Executive Officer Briefing and the line officer training should be combined to ensure that a consistent message is being deliveredto both audiences. There is a need for a SAR➢ national users group similar to the DHS Office of Intelligence and Analysis/Homeland Security State and Local IntelligenceCommunity of Interest because of changing behaviors, indicators, andtechniques.

There is a need for ongoing technical assistance because agencies are constantly changing and➢ updating systems. Legal issues are more associated at the state and local levels, so there does not➢ need to be a national legal office; however, there needs to be “onevoice” from the federal government regarding legal matters.Page 157Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 149 All training➢ should be provided within a one-week period, followed by a project meeting with all of the individuals trained. The close proximity of thetraining would allow for the SAR processes to be implemented in a moretimely manner and will assist with providing a consistent method throughoutthe agency.Page 158Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 150 WASHINGTON, DC, METROPOLITANPOLICE DEPARTMENT SAR PROCESS REPORT—POST-

IMPLEMENTATION PHASE Following the conclusion of the Information Sharing Environment-Suspicious ActivityReporting Evaluation Environment (ISE-SAR EE), a discussion was held with the Washington,DC, Metropolitan Police Department’s (MPD) Washington Regional Threat and AnalysisCenter (WRTAC) to document the implementation efforts conducted during the ISE-SAR EE. The results of the discussion are detailed below. EXECUTIVE LEADERSHIP Prior to the ISE-SAR EE, MPD had no General/Special Order relating to suspicious activityreporting; however, Chief of Police Cathy Lanier expressed her full support of thedevelopment and implementation of a SAR process. A General Order was in the planningstages, and once complete, Chief Lanier planned to brief her agency and surroundingagencies on MPD’s involvement in the ISE-SAR EE.During the ISE-SAR EE, the department received the initial Major Cities Chiefs Association’sChief Executive Officer Briefing (CEOB) held in December 2008, which included 51participants from 29 law enforcement agencies. Chief Lanier released the General Order,GO-HSC-802.06, titled “Suspicious Activity Reporting Program,” on January 16, 2009. Theorder was promulgated agency-wide, and personnel were required to review and sign off onthe policy. Chief Lanier briefed MPD command staff and members of the White House staffon MPD’s development of a SAR process and its involvement in the ISE-SAR EE. As part ofthe agency’s SAR process development, the Assistant Chief of Homeland Security wasassigned the overall responsibility of implementing a SAR process within MPD. SAR BUSINESS PROCESS Prior to the ISE-SAR EE, WRTAC staff indicated that they had been working with the Los Angeles, California, Police Department (LAPD) to develop a SAR process within WRTACand MPD. To simplify the suspicious activity reporting process, MPD created a Web-basedTerrorist Incident Prevention Program (TIPP) form that gave the public a method of reportingsuspicious activity. The TIPP form can also be accessed by line officers, Fusion LiaisonOfficers (FLOs), and investigators. SARs can also be initiated whenever crime or incidentreports in the field are tagged as involving suspicious activity; this cataloging occurs when abox on the report labeled “Suspicious Activity” is checked. As TIPP forms and crime/incidentreports are reported to MPD and identified as suspicious, they are immediately forwarded tothe Intelligence Fusion Division (IFD) for review and analysis by a trained analyst. Thisprocess allows for a centralized location for the collection and receipt of SARs within thePage 159Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 151 agency. Once information is submitted into the TIPP system, an e-mail is generated back tothe original submitter acknowledging its receipt.It was indicated that once SARs are reported, they are maintained in MPD’s recordsmanagement system. SAR data is also entered into a central repository58 and reviewed by atrained SAR analyst at WRTAC within 24 hours of receipt. Once a SAR is contained in thecentral repository and deemed terrorism-related, an analyst assigns a code to the SAR priorto its entry into the ISE-SAR Shared Spaces. If a SAR needs further analysis, it is thenforwarded to the Investigations Division. To determine the disposition of SARs, IFD providesMPD with a tracking sheet for the TIPP database to track the disposition. There is noretention time for SARs, but if a piece of information rises to the level of reasonablesuspicion, it is then moved to an intelligence database.MPD was also in the process of automating its PD-76 form to provide non-MPD officers withan additional means to report suspicious activity to the department. Automating the formwill provide other law enforcement agencies with a simple and efficient mechanism forreporting suspicious activity to WRTAC.During the ISE-SAR EE, MPD adopted the behavior-specific codes identified in the ISE-SARFunctional Standard and developed a multilayer review process for reviewing SARs andmoving them to the ISE-SAR Shared Spaces. When SARs are submitted to WRTAC, theyreceive an initial review from the “SAR Czar,” who is experienced and trained in identifyingterrorism indicators. WRTAC controls SAR data but is not an investigative unit, and the “SARCzar” has the responsibility of determining the disposition and follow-up of the SARs cominginto the center. The MPD has an all-crimes approach to SARs coming into the center. SARsare reviewed to determine the appropriate crime category, and then information is sent

tothe appropriate entity for follow-up. If at any time an error is detected during the reviewprocess, the source agency or individual is contacted and the information is corrected. During the ISE-SAR EE, MPD developed a privacy and civil liberties policy regarding the SARprocess. WRTAC command staff determined that there will be limited access to the ISE-SARShared Spaces to ensure accountability, and by policy, all querying of SAR information musthave a criminal nexus and be for legitimate law enforcement purposes. SAR TECHNICAL PROCESS MPD had embarked upon development of an Alert Management System (AMS) to provideoverall records management capabilities at WRTAC. In 2008, with the pending PresidentialInauguration, a decision was made to create a separate module on the AMS to support thecollection and vetting of SARs. Similar to the Florida Department of Law Enforcement, theAMS pushed candidate SARs to a staging area on the ISE-SAR Shared Spaces Server, where 58The MPD central repository is also referred to as the “swimming pool.”Page 160Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 152 they can be processed via extracting, transforming, and loading routines and stored in theISE-SAR Shared Spaces repository. The deployment at MPD differs from the other sites incolocating the Web and database servers on the same machine. This is depicted in thefollowing illustration. TRAINING Prior to the ISE-SAR EE, MPD and WRTAC were participating in a number of training effortsthroughout the agency. MPD was working on lesson plans for the implementation of theTIPP system within the department and would modify the training curriculum based on theanalysis of SAR data, if needed. It was indicated that once the SAR process is fullyimplemented within the agency, MPD will enhance its training based on emerging trends,lessons learned, and identified gaps. During the ISE-SAR EE, MPD participated in the CEOB,59 the SAR analyst/investigatorcourse, and the line officer training. The SAR analyst/investigator course was delivered inDecember 2008, and 15 individuals from 6 agencies received the training in theWashington, DC, area. The line officer training was conducted during roll call in December2008. An estimated 3,840 officers received training on the SAR process and the behaviorsassociated with terrorist activity. INSTITUTIONALIZATION OF THE SAR PROCESS Prior to the ISE-SAR EE, MPD was in the beginning stage of developing a formalized SARprocess and institutionalization efforts were starting to emerge. During the ISE-SAR EE, IFDdeveloped a plan to conduct annual audits to ensure the validity of the SAR process todetermine whether improvements will need to be made. Further, MPD worked with the U.S. Department of Homeland Security (DHS) to establish a FLO program with public safety,public health, and private sector entities within its jurisdiction. The goal of the FLO programwill be to ensure that multiple disciplines participate in the SAR process and can serve as 59The CEOB was previously discussed in the Executive Leadership section.Page 161Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 153 the conduit through which homeland security-related information can flow from outsideagencies to the fusion center for assessment and analysis.During the ISE-SAR EE, WRTAC planned to evaluate and potentially modify its SAR processbased on priority information needs. IFD had recently identified the information needs ofdifferent departments within the agency and established collection requirements based onthese needs. An IFD member was assigned to monitor collection requirements for each ofthe department’s districts. IFD also utilized “Temperature Boards” in the district offices todisplay emerging trends and behaviors for the line officers within those district offices. OUTREACH TO THE PUBLIC MPD and WRTAC understand the importance of educating the community on the SARprocess to ensure transparency and to obtain the community’s support and input. Chief Lanier planned to make a formal announcement regarding MPD’s involvement in theSAR process, and IFD will work with the agency’s public information office to developadditional outreach efforts.During the ISE-SAR EE, MPD conducted robust outreach efforts to ensure that thecommunity was aware of the SAR process. MPD has worked with several hotels to helpthem understand how to report suspicious activity. It has utilized

billboards on buses toexplain how to report suspicious activity and continues to send out SAR tip information tocritical infrastructure and key resources facilities so they understand how to recognize andreport suspicious activity. In addition, MPD conducted a Homeland Security EmergencyManagement seminar, which was a public and private sector event that attractedapproximately 100 people. During the seminar, representatives discussed how to recognizeand report suspicious activity. Currently, MPD is taking steps to develop an iWATCH programsimilar to the Los Angeles, California, Police Department and is in the process of securing adomain name for this program. PARTNERING WITH OTHER AGENCIES AND CONNECTING TO INFORMATION SHARING Prior to the ISE-SAR EE, it was noted that WRTAC had a strong relationship with DHS and theJTTF; a DHS representative and five JTTF representatives were located in IFD. IFD staffmembers were in the process of obtaining Law Enforcement Online (LEO) and HomelandSecurity Information Network-Intel (HSIN) accounts. WRTAC could also access the state ofVirginia’s criminal justice network and had the ability to share information with Virginia andthe surrounding region. IFD had a secure site from which it could send and receiveinformation and had two Homeland Secure Data Network terminals to send secure e-mails. MPD was also working with the IJIS Institute to develop the necessary technology to becomeNIEM-compliant. In continuing efforts to collaborate and share SAR data with nationwidepartners such as fusion centers, homeland security officials, and the JTTF, MPD plans toutilize the ISE-SAR Shared Spaces.Page 162Final Report: ISE-SAR EEAppendix Four: Participating Agency Assessments Page 154 During the ISE-SAR EE, MPD continued its previous partnership efforts and worked toestablish additional partnerships. WRTAC reported that 96 agency heads in the NationalCapitol Region as well as the city administrator were briefed on MPD’s SAR process andinvolvement in the ISE-SAR EE. WRTAC has fire and health officials located inside the centerand indicated that they are responsible for conducting their own outreach to their respectivesectors. Since the inception of the ISE-SAR EE, WRTAC has established accounts with thesecure law enforcement networks LEO and HSIN. PARTNERING TO DEVELOP GEOGRAPHIC RISK ASSESSMENTS During the final site assessment, it was indicated that MPD is currently finalizing adepartment threat assessment. This assessment will focus on the 18 sectors that arehandled by WRTAC (transportation, criminal, nuclear, etc.). For major events in the DCMetro area, WRTAC works with a special events working group made up of local, state, andfederal agencies to develop assessments. The department works with DHS and the FederalBureau of Investigation to develop information needs based on the results of the riskassessments it receives or participates in. PROJECT RECOMMENDATIONS FROM THE METROPOLITAN POLICE DEPARTMENT There is a coordination element to this effort that needs to exist; however, WRTAC➢ is unsure whether a national program office is needed. There is a need for consistent training➢ nationwide that focuses on the behaviors and indicators which terrorists exhibit. There is a need for➢ a national users group that is made up of fusion center representatives at the state and local levels. ➢ There is a need for ongoing technical support for this project. Although privacy and civil liberties➢ protections are important parts of this project, WRTAC is unsure whether a separate national legal office for thisproject is needed.Page 163Page 155 QUESTIONS FOR QUESTIONS REGARDING THE ISE-SAR EVALUATION ENVIRONMENT PROJECT, CONTACT: Mr. Thomas J. O’ReillySenior Policy AdvisorBureau of Justice AssistanceOffice of Justice ProgramsU.S. Department of Justice(202) 353-8590thomas.o’reilly2@usdoj.govMr. David LewisSenior Policy Advisor Information Technology Office, Policy DivisionBureau of Justice AssistanceU.S. Department of Justice(202) 616-7829david.p.lewis@usdoj.govMs. Sue ReingoldDeputy Program ManagerInformation Sharing EnvironmentOffice of the Director of National Intelligence(202) 331-4063susanbr@dni.gov================================

This is the html version of the file http://www.dtic.mil/futurejointwarfare/concepts/netcentric_jfc.pdf.Google automatically generates html versions of documents as we crawl the web.Page 1Net-Centric EnvironmentJoint Functional Concept Version 1.07 April 2005Page 2Net-Centric Environment Joint Functional Concept 1.0iTable of ContentsExecutive Summary ............................................................................................................ v1.0 Concept Purpose .......................................................................................................... 11.1 Statement of Purpose ............................................................................................. 11.2 Definition of the Net-Centric Environment........................................................... 12.0 Illustrative Vignette ..................................................................................................... 32.1 Background............................................................................................................ 32.2 The Networked Setting .......................................................................................... 32.3 Situation................................................................................................................. 42.4 Execution ............................................................................................................... 53.0 Central and Supporting Ideas....................................................................................... 93.1 Statement of the Military Problem ........................................................................ 93.2 Emerging Operational Environment...................................................................... 93.2.1 Current Platform Centric Environment......................................................... 93.3 Central Idea.......................................................................................................... 113.4 Principles Essential to Applying the Concept to a Wide Range of Scenarios..... 123.4.1 Technical Area Principles ........................................................................... 133.4.2 Knowledge Area Principles......................................................................... 153.5 Application of Concept within a Campaign Framework..................................... 194.0 Capabilities and Attributes ........................................................................................ 214.1 Areas .................................................................................................................... 214.1.1 Knowledge Area.......................................................................................... 214.1.2 Technical Area ............................................................................................ 214.2 Capabilities .......................................................................................................... 224.2.1 Knowledge Capabilities .............................................................................. 224.2.2 Technical Capabilities................................................................................. 244.3 Attributes ............................................................................................................. 264.3.1 Knowledge Attributes ................................................................................. 264.3.2 Technical Attributes .................................................................................... 275.0 Implications ............................................................................................................... 315.1 Doctrine ............................................................................................................... 31Page 3Net-Centric Environment Joint Functional Concept 1.0ii5.2 Organization ........................................................................................................ 315.3 Training................................................................................................................ 315.4 Materiel................................................................................................................ 325.5 Leadership and Education.................................................................................... 335.6 Personnel.............................................................................................................. 335.7 Facilities............................................................................................................... 336.0 Scope.......................................................................................................................... 346.1 Timeframe and Applicable Military Functions and Activities ............................ 346.2 Impact of Strategic Guidance and Deviations in the Concept............................. 346.3 Impact of Future Context Documents and Deviations in the Concept ................ 356.4 Risks and Mitigation............................................................................................ 356.5

Assumptions ........................................................................................................ 366.6 Relationship to Other Joint Concepts .................................................................. 37Appendix A. Reference Documents ............................................................................. A-1Appendix B. Glossary .................................................................................................. B-1Appendix C. List of Acronyms .................................................................................... C-1Appendix D. Table of Capabilities and Attributes ....................................................... D-1Appendix E. Implications for Experimentation ............................................................E-1E.1 First-Order Information Value Chain For The NCE JFC...................................E-1E.2 The Net-Centric Environment Joint Functional Concept Value Proposition .....E-3E.3 Other Recommendations for Experimentation ...................................................E-5E.4 Phases of a Research and Experimentation Campaign.......................................E-6E.5 Elements and Tools for NCE JFC Research and Experimentation ....................E-7E.6 Other Research Topics for an Experimentation Campaign ................................E-7E.7 Areas for Developing Future Hypotheses...........................................................E-8Appendix F. Mapping Capabilities to Attributes..........................................................F-1Appendix G. Contributors ............................................................................................ G-1Page 4Net-Centric Environment Joint Functional Concept 1.0iiiList of FiguresFigure 3-1. Platform Centric Environment ....................................................................... 10Figure 3-2. Net-Centric Environment Capability: Greater than the Sum of its Parts....... 12Figure 3-3. COIs within the Net-Centric Environment .................................................... 17Figure 3-4. Increasing Integration toward Constructive Interdependence........................ 18Figure 3-5. Increased Combinations of Capabilities in the Net-CentricEnvironment versus the Platform-Centric Environment ............................... 19Figure 6-1. Relationships of Joint Concepts..................................................................... 38Figure 6-2. Formal and Informal Interaction between Functional Areas ......................... 38Figure E-1. Illustrative Information Value Chain for the NCE JFC, with enablingassets, technologies, and organizational capabilities....................................E-2Figure E-2. Network- and Information-enabled Situational Awareness,Interaction/Collaboration, and Shared Situational Awareness .....................E-3Figure E-3. Value Proposition Hypothesis: Force Agility and EffectivenessEnabled by Situational Awareness, Interaction/Collaboration, andShared Situational Awareness ......................................................................E-4Figure F–1. Mapping Capabilities to Attributes: Technical Area....................................F-1Figure F-2. Mapping Capabilities to Attributes: Knowledge Area..................................F-2Page 5Net-Centric Environment Joint Functional Concept 1.0ivList of TablesTable D-1. Knowledge Area Capabilities....................................................................... D-1Table D-2. Technical Area Capabilities.......................................................................... D-2Table D-2. Technical Area Capabilities (continued) ...................................................... D-3Table D-3. Knowledge Area Attributes .......................................................................... D-4Table D-4. Technical Area Attributes............................................................................. D-5Table D-4. Technical Area Attributes (continued) ......................................................... D-6Table D-4. Technical Area Attributes (continued) ......................................................... D-7Page 6Net-Centric Environment Joint Functional Concept 1.0v Executive Summary The purpose of the Net-Centric EnvironmentJoint Functional Concept is to identify theprinciples, capabilities, and attributes requiredfor the Joint Force to function in a fullyconnected framework. This concept alsoprovides the net-centric functional context forother joint concepts, and it supports jointexperimentation 1 and the measurementframework for evaluating joint initiatives. The Net-Centric Environment Joint Functional Concept is an information and decisionsuperiority-based concept describing how joint forces might

function in a fully networkedenvironment 10 to 20 years in the future. Within this concept, the networking of all JointForce elements creates capabilities for unparalleled information sharing and collaboration,adaptive organizations, and a greater unity of effort via synchronization and integrationof force elements at the lowest levels. Net-centric capabilities and attributes can be viewed through a model consisting of twoareas: the Knowledge Area and the Technical Area. The Knowledge Area comprises thecognitive and social interaction capabilities and attributes required to effectively functionin the Net-Centric Environment. The Technical Area is composed of the physical aspects(infrastructure, network connectivity, and environment) and the information environmentwhere information is created, manipulated, and shared. None of these capabilities exist in 1 Joint Operations Concepts, 2003. The Net-Centric Environment is a framework for full human and technicalconnectivity and interoperability that allows all DOD users and mission partners toshare the information they need, when they need it, in a form they can understand andact on with confidence, and protects information from those who should not have it.The Military ProblemThe Joint Force in 10 to 20 years will operate in an environment that is increasinglycomplicated, uncertain, and dynamic. Employment of asymmetric strategies bypotential adversaries and the proliferation of advanced weapons and informationtechnologies will create additional stresses on all elements of the force. Futureoperations will not only require increasing joint integration, but must also betterintegrate other federal agencies, state organizations, and coalition partners. Thecurrent state of human and technical connectivity and interoperability of the JointForce, and the ability of the Joint Force to exploit that connectivity andinteroperability, are inadequate to achieve the levels of operational effectiveness andefficiency necessary for success in the emerging operational environment. The central idea this conceptproposes is that if the Joint Forcefully exploits both shared knowledgeand technical connectivity, then theresulting capabilities willdramatically increase missioneffectiveness and efficiency.Page 7Net-Centric Environment Joint Functional Concept 1.0viisolation—there are dependencies among the areas, among capabilities, across areas, andamong capabilities within an area. In defining these two areas, it is crucial to note thatinformation is not regarded as integral to the physical technical infrastructure nor tightlycoupled to applications. In a Net-Centric Environment, information is posted to sharedspaces and can be accessed by both anticipated and unanticipated users, through looselycoupled, smart pull-based architectures.The Net-Centric Environment Joint Functional Concept presents both materiel and non-materiel change implications. This concept also presents potential change implicationsfor other functional areas, such as Command and Control. Specifically, capabilitiesidentified in the C2 Joint Functional Concept that (1) are network-related and (2) appearto have application across multiple functional areas have been expanded upon in thisconcept in order to show an integrated, net-centric concept that, if implemented, willoptimize information-dependent capabilities across all functional areas. In addition to the basic requirements outlined in the Joint Concept Development andRevision Plan (JCDRP), this document contains a vignette to help explain the principlesby which net-centric concepts can be applied in a future scenario. This concept providesthe joint force with an illustration of an integrated Knowledge Area and the associatedenabling Technical Area capabilities and attributes necessary to net-centric functionalityin a future environment that is increasingly complicated, uncertain, and dynamic.Page 8Net-Centric Environment Joint Functional Concept 1.01 1.0 Concept Purpose 1.1 Statement of Purpose The Net-Centric Environment Joint Functional Concept (NCE JFC) describes capabilitiesderived from the exploitation of the shared knowledge and technical connectivity of allJoint Force elements to achieve unprecedented levels of operational effectiveness andefficiency. The purpose of the Net-Centric Environment Joint Functional Concept is to:• Define the Net-Centric Environment and describe how the future Joint Force willfunction in that environment across the full Range Of Military Operations(ROMO); 2 • Identify and describe the net-centric principles, capabilities and attributes, and

thefunctional context for Joint Operating Concept (JOC) and Joint IntegratingConcept (JIC) development and joint experimentation; 3 • Provide the measurement framework for evaluating joint initiatives andconducting analyses in support of the Joint Capabilities Integration andDevelopment System (JCIDS); 4 and• Provide a basis for military experiments and exercises.5 1.2 Definition of the Net-Centric Environment The Net-Centric Environment is a framework for full human and technical connectivityand interoperability that allows all DOD users and mission partners to share theinformation they need, when they need it, in a form they can understand and act on withconfidence, and protects information from those who should not have it.Military operations conducted within the Net-Centric Environment are considerednetwork-centric operations. These operations can be further defined as the exploitation ofthe human and technical networking of all elements of an appropriately trained joint forceby fully integrating collective capabilities, awareness, knowledge, experience, andsuperior decisionmaking to achieve a high level of agility and effectiveness in dispersed,decentralized, dynamic, and uncertain environments. For the purpose of this concept, thewords “net” and “network” are used interchangeably. See Appendix B for additionaldefinitions of related terms.Net-Centric capabilities focus directly on human interaction through knowledge sharingenabled by the dramatic advances in information technology. The effectiveness andefficiency of operating in a mature Net-Centric Environment will be achieved through the 2 Joint Operations Concepts, 2003.3 Joint Operations Concepts, 2003.4 CJCSI 3170.01D.5 Joint Operations Concepts, 2003.Page 9Net-Centric Environment Joint Functional Concept 1.02evolutionary development and implementation of Doctrine, Organization, Training,Materiel, Leadership and Education, Personnel, and Facilities (DOTMLPF) appropriatelysuited for the utilization of network-enabled information and interactions. The Joint Forcecan then derive and use knowledge in superior decisionmaking processes and applycapabilities effectively, robustly, and flexibly to achieve desired effects. This allows theJoint Force and its mission partners 6 to function more efficiently (faster and better) in theexecution of traditional missions. More significantly, these new capabilities allow forcesto be employed in fundamentally different ways by integrating the Joint Force acrossprogressively lower echelons. The Joint Force will thereby increase its effectiveness andefficiency by having the capabilities to undertake new missions as well as capabilities tobetter execute its current missions.The principles, capabilities, and attributes of the Net-Centric Environment are separatedinto two areas: the Knowledge Area and the Technical Area. The Knowledge Areacomprises the cognitive and social interaction required to successfully function in theNet-Centric Environment. The Technical Area is composed of the information andphysical aspects (infrastructure, systems, network connectivity, and environment). 7 Development in both areas is key to achieving a mature Net-Centric Environment. The NCE JFC provides an enabling and integrating framework for the other jointfunctional areas. Because the NCE JFC is focused on information flow andorganizational issues that have traditionally been aligned with the C2 area of research anddevelopment, some of the language used in the Net-Centric Environment has a strong C2flavor. Part of this focus on what may be considered the traditional C2 area stems fromthe fact that most networks in the past have been designed to primarily support C2functions, and in fact are commonly referred to as C2 networks, even though thesenetworks are often the only network available for all required functions—particularly atthe lower echelons of the force. Other users (admin, logistics, etc.) have been viewed assecondary customers. Since C2 nodes are already fairly well connected, the real power ofthe Net-Centric Environment will be in connecting the other functions and extremities ofthe force. 8 Accordingly, the NCE JFC addresses the application of the principles of theNet-Centric Environment to all of the functional areas described in the family of JointFunctional Concepts. Where possible, examples have been made of the application of theNet-Centric Environment to the other functional areas. 6 Mission partners include allies, coalition partners, international organizations, civilian government agencies, non-governmental agencies, and other non-adversaries who are involved with the activities oroperations of the Joint Force. 7This framework is an extension of

the four domains (social, cognitive, information, and physical) as developed in the Network Centric Operations Conceptual Framework Version 2.0. Information is critical toboth the Knowledge Area and the Technical Area. The Knowledge Area addresses how information isexploited and the Technical Area addresses how information is created and made available to users. Including Information and the physical aspects of infrastructure within the Technical Area supports theJoint Capabilities Integration and Development System (JCIDS) framework and processes for developmentof capabilities (such as information systems) which must support integrated characteristics from bothdomains. 8 FORCEnet Functional Concept (draft version 1.1.1) 091404 pg 1.Page 10Net-Centric Environment Joint Functional Concept 1.03 2.0 Illustrative Vignette 2.1 Background In August 1999, strong earthquake tremors struck Turkey and caused significant damage.The North Anatolian Fault that caused these tremors stretches to Istanbul beneath the Seaof Marmara. With the help of the U.S., NATO, and the European Union, Turkish officialsdeveloped a robust, survivable network called Network Respond. Network Respondconsists of numerous connected networks, strategically placed sensors, and databases toprovide area data and information. The network uses a number of redundantcommunication and power systems and dispersed archives to protect against the effects ofanother catastrophic earthquake. Completed in 2020, this network connects the majorcities that lie on this fault line through key nodes, which are interfaced with people andsensors in cities’ high rise structures, hospitals, fire fighting stations, electrical, andtelephone systems, transportation system, water and sewer systems, and oil refineries.In 2022, U.S. Joint Forces are operating in a mature Net-Centric Environment.Knowledge and technological advancements have resulted in an unprecedented ability ofjoint forces to share awareness and create shared understanding. U.S. Joint Forces areable to operate seamlessly at the tactical level in dynamic Communities of Interest(COIs) that can access the numerous resources including Network Respond. 9 This agileforce can rapidly combine capabilities from different services at the appropriate levels toefficiently accomplish an increased range of missions. This is the ability to achieveconstructive interdependence, and it is the norm—not the exception. 2.2 The Networked Setting During the period of 2010 to 2025, U.S. Joint Forces’ relationships with U.S. civilian lawenforcement agencies, the Department of Homeland Security and appropriate agencieswithin the intelligence community have grown significantly. U.S. Joint Forces have alsomaintained very strong military relations with NATO and other foreign militaries.Multinational Standard Operating Procedures (SOPs) and Tactics, Techniques andProcedures (TTPs) have been developed and are in use daily. Multinational trainingevents have become commonplace, and foreign militaries have joined with the U.S.military in developing common interfaces, policies, and protocols. Individuals are able tofilter, structure, and visualize shared data and information in meaningful ways. Initiativesto enable multinational information sharing are providing the capability for U.S. andAllied militaries to share data and information transparently and effortlessly. 9 Collaborative groups of users who must exchange information in pursuit of their shared goals, interests, missions, or business processes. (DOD Net-Centric Data Strategy) This vignette is illustrative only and is intended to provide the reader with anunderstanding of how the Joint Force might function in a future Net-CentricEnvironment (2015-2025). It is to be used only within the context of this functionalconcept.Page 11Net-Centric Environment Joint Functional Concept 1.04In addition to improved multinational interoperability, many countries have paidparticular attention to the need to develop seamless access to critical humanitarianinformation. The United Nations (UN) established a network to coordinate HumanitarianAssistance/Disaster Relief (HA/DR) among member nations and external groups such asparticipating International Organizations (IOs) and Non-Governmental Organizations(NGOs). This network, called the International Humanitarian Relief Network (IHRN),incorporates common interfaces, common standards, and common protocols (includingsecurity protocols) to allow all

recognized participants the ability to access requiredinformation to support the range of required functions (e.g., medical, logistics, protection,engineering, etc.) through their organic networks. Numerous exercises have been heldover the years using IHRN, and as a result, SOPs and TTPs have been developed for useby all participating countries and organizations. Participants have developed the requirednetwork interfaces, and have become accustomed to trusting one another throughfrequent posting and sharing information. 2.3 Situation At 4:15 a.m. on 25 March 2022, the Anatolia fault line ruptures causing a massiveearthquake registering 8.2 on the Richter scale. The city of Istanbul is near the epicenterof the earthquake and suffers massive damage and destruction. The cities of Izmit, Golcut,and Bursa are also on the path of the fault and suffer significant damage and casualties.Aftershocks also contribute significant damage to the area. Combined, these cities haveover 150,000 dead, 400,000 injured, and 600,000 people homeless.Due to the magnitude and severity of the earthquake damage, the Turkish governmentofficially requests support from the UN and NATO. The UN responds by directing itsOffice for the Coordination of Humanitarian Affairs in Geneva to facilitate UN-sponsored humanitarian support. NATO stands up a Combined Joint Task Force (CJTF),led by U.S. European Command (USEUCOM), and begins synchronizing its activitiesunder the auspices of the Turkish civilian emergency management agencies and theTurkish General Staff. In response to the earthquake disaster, the CJTF launchesOperation Combined Response to provide humanitarian relief and coordinate reliefefforts supporting the areas in Turkey devastated by the earthquake. Numerous IOs and NGOs respond to the Turkish appeal for help. Among theseorganizations are the International Federation of Red Cross and Red Crescent Societies(IFRC), CARE, and World Relief. The Organization for International Relief and Support(OIRS), a Syrian-based group chartered in 2015, also participates in the earthquake reliefeffort. The U.S. Federal Government is inundated with offers from States and U.S. agencies tosupport Operation Combined Response. Many States have stand-by quick reactionEmergency Response Teams (ERTs), Urban Search and Rescue (USR) teams, andequipment that immediately deploy to Turkey.Page 12Net-Centric Environment Joint Functional Concept 1.05 2.4 Execution The headquarters of the CJTF is formed from a standing EUCOM element supported by apre-established collaborative network consisting of both standing and dynamiccommunities of interest. Permanently assigned CJTF personnel are cross-functionallyorganized and have established strong, standing relationships with other functionalexperts within the military and humanitarian relief communities. Because of this, theCJTF is able to stand up very quickly and, while deploying to a location near Eskisehir,Turkey conducts seamless en route planning, coordinating, and directing of tasks andactivities for Operation Combined Response. The CJTF consists of the U.S., Bulgaria,Greece, Italy, U.K., Canada, and France. Non-NATO members such as Israel, Japan,Russia, Austria, and Switzerland also begin coordination with the CJTF and deploy ERTsand USRs to provide assistance as necessary. The CJTF commander immediately establishes an interactive and distributedcollaboration session with all of his commanders, their primary staffs, the StateDepartment, U.S. Embassy, the Defense attaché, and key IOs and NGO participants whoenter the IHRN network to begin mission analysis and COA development. All CJTFparticipants are granted access to the Operation Combined Response COI to allow thesharing of information they will need to conduct this HA/DR support operation. The CJTF is able to immediately access Network Respond and display realisticvisualizations of structural damage to key buildings and the operational status of the areahospitals, firefighting stations, and police stations from protected archives of existingdatabases constructed, populated, and initially updated by the Turkish civil authorities.Seventy percent of the Network Respond sensors placed in strategic locations survivedthe earthquake and are able to send data regarding the location of casualties. NetworkRespond information quality and availability is assured through the use of automatednetwork management tools designed to maximize the accuracy and reliability, utility, andintegrity of data and information.Turkey provides a collaborative team to the CJTF that functions as an information“broker” and uses various software

tools to tag Turkish source data and information forspecific content and releasability to respective nations and organizations participating inOperation Combined Response. This is done based on pre-determined COI data standards,supporting a framework with multiple levels of security.Through a standing IHRN COI, all participating IOs and NGOs that had previouslysupported UN-led operations through the IHRN are able to access the network and get thesame data and information (situational awareness) that is available to the CJTF. ThoseIOs and NGOs that did not participate in developing IHRN are able to rapidly connect tothe IHRN and gain access as full participants in the COI. Intelligent user-defined agentsassign each of these organizations a level of participation in the COI commensurate withtheir roles, authorities, requirements, and risk profile. By operating in a Net-Centric Environment, ERTs and USR teams are able to collaboratewith CJTF units, other response teams, and all pertinent relief organizations, synchronizePage 13Net-Centric Environment Joint Functional Concept 1.06their actions, quickly deploy to areas where people are potentially trapped insidebuildings, and execute immediate search and rescue actions. All organizationsresponsible for casualty activities automatically post casualty updates, allowing networkparticipants to access near-real-time information on current casualty locations, status,severity of injuries, availability and location of nearest ERT and USR teams andequipment, supplies, current on-site conditions, and status of casualty logistical/medicalsupport infrastructure. On March 27, two days after the earthquake, a massive car bomb explodes outside theHotel Bandora in Ankara, approximately 250 miles from the Istanbul area relief effort.The bomb kills 10 key members of the Greek Cypriot-controlled government and 20 highranking members of the Turkish contingent who are attending a Cyprus UnificationSeminar. The explosion kills 45 bystanders and injures 150 individuals. Shortly after thebomb explodes, the terror group Al Shalib Hurstat claims credit for the incident citingtheir disapproval of the Cyprus Unification Seminar and threatening more terror activityif the unification efforts continue. The CJTF is given the additional mission of providing force protection and support tohelp the Turks locate and neutralize the terrorist cell responsible for the bombing. Thisnew mission is designated Operation Stomp Out. Taking advantage of the sharedsituational awareness and understanding achieved during Operation Combined Response,the CJTF immediately establishes an interactive collaboration session with allcommanders and primary staff members to update the situation and begin missionanalysis. The CJTF establishes the Stomp Out COI to assemble all relevant information related toactive and inactive terrorist cells operating in and around Turkey. The CJTF Commandertasks this COI to develop a recommendation on the likely terrorist cell responsible for thebombing, its disposition, and its likely location. To accomplish this task, the COIimmediately realizes that it needs the means to assemble and analyze all data andinformation related to terrorist cells, terrorist supporters suspected of planning and/orconducting terror in the Area of Responsibility (AOR), local leaders, previous terroristincidents, and responsible parties. Therefore, the COI quickly expands to include not onlythe organic CJTF ISR assets but also the Turkish Liaison Officer and his resources, theEUCOM J2, CENTCOM JTF-CT, the Defense attaches at the American Embassy, and aNorth Atlantic Council Counter Terrorism Force that was established in 2008. Thenetwork allows the CJTF to quickly and easily reach back to other assets withoutincreasing the footprint of the forces required to support operations in Turkey. Thisreduces the time and resources needed to bring additional information sources andcounter-terrorism capabilities to bear on the problem at hand. Because of the nature andlocation of the event, the Turkish liaison officer is identified as the COI leader. 10 10 The COI leader acts as the main contact point and spokesperson for the group. The COI leader does not necessarily have any additional network administrator or user privileges. For the purposes of the scenario,the COI leader is the Turkish liaison officer because the group is working terrorism issues inside theofficer’s home country.Page 14Net-Centric Environment Joint Functional Concept 1.07There is a great deal of data and information

pertaining to Ankara and its surroundingareas on Network Respond, and the Turkish government allows the CJTF access. CJTFmission partners’ access is based primarily on operational roles, as delineated by theCJTF and as stipulated by the COI leader. A logistics COI is established that plans for acquiring and managing the resources neededto provide logistical and medical support to Operation Stomp Out. This dynamic COIprovides peer-to-peer connectivity for logisticians in each unit supporting the operation,EUCOM logistics planners, and U.S. military component logistical planners. Thelogistics COI conducts collaboration necessary to support the new operation allowing thisCOI to assess the logistical status of Operation Combined Response, identify the supportrequirements necessary to respond to the event in Ankara, and analyze the in-transitstatus of supplies. This provides the means to develop a comprehensive recommendationto the CJTF to redirect certain critical support from Operation Combined Response toOperation Stomp Out. The NATO Rapid Reaction Force (RRF) is placed under the operational control(OPCON) of the CJTF. In 2022, the RRF consists of a Brigade Combat Team (BCT) withbattalion-sized combat units, military intelligence, engineer units, military police units,and signal/communication units as well as RRF level support units. The RRF planningelement is able to tie into the COIs for both Operation Combined Response andOperation Stomp Out. The RRF tasking in Operation Stomp Out allows its units appropriate role-based accessto network operational data and information. The plans cell automatically subscribes toany data or information posted on the network related to terror activities, terroristsupporters, and weapons, then further processes this information on its tactical network.Smart agents alert RRF units with mission specific information as determined byindividual users. Individuals further selectively filter this information based on theirspecific information needs. On March 28, a Turkish doctor working in an OIRS medical facility in Izmit reportsoverhearing a conversation of one of her coworkers that leads her to believe that thecoworker and possibly other OIRS members have ties with Al Shalib Hurstat. Thisinformation is reported to the Turkish government, which directs that the information beimmediately sanitized, tagged with appropriate security labels, and posted. The report isfused with other data and information related to Al Shalib Hurstat and OIRS and, as aresult, the OIRS’s access to information on the network is quickly restricted due to aperceived security risk. However, OIRS retains access to local non-sensitivehumanitarian relief data and information. Concurrently, numerous other data and information related to terrorists are posted byvarious mission partners in Operation Combined Response and Operation Stomp Out,intelligence agencies, and sensors. Local inhabitants who are on the ground providingassistance and relief also provide key information to members of CJTF. These HumanIntelligence (HUMINT) reports are automatically tagged and posted as they are reported.Page 15Net-Centric Environment Joint Functional Concept 1.08The Stomp Out COI has subscribed to information related to suspected terrorists in theAOR. As a result, the COI automatically receives the OIRS report and begins thecollaboration necessary within the intelligence community. The COI collaboration isfocused on assessing the fused data/information that is coming in to provide an update toCJTF and the RRF’s situational awareness. Based on the comprehensive collaborationamongst the COI participants and the new information related to Al Shalib Hurstat, theCOI ascertains that the terrorist group Al Shalib Hurstat is indeed responsible for thebombing and that these same terrorists are assembling in the city of Kayseri about 250miles from Syria. The RRF immediately deploys the BCT to Kayseri; however, the BCT has littleinformation on the city’s design, layout, and transportation network. Though available,satellite imagery will not provide the details needed to fully plan a combat mission inKayseri. The RRF commander considers a request to EUCOM to provide additionalforces capable of providing detailed imagery of Kayseri. One of the military units supporting Operation Combined Response is a U.S. ArmyUnmanned Aerial Vehicle (UAV) unit that is providing aerial support to locate andrescue casualties. The UAV unit has a platoon that can provide long range urban/MOUTaerial reconnaissance support and this platoon is not currently supporting OperationCombined Response. The UAV commander is connected to the network and hasvisibility of

the situation unfolding. The UAV commander contacts the BCT commanderand, after collaborating on the situation, offers his platoon as a quick solution toproviding aerial reconnaissance over Kayseri. The mission change requires extra securityfor the UAV downlink sites, which the BCT is able to easily accommodate. Logisticsclerks from both units use the CJTF logistics COI to arrange for delivery of suppliesneeded to support the new arrangement. Members of other functional areas also makeappropriate adjustments to ensure that this important task is adequately supported.The RRF commander has configured his information visualization system to track thistype of development and informs the CJTF, EUCOM, and the Turkish General Staff ofthe situation. Within hours, the BCT receives metadata tagged imagery with embeddedgeospatial data from the UAV platoon. The BCT in collaboration with units and COIsthroughout the CJTF (including the Turkish General Staff and its civilian leadership)quickly exploits the information and develops a plan to strike the terrorists. Theconstructive interdependence achieved by the rapid tactical level integration of UAV,BCT, and supporting COI capabilities allows the CJTF to successfully execute a missionthat results in the capture of the terrorists.Page 16Net-Centric Environment Joint Functional Concept 1.09 3.0 Central and Supporting Ideas 3.1 Statement of the Military Problem The Joint Force in 10 to 20 years will operate in an environment that is increasinglycomplicated, uncertain, and dynamic. Employment of asymmetric strategies by potentialadversaries and the proliferation of advanced weapons and information technologies willcreate additional stresses on all elements of the force. Future operations will not onlyrequire increasing joint integration, but must also better integrate other federal agencies,state organizations, and coalition partners. The current state of human and technicalconnectivity and interoperability of the Joint Force, and the ability of the Joint Force toexploit that connectivity and interoperability, are inadequate to achieve the levels ofoperational effectiveness and efficiency necessary for success in the emergingoperational environment. 3.2 Emerging Operational Environment The changing character and conduct of warfare and conflict resolution require afundamental shift in the way the U.S. military integrates and employs the elements of theJoint Force. Joint Force elements are increasingly being put into unfamiliar situationswithin complex, uncertain, and rapidly changing operating environments. To succeed inthese environments, they need the ability to rapidly integrate varied, dynamic, and oftenunanticipated sets of capabilities, potentially drawn from across and beyond the JointForce and its mission partners, in order to achieve the effects they require to meet theirmission objectives. They need to reduce the impediments to the flow of information andreduce the inherent friction 11 of adjusting Joint Force and mission partner capabilities tonew tasks and missions. The Joint Force and its mission partners need to greatly increasethe level of integration among their various capabilities and function at increasinglylower echelons. 3.2.1 Current Platform Centric EnvironmentThe current approach to Joint Force integration is largely platform-centric at the echelonsbelow the JTF headquarters level. In a platform-centric environment, individual andlargely autonomous systems are brought together in a rigidly structured fashion toaccomplish a mission. The central principles of a platform-centric environment tend tocreate barriers to the flow of information across the Joint Force and its mission partners.They frequently use organic or system-specific components that generate data usingsystem-specific data management strategies supported by dedicated command ororganizational support elements. These platforms have optimized their processes tosupport only their particular systems. The systems in a platform-centric environmentespecially lack horizontal integration with other systems, creating stovepipes of data andinformation. Platform-centric integration is done in a centralized command center 11 Referring to friction in the context of Clausewitz in On War, friction here refers to the amount of organizational effort required to bring a certain set of capabilities to bear in a specified amount of time.Page 17Net-Centric Environment Joint Functional Concept 1.010supporting higher echelons (See Figure 3-1).

The result is that the platform-centricenvironment tends to have a high level of friction, impeding the smooth or fluid transitionbetween different types of missions and reducing the potential effectiveness andefficiency of the Joint Force. The platform-centric environment tends to employcoordination mechanisms between the Joint Force and its mission partners that are brittleand have little utility except across a narrow range of potential missions. In the platform-centric environment, the content, speed, format, and quality of information are dictated inlarge part by formal requirements generation and fulfillment processes that employcentralized and functionally specialized information management, collection, processing,and consumption practices. This approach is inadequate because it produces a series ofinherent social and technical barriers to the flow of information that prevents tacticallevel integration of capabilities and ultimately restricts the effectiveness and efficiency ofthe force. Figure 3-1. Platform Centric EnvironmentPage 18Net-Centric Environment Joint Functional Concept 1.011 3.3 Central Idea If the Joint Force fully exploits both shared knowledge and technical connectivity, thenthe resulting capabilities will dramatically increase mission effectiveness and efficiency.Advances in information technologies are revolutionizing the ability of all members ofthe Joint Force and mission partners to share information and collaborate, 12 creating newcentral principles and paving the way for significant increases in the effectiveness andefficiency of the Joint Force and its mission partners. Collaboration is defined as jointproblem solving for the purpose of achieving shared understanding, making a decision, orcreating a product 13 across the Joint Force and mission partners. It allows experts tointegrate their perspectives to better interpret situations and problems, identify candidateactions, formulate evaluation criteria, decide what to do, and execute those decisions. Inthe context of this concept, collaboration is used to share and improve information,awareness, and understanding among the elements of the Joint Force and its missionpartners—support decisionmaking and synchronize activities. Current Technical Area investments focus primarily on the realization of a robust end-to-end network infrastructure as typified in Global Information Grid (GIG)-relatedinitiatives. The success of GIG-related initiatives currently underway is vital to buildingthe technical architecture and foundation of the Net-Centric Environment. 14 Usersthroughout the force must be connected with adequate resources to allow reliable, near-continuous access to enterprise information and services—even on the move. The Net-Centric Environment does not imply infinite resources, but does allow all echelons tomanage available resources to meet changing mission needs. While traditional technicalnetwork investments have centered on specific C2 requirements and nodes, the Net-Centric Technical Area will provide common capabilities for individuals across allfunctional areas. However, investments that only address the technical and informational aspects of thisenvironment will only garner limited gains in the overall agility and utility/effectivenessof the Joint Force. Transitioning from a platform-centric environment requiressurmounting internal and external organizational and policy barriers to the sharing ofawareness, understanding, decisionmaking, and the synergistic application of forcecapabilities. This cultural change must be supported by training and education, as well asby ensuring that Joint Force elements have incentives to use the technical networks of theJoint Force and its mission partners to draw on appropriate capabilities, regardless oftheir geographic or organizational location. While this can be done to a limited extent 12 This information sharing and collaboration is done formally and informally, directly and indirectly, and across the force and between the force and appropriate extra-force elements and resources. 13 Joint Command and Control Functional Concept.14 The GIG is defined by the DODD 8101.1, Global Information Grid Overarching Policy, 19 September 2002 as a globally interconnected, end-to-end set of information capabilities, associated processes, andpersonnel for collecting, processing, storing, disseminating, and managing information on demand towarfighters, policy makers, and support personnel. However, current investments focus on procurement ofcritical enablers in the information and physical infrastructure domains.Page 19

Net-Centric Environment Joint Functional Concept 1.012through the formal coordination mechanisms within and among institutions, the agileoperation of a force requires the enabling of both formal and informal collaborationacross the Joint Force, and the ability to establish and utilize relationships with missionpartners. Realization of a Net-Centric Environment requires exploitation of the capabilities fromboth the Knowledge and Technical Areas. At its heart, the Net-Centric Environment is asocial construct supported by an advanced information infrastructure. The total capabilitywithin the Net-Centric Environment is greater than the sum of the Knowledge andTechnical Areas. The two areas need to be integrated in order to exploit their fullpotential. To understand the relationships between the two areas, it is crucial to note thatinformation is not regarded as integral to the physical technical infrastructure nor tightlycoupled to applications. In a Net-Centric Environment, information is posted to sharedspaces and can be accessed by both anticipated and unanticipated users, through looselycoupled, smart pull-based architectures. The maturation of the Net-Centric Environmentis dependent upon the coevolution of both areas, best seen as investments along the entireDOTMLPF spectrum. Figure 3-2 represents the progressively increased total capabilityof the Net-Centric Environment when both Technical Area and Knowledge Area areintegrated and exploited. 0510152025303540455012345 Maturity (Time)CapabilityTechnicalCapabilityKnowledgeCapabilityTotal Net-CentricEnvironmentCapability Figure 3-2. Net-Centric Environment Capability: Greater than the Sum of its Parts 3.4 Principles Essential to Applying the Concept to a Wide Range ofScenarios The central principles of the Net-Centric Environment establish a set of guidelines forusing net-centric functions to integrate tasks across functional areas and enable a widerange of Joint Force capabilities, such as those described in the Joint Operating Concepts.Page 20Net-Centric Environment Joint Functional Concept 1.013Ultimately, these principles work together to form new capabilities not available to a lessthan fully connected force.3.4.1 Technical Area Principles 3.4.1.1 Intelligent Infrastructure Infrastructure includes the physical portions of the network. It facilitates the sharing ofinformation and collaboration among individuals and groups. The infrastructure needs tosupport the organizational structures, processes, and information flows required for usersto interact in the Net-Centric Environment. Broadly, the development, deployment, andemployment of infrastructure need to follow this guidance: • Adapt to the changing priorities, policies, and requirements generated by theinformation moving across it. Support persistent and dynamic shared space.• Connect groups as well as individuals in a global network, removing the barriersimposed by geography (natural and man-made), and physical movement. Theinfrastructure should be able to provide persistent global connectivity, but at thesame time should allow users to maintain tactically and operationally necessarycapabilities when disconnected. Connecting to the network cannot be aprerequisite for access to basic or limited functionality as units may be forced orchoose to operate without network access for short periods of time. Connectivityneeds to be provided to forces moving to, from, and inside the battlespace. Thisincludes support for “comms on the move.” At the minimum, systems should: o Maintain local connectivity (peer-to-peer) even when external connectivity is down; o Provide the ability to cache/display the last information received; o Provide the ability to input local and/or manual updates that are automatically synchronized when connectivity is restored. • Regulate network connectivity and the visibility of data based on an individual’sclearance level and their role in the Joint Force or as a mission partner. • Dynamically adjust network security as the roles of actors change and as themissions of the Joint Force and its mission partners dictate.• At lower echelons, there will be progressively less distinction between unit-specific platforms and the systems used to connect to broader service in the Net-Centric Environment. The ability to access the network and utilize networkservices will require unit-specific platforms that can also provide networkconnectivity.• Provide automated information management, fusion, and visualization tools. 3.4.1.2 Individual Information Management Advances in information technology will enable the

infrastructure to move greatervolumes of higher quality information more quickly from producers through processorsPage 21Net-Centric Environment Joint Functional Concept 1.014to consumers. 15 The key advantage is that the generation and fulfillment of informationrequirements are significantly more efficient because they can be dynamically definedand generated by the consumer of the information. Information management shifts from acommand function to an individual function. Interoperability is enhanced through use ofcommon enterprise services supported by a unified data strategy rather than service,command, and function-specific information management practices. 16 Because resourceswill never be infinite and sometimes severely restricted, 17 command and organizationalresponsibilities will focus increasingly on management of available resources. This focusshift implies a significant cultural change supported by education, and increased jointtraining at lower echelons, including the use of a live virtual constructive joint trainingenvironment. 18 Evolving the information requirements generation and fulfillment process increases thespeed and quality of decisions, enabling decision superiority across the Joint Force and itsmission partners. It also implies that the individual will need to be able to filter, structure,and visualize the information in ways that are meaningful to them without degrading thevalue of the information to others. The consumers of the information can discover andaccess the information they need in a timely fashion, in a context that is appropriate tothem, and with enough confidence in the quality of the information that they can act on itwith confidence. In many cases, the producers of information may not know who needstheir product. (See Section 5.4 for more details on potential implications for individualinformation management.)To support individual information management, information will need to be clearly andproperly tagged 19 to help individuals and groups more quickly discover and access it.Tagging also allows for the creation of useful ontologies for the information that theyproduce. A variety of tagging methods, including auto-extraction and auto-generation tiedtogether by an interoperability of the metadata that they produce, will help to makeinformation easily accessible and to help intelligent agents to provide that information tothose individuals and groups who have subscribed to it. Information will need to bepresented in a proper operational context, so tagging will need to relate contextualinformation as well. 15 At various times during a mission, a given force element may be any one or a combination of these types of information actors. 16 See the DOD Net-Centric Data Strategy of 9 May 2003 for detailed vision of the Department’s data and information management vision. 17 FORCEnet, page 14.18 A live virtual constructive joint training environment is one that seamlessly integrates live and virtual elements into a training program. 19 While tagging is a specific method for including metadata, it is used in this context to mean the systematic collection and inclusion of metadata during the collection, processing, and consumption ofinformation over its life cycle.Page 22Net-Centric Environment Joint Functional Concept 1.0153.4.2 Knowledge Area Principles 3.4.2.1 Information and Decision Rights and Responsibilities20 Each individual actor in the Net-Centric Environment has rights and responsibilities asthey apply to information and decisions. This significant cultural shift must be supportedby training and education. Individuals will have the proper incentives to fulfill their rolesas producers, processors, and consumers 21 of information. Individuals will also need theknowledge, experience and confidence to interact effectively. Individuals need to beprepared to not only exploit the information made available to them, but also to engage inbehaviors that encourage transparency, including ensuring that exploited information isshared with those who are supposed to have it. The behavior of individuals can beassessed by feedback they receive from those who interact with them on the network.Good behavior 22 is rewarded with positive feedback—much like a credit score or onlineauction rating system. Feedback will be important in building and establishing trust whenoperating with new partners because it will be used to determine their ability to discoverand access information. Individuals who do not engage in acceptable behavior willreceive negative

feedback, which may be used as a mechanism to specify additionaltraining or limit the types of tasks deemed appropriate. The quality and quantity of theshared information across the Joint Force and its mission partners is dependent upon eachindividual exercising their rights and fulfilling their responsibilities.Individuals in the Net-Centric Environment also have decision rights and responsibilitiesand will be empowered and enabled to act freely in making decisions. They have theresponsibility to make those decisions within the context of command intent and to sharesituation understanding across the Joint Force and its mission partners. These rights andresponsibilities apply to both the formal command and control process and to less formalcollaborative decision structures. Decisions in the Net-Centric Environment are heavilyinfluenced by dynamic, self-defining patterns of collaboration. The rights and responsibilities found at the individual level can also be ascribed to thegroup level. 23 The important distinction between individual and group rights andresponsibilities as related to information and decisions is the set of additional factors thatdescribe the structure and quality of relationships among the individuals within the group.Groups that do not engage in acceptable behavior will receive negative feedback, whichmay be used as a mechanism for additional training or limits on the types of tasks deemedappropriate for the group. Groups are adaptable, which means that they are prepared toquickly respond to any contingency with the appropriate capabilities mix. This requires 20 In addition to the general rights and responsibilities listed here, an individual can have specific rights and responsibilities assigned to them by their commander. These individuals may have access more akin to a“super user,” but are still constrained by the requirements for proper clearance for access to classifiedmaterials. 21 Army’s Core Architecture Data Model defines nodes as having these three roles relative to the network in which they reside. It is not strictly limited to individual people, but can also apply to larger organizations. 22 “Good behavior” occurs where the individual or group has not abused its information or decision rights and has fulfilled its information and decision responsibilities to the satisfaction of the group. 23 Groups are defined as any formal or informal association of two or more individuals. A COI is a group.Page 23Net-Centric Environment Joint Functional Concept 1.016versatile and agile forces that are tailorable and scalable for employment and able toemploy new capabilities in a multi-use manner. Adaptability ensures that groups canrapidly shift from mission to mission. 24 3.4.2.2 End-to-End Transparency End-to-end transparency is a central principal of the Net-Centric Environment thatrequires both a culture of openness and visibility of information across the Joint Force atthe tactical level. The information that is generated, processed, and consumed in a Net-Centric Environment will need to be visible, accessible, understandable, verifiable,current, and trusted. Access to information and its visibility to other users will be based on the level ofclearance and the role of the individual and group in the Joint Force and its missionpartners. Role-based access to information and the visibility of information to certainusers are akin to a dynamic “need to know” requirement. This protects sensitiveinformation from individuals or groups who have access under the current construct, butno longer have a need to know, or those who do not have a need to know that certainpieces of information even exist. Technologies like Public Key Infrastructure andBiometrics will need to evolve significantly to support dynamic role-based security. Forexample, if a Common Access Card is lost, it may take weeks to replace. Identitymanagement concepts need to mature to support the dynamic requirements of the Net-Centric Environment. Removing the impediments to the flow of information, save the need to protect theinformation from those who should not have it, requires formal and informalorganizations to make their structures and processes transparent to each other so as toincrease the visibility of their information and capabilities. Transparency requires a movefrom a “share information by exception” model to a “withhold by exception” model.Improving the transparency among information consumers, processors, and producersenables geographically separated individuals and groups to build the trust required toshare critical information and integrate collective capabilities at a much lower andeffective level. 3.4.2.3 Using Communities of Interest The use of Communities of Interest (COIs) throughout all echelons of

the Joint Force andits mission partners is a critical principle that supports many capabilities of the Net-Centric Environment, such as flexible organizations, shared situational awareness, andcollaboration. COIs are generally temporary organizations formed to address specificproblems, but there can also be standing or permanent COIs to deal with persistent issues.They interconnect resources from more stable and permanent organizations, giving thoseorganizations a flexibility that is central to addressing issues in the complex, uncertain,and dynamic operating environment of 15 to 20 years in the future. 24 JOpsC, p. 16.Page 24Net-Centric Environment Joint Functional Concept 1.017COIs can form as the result of top-down efforts, as in the case when commanders useCOIs to rapidly and easily bring together expertise from across the Joint Force and themission partners to address specific issues of concern. COIs can also be self-organizingfrom the bottom-up, allowing, for example, logisticians to collaborate on the location ofavailable supplies across a number of Joint Force and mission partner elements. Asshown in Figure 3-3, COIs can support all types of organizations within the Net-CentricEnvironment. FormalInformalTemporaryPermanentStandingCommunities of Interest(Warfighter Mission Areas,IT Domains, Business MissionArea Domains)Working Groups(Task Forces, “Tiger” Teams)DynamicCommunities of Interest(JTF Supply Clerk Share Point,Tactical Level Disaster Response)TraditionalOrganizations(Services, Joint Staff)Figure 3-3. COIs within the Net-Centric Environment COIs can be employed to meet a wide range of needs across the JTF. For example,through the use of COIs, shared situational awareness will be improved by increasing thevolume and quality of information being shared across the Joint Force and its missionpartners. Improving shared situational awareness will in turn make collaboration moreeffective because the effort spent on synchronizing facts and establishing sharedsituational awareness are reduced and more is spent on higher cognitive activities (e.g.,developing a shared understanding or potential courses of action.) 3.4.2.4 Interdependence Interdependence is a mode of operations based upon a high degree of mutual trust, wherediverse members make unique contributions toward common objectives and may rely oneach other for certain essential capabilities rather than duplicating them organically.Currently, integration of the Joint Force normally occurs at the component or JTFheadquarters level, and is often characterized by autonomy and deconfliction, the lowestlevels of integration. Here the capabilities of each organization or unit stay entirelyPage 25Net-Centric Environment Joint Functional Concept 1.018separate, even when the parent organizations have some overlap. Because units rarelyemploy every capability at their disposal in support of Service or component tasking,significant capability within the JTF remains latent or unused.By removing the barriers to the flow of information and connecting geographicallydispersed elements, the Net-Centric Environment provides the Joint Force and its missionpartners with the ability to exploit the efficiencies of the specialization of labor. Unitsacross the echelons will no longer need the same degree of organic capabilities to achievemission success because they can confidently rely upon their ability to access thecapabilities that they require, but which are provided by other units, organizations, orindividuals. Capabilities with a relatively low utility or usage in a particular mission caneither remain in garrison or can be more easily employed by other units that have agreater need. Figure 3-4 illustrates the relative increases in integration, efficiency, andeffectiveness of constructive interdependence achieved by moving from a platform-centric to a Net-Centric Environment. Figure 3-4. Increasing Integration toward Constructive Interdependence The Net-Centric Environment allows for the creation of capabilities that were heretoforeunavailable or possibly unknown, but which are adapted to the characteristics of thespecific environment in which they are intended to function. This creation of newcapabilities from the connection of the latent capabilities within the Joint Force isreferred to as constructive interdependence. Figure 3-5 illustrates the creation ofadditional combinations of capabilities (potentially unusable in a platform-centricenvironment) that may be derived from the Net-

Centric Environment. Note that althoughFigure 3-5 focuses on a sensor-decisionmaker-shooter scenario, this idea can easily beextended to other scenarios such as producer-processor-consumer.Page 26Net-Centric Environment Joint Functional Concept 1.019 Figure 3-5. Increased Combinations of Capabilities in the Net-Centric Environment versusthe Platform-Centric Environment 3.5 Application of Concept within a Campaign Framework Operations in a Net-Centric Environment will be significantly different than operationsconducted under the current platform-centric environment. Net-Centric capabilities willsupport all phases of the current campaign framework, as well as support potential futurenew frameworks with less well defined boundaries between phases. Information sharingand collaborative processes will be the engines of change that will lead to thedevelopment and adoption of new organizational principles that will, in turn, facilitate thetransformation of existing capabilities and the development of new ones. By removingthe knowledge and technical barriers to the flow of information, the Joint Force and itsmission partners will be able to operate with a significantly higher degree of agility andeffectiveness as a result of their increased integration and constructive interdependence.The advantages of operating in a Net-Centric Environment impact all of the functions ofthe Joint Force and its mission partners. For example, U.S. forces could assist localgovernments, international relief agencies, and NGOs coordinate humanitarian assistanceefforts much more easily in a Net-Centric Environment because the barriers toinformation flow would have been removed. COIs, supported by the transparency of theconstituent organizations, will be able to coordinate the distribution of food or medicalassistance more rapidly and effectively than with traditional coordination mechanisms(Focused Logistics Area). Information exchange 25 will depend less on informationexchange agreements, liaison officers, and formal coordination meetings. There will be 25 Information sharing within a COI could also be supported by an Information Exchange Broker who ensures information arrives at the right time, at the right location, and in the proper format required.Page 27Net-Centric Environment Joint Functional Concept 1.020formal barriers in place (clearance and role) and informal barriers (behavior as goodcitizens in the Net-Centric Environment) to establish the visibility of data and addresssecurity needs. Joint Force and mission partner planners will be able to share situationalawareness, the availability of resources, and readiness of capabilities to be deployed withgreater ease, efficiency, and effectiveness. The Net-Centric Environment will reduce the friction 26 of both large and small missiontransitions. The lessoning of friction in the course of transitioning from one task ormission to another creates opportunities for the Joint Force to use combinations ofcapabilities. Over the course of the operation, joint forces are less reliant on unwieldy orbrittle synchronization mechanisms in a Net-Centric Environment because theinformation and decision rights and responsibilities are guiding the flow of informationand the decision points across a singular effort. As the mission in a complicated,uncertain, and dynamic operational environment unfolds, access to the network and thevisibility of data will adjust in response to the changing roles and missions of elements ofthe Joint Force. The fluidity with which the Joint Force can transition from one phase or mission set tothe next will be a significant advantage of operating in the Net-Centric Environment. Ifthe mission to support the humanitarian assistance action changes and requires U.S. andcoalition forces to provide protection to convoys, the transition to the additional missionrequirements will be done more effectively in a Net-Centric Environment than in aplatform-centric one. This is because the reduced barriers to information flow wouldincrease transparency, which in turn would also reduce the friction inherent in such atransition. Information on current environmental conditions and the location of hostileforces will be distributed more quickly to the units protecting the convoys and those sameunits will pass back information on the conditions they find while in route in near-real-time, updating the shared awareness of all of the units involved in the operation(Battlespace Awareness). New routes will be selected on the basis of better informationregarding the local conditions both in terms of the environment and the activity of hostileforces (Command and Control). If hostile forces are

encountered, the convoy can quicklyrelay their location to strike aircraft offshore or helicopter gunships using a convoyprotection COI specific to the operation to pass sensor data to act on targetinginformation (Force Application). Vehicles in the next convoy may be provided withadditional protection against small arms fire and the order of vehicles may be changedbased on the information coming through the Protection COI (Force Protection) from aprevious convoy. 26 Aaron ,MAJ (NS) Chia Eng Seng, Ph.D. “Countering the Fog and Friction of War in the Information Age.” Pointer: Journal of the Singapore Armed Forces, April-June 2003, vol. 29, no. 2.Page 28Net-Centric Environment Joint Functional Concept 1.021 4.0 Capabilities and Attributes This Chapter describes the capabilities as well as attributes and related measures requiredin the Net-Centric Environment. A capability is the ability to achieve an effect to astandard under specified conditions through multiple combinations of means and ways toperform a set of tasks, 27 and an attribute is a measurable characteristic of a capability.Appendix D lists the capabilities and supporting tasks as well as attributes and supportingmeasures in tabular form. 4.1 Areas The capabilities and attributes of the Net-Centric Environment can be thought of asexisting in two areas: the Knowledge Area and the Technical Area. The Knowledge Areacomprises the cognitive and social interaction capabilities and attributes required toeffectively function in the Net-Centric Environment. The Technical Area is composed ofthe physical aspects (infrastructure, network connectivity, and environment) and theinformation environment where information is created, manipulated, and shared. Amatrix depicting the relationship between net-centric capabilities and attributes for eacharea is included in Appendix F.4.1.1 Knowledge AreaThe Knowledge Area is where human interactions occur between elements of the JointForce and its mission partners, for example, the exchange of information, sharedawareness, shared understanding, and collaborative decisionmaking. Because of theincreasing diversity and scope of organizations and forces involved in Joint Forceoperations, the interactions between them become more complicated, requiring new andmore capable collaborative efforts. It is within this area that individuals developsituational awareness and share this awareness with other entities to produce a sharedawareness. This leads to improved understanding at the individual level and to improvedshared understanding. This process enables the creation of faster, higher quality decisionsboth individually and collaboratively as the situation requires. The Joint Force and itsmission partner components will set up ad hoc (and sometimes dispersed) mission-basedorganizations that will change as the missions and tasks change, which in turn will alterthe information exchange requirements among the entities. Participants in thesenetworked organizations will be selected based on their knowledge of the problem or taskat hand and the capabilities they provide, and will function with a minimum set offormalized rules and procedures. 28 4.1.2 Technical AreaThe Technical Area includes the infrastructure and information properties of the network.The focus of this Section is on the connectivity and information flow and quality aspects 27 JCDRP (7/2004).28 Air tasking orders and joint targeting processes are examples of formalized rules and procedures.Page 29Net-Centric Environment Joint Functional Concept 1.022of this area. In this context, networking can be viewed as an interconnection of a systemof computers, communications, data, applications, security, people, training, and othersupport structures that provide local and global information processing and serviceneeds. 29 For smaller units, infrastructure will be more tightly integrated into their specificsystems because they will not have the luxury of supporting additional systems in austereconditions. The information domain facilitates the communication of information acrossthe network. It is the area where the command intent is communicated and whereinformation sharing occurs. The requirements of this area enable and constrain theformation of communities of interest to solve problems, exploit opportunities, andmitigate risks in an ever-changing operational context. 4.2 Capabilities Functioning in the Net-Centric Environment depends in large measure on theachievement of capabilities in the Knowledge Area, supported by capabilities in theTechnical Area. None of the

capabilities exists in isolation—there are dependenciesbetween the areas, between capabilities across areas, and between capabilities within anarea. The Knowledge Area comprises the individual and group capabilities (e.g.,understanding and decisionmaking) achieved through the employment of variouscollaborative techniques, organizational options, and force arrangements. The individual cognitive capabilities are enhanced through the group sharing capabilities.Situational understanding becomes shared situational understanding and decisionmakingbecomes collaborative decisionmaking, providing a more powerful set of capabilities.The Technical Area capabilities provide the means for achievement of the KnowledgeArea capabilities. For example, shared understanding is dependent on knowledge, theflow of information, and the ability of the network to provide that flow.4.2.1 Knowledge CapabilitiesAbility to establish appropriate organizational relationships. This is the ability to setup and change formal organizational and command relationships in accordance withmission and task needs, as well as to use flexible organizational constructs that extendacross multiple commands and organizations for task accomplishment. The Net-CentricEnvironment supports existing frameworks and provides a new COI framework tosupport both formal and informal organizational needs. To operate successfully in thisenvironment, people and organizations must be capable of dealing with flexible authorityrelationships (senior/subordinate, supported/supporting). This requires appropriatetraining, an understanding of the various organizational relationships, and the ability towork within an implied command intent environment. The Net-Centric Environmentprovides the transparency and trust mechanism necessary to use these new organizationalconstructions for military missions across the ROMO. 29 Network Centric Operations Conceptual Framework, Version 2.0.Page 30Net-Centric Environment Joint Functional Concept 1.023Ability to collaborate. Collaboration is extremely important to operating in the Net-Centric Environment. Collaboration must be continuous, include geographicallyseparated participants, and involve all relevant parties. To develop trust in collaborativedecisionmaking processes and organizational structures, doctrinal, cultural, andorganizational limits will need to be removed to achieve full collaboration. Leaders willneed to be trained, and procedures will need to be implemented.Ability to synchronize actions. The fast pace of operations in the Net-CentricEnvironment requires that entities be able to rapidly synchronize among themselves,independent of direction from superiors: self-synchronization. This will enable them toflexibly adapt actions to take advantage of opportunities and minimize impacts ofchanging or emerging threats. It will enable a more thorough incorporation of effects-based operations and planning.Ability to share situational awareness. Individuals will need not only to develop theirown situational awareness, but they will need to share this awareness with a wide rangeof participants. They will need to see how others perceive the situation, and be capable ofprocessing information from many sources while remaining focused on current tasking(s).Ability to share situational understanding. Where situational awareness is the “who’swhere and what are they doing” aspect of battlespace knowledge, situationalunderstanding is the “what does it mean and what can I do about it” aspect. Individualswill use reasoning methods and tools to achieve the required level of understanding. 30 Sharing their understandings with a wide array of participants will provide a synergy thatleads to a higher quality collective understanding and contributes to high qualitydecisionmaking.Ability to conduct collaborative decisionmaking/planning. The ever-changing natureof the battlespace environment will require that commanders involve many elements,including other commanders and non-traditional communities of interest, in thedecisionmaking process. Decisionmakers will need collaboration tools and sophisticateddecision support tools in order to succeed in this environment. They will also need to dealwith analyzing potential courses of action quickly and with sufficient resolution toaddress potential second and third order effects. The collaborative decisionmakingprocess will enable commanders to be aware of other entities’ changing tasks andmissions and their ability to perform those tasks and missions.Ability to achieve constructive interdependence. Joint Operations establish formal rulesets for combining capabilities from multiple Services together to form new

capabilities.The idea of constructive interdependence extends this further by employing the network(both human and technical) to allow a virtually limitless combination of latent Serviceand component capabilities in ways that create capabilities not previously achievable. Forexample, an Army unit has pushed quicker than its organic logistics can support 30 Reasoning methods and tools include determination of cause-and-effect through trial and error, analyzing “what-if” scenarios or using influence diagrams and probabilistic reasoning tools to look at potentialalternative outcomes.Page 31Net-Centric Environment Joint Functional Concept 1.024ammunition requirements and is in need of quick re-supply. Fortunately, the unit doeshave an attached truck unit with plenty of fuel. The most direct route to the supply depotrequires using a bridge that has been weakened by the fighting, and which is now unsafe.A nearby Marine unit has captured its objectives and has an amphibious capability thathas already been used and can ferry supplies past the bridge. By looking across thenetwork, the Army unit ascertains the status of the amphibious equipment and itscapabilities, and establishes direct contact with the Marine unit to coordinate theiractivity. The Army unit also discovers via the network that the Marine unit needs fuelimmediately. The two units are able to combine their respective unused capabilitiesefficiently and effectively at the tactical level to accomplish their assigned missions. TheNet-Centric Environment will also allow for the identification of opportunities forconstructive interdependence that can be employed in wargaming and other trainingexercises.4.2.2 Technical CapabilitiesAbility to create/produce information. This is the capability to collect (in the case ofsensors) data and transform that data into information. It includes the on-boardprocessing of sensor data and/or the transmission of that data to an analysis or processingentity.Ability to store, share, and exchange information and data. This includes all actionsnecessary to store, publish, and exchange information and data. Data must beappropriately identified and labeled (tagged), placed in a database or otherdata/information repository, and its presence announced to those who need it(post/publish/advertise). There must be mechanisms in place such as intelligent agents forothers to retrieve the data/information (share) and/or mechanisms must exist to providethe data/information on a timely basis to those who need it (smart push/message). Theremust be a method to store the data/information in such a manner as to facilitate the easyretrieval by those who need it the most (stage content/smart store). There must be a wayfor users to identify the data/information that they need so that they are alerted to itsavailability (subscribe). Multiple users must be able to simultaneously work with dataand information, producing unified, integrated updates (collaboration). Finally, theremust be a means to maintain the historical record (archive).Ability to establish an information environment. This involves the establishment ofcriteria, processes and procedures for the storing and sharing of data/information,including the sharing across different environments and the support for multiple changingcommunities of interest. The ever-changing situation and high operational tempo willrequire the capability to achieve fluid allocation of resources in accordance with shiftingpriorities and the command intent (dynamic, priority-based resource allocation).Ability to process data and information. The user must be able to filter, correlate, andfuse data and information into useful forms. The system must be able to mediate andtranslate between different systems with varying characteristics.Page 32Net-Centric Environment Joint Functional Concept 1.025Ability to employ geo-spatial information. All coordinates should be properlyformatted, tagged, and correlated to other geo-spatial information in an underlyingdatabase (e.g., population, utilities, transportation, services, climate). This feature is manytimes more powerful than a standard map display in that it allows layering of informationand drill-down capability from the display.Ability to employ information. The existence of information on the network is uselesswithout a means of providing this information in an understandable form to the user.Formatting must be translatable (or interfaces must exist) to the extent that machine-to-machine information sharing is enabled.Ability to find and consume information. Users must be able to locate the requiredinformation and extract it. This includes discover and search capabilities, the use

ofintelligent agents, smart pull/smart push, etc.Ability to provide user access. The net-centric model will result in users shifting rolesas mission requirements dictate. The different roles will have different information andsecurity access requirements; therefore, role-based and COI access controls need to bedeveloped and employed. This will apply to both individuals and groups, including COIs.This will likely entail strong authentication procedures.Ability to access information. This capability refers to the need for multiple levels ofsecurity to allow information sharing between users across different security domains.Ability to validate/assure. This capability addresses the need for confidence and trust innetworks, systems, and information. Capabilities include the ability to restore and recovernetworks, systems, and data, and ensure data availability, integrity, confidentiality, andauditing during its lifecycle.Ability to install/deploy. The net-centric model depends on the capability to haveconnectivity where and when required. The network must be capable of forwarddeployment and must be tailored to mission requirements. It must be capable of dynamicreconfiguration as missions/tasks change, and be functional in harsh and/or unimprovedinfrastructure environments.Ability to operate/maneuver. Once in place, the network must be capable of dynamicallocation of resources, operate regardless of geography (distance, obstructions, etc.), andsupport all operations and transitional states along the ROMO. It must manage access anddenial to the network and associated data, while providing ad hoc coalition and inter-agency connectivity. The network will provide continuous, rapid, and error-free deliveryof information.Ability to maintain/survive. Once deployed, the network must be able to maintainservice while under both physical attack and information attack. It should degradegracefully, that is, continue operations at a gradually reduced capacity in accordance withprioritization plans as systems/equipment are destroyed and/or damaged. The networkmust be capable of dynamically rerouting services as nodes are incapacitated and/or asPage 33Net-Centric Environment Joint Functional Concept 1.026information flow requirements change. The network must be capable of obtainingadditional resources as required to maintain or increase capacity.Ability to provide network services. The network must be capable of providing allservices generally associated with network operations such as connecting all assets,sharing information among interagency/coalition/IO commercial/NGO participants,archiving large volumes of data, maintaining network status, keeping all nodes informed,supporting separate constellations of COIs, and supporting geographically transitioningnodes. 4.3 Attributes The attributes are the measurable aspects of the capabilities such as those listed in Section4.2.1. The relationships are not one-to-one, but one-to-many, and many-to-many (seeAppendix D). In order to assess the effectiveness of capabilities in the Net-CentricEnvironment, it is necessary to develop a set of performance-related metrics. Measuresprovide the linkage between overarching attributes and metrics by identifying theimportant qualities of each attribute. The most appropriate metrics and associated units ofmeasurement differ based upon the operational context. Specific metrics are below thescope of this version of the functional concept. However, metrics with scale and unit ofmeasure are required to evaluate specific capabilities. Future versions of this documentshould include more detailed metrics derived from both the current JIC processes (seeSection 6.6) and specific net-centric metric development efforts.4.3.1 Knowledge AttributesAgileAgile is defined as moving quickly and easily. It is assessed using the followingmeasures:• Flexible: The extent to which individuals or organizations dynamically meetevolving mission requirements.• Innovative: The extent to which tasks are performed in novel ways.• Resilient: The extent to which the command/organization is able to recover fromor adjust easily to misfortune or change.• Responsive: The extent to which decisions and actions are based on timelyanalysis and synthesis of the current situation.• Scalable: The extent to which organizations can seamlessly adjust size and scopeto meet a given mission requirement.QualityQuality is defined as lacking nothing essential or normal. Quality is assessed using thefollowing measures:Page 34Net-Centric Environment Joint Functional Concept 1.027• Appropriate: The extent to which

understandings and decisions are suitable anduseful for the mission/situation at hand.• Relevant: The extent to which an understanding/decision matches commandintent and mission objectives.• Correct: The extent to which understandings agree with fact.• Consistent: Extent to which understandings and decisions are in line with priorunderstandings/decisions.• Accurate: The granularity and precision with respect to fact.• Complete: The extent to which all required elements are present.• Timely: The extent to which the currency of understandings or decisions areappropriate to the mission.TrustworthyTrustworthy is defined as the extent to which confidence or assurance is held ininformation or decisions. Trustworthiness is assessed using the following measures:• Robust: The extent to which individuals or organizations exhibit strength orvigorous health. • Confident: The extent to which assurance is held in information or decisions.• Willing: The extent to which a force entity possesses the desire to function in ashared information environment.• Competent: The extent to which one is able to perform a task and/or function.4.3.2 Technical AttributesAssuredAssured is defined as having grounds for confidence that an information-technology (IT)product or system meets its certainty or security objectives. Assurance is assessed usingthe following measures:• Authentic: The extent of a security measure designed to establish the validity of atransmission, message, or originator, or a means of verifying an individual’sauthorization to receive specific categories of information• Confidential: The extent to which confidence or assurance is held in informationor decisions.• Non-repudiated: The extent to which the senders/receivers of data are preventedfrom denying having processed the data. Non-repudiation is measured by theextent to which senders are provided with proof of delivery and the recipients areprovided with proof of the sender’s identity.• Available: The extent to which authorized users are provided with timely, reliableaccess to data and information services.• Integrity: The extent to which information is protected from unauthorizedmodification or destruction.RobustPage 35Net-Centric Environment Joint Functional Concept 1.028Robust is defined as having or exhibiting strength or vigorous health. It is assessed usingthe following measures:• Survivable: The extent of assurance provided a system, subsystem, equipment,process, or procedure that the named entity will continue to function during andafter a natural or man-made disturbance, for example, a nuclear burst. (Note: Fora given application, survivability must be qualified by specifying the range ofconditions over which the entity will survive the minimum acceptable level orpost-disturbance functionality, and the maximum acceptable outage duration.)• Redundant: The extent to which surplus capability is provided to improve thereliability and quality of service.• Distributed: The extent to which the network resources, such as switchingequipment and processors, are dispersed throughout the geographical area beingserved. (Note: Network control may be centralized or distributed.)• Resilient: The extent to which recovery from or adjustment to malfunction(misfortune) or change is easily achieved.AgileAgile is defined as moving quickly and easily. It is assessed using the followingmeasures:• Flexible: The extent to which success is achieved in different ways and the extentto which the network dynamically meets evolving mission requirements. • Responsive: Responsiveness is the extent to which service is provided withinrequired time.• Diverse: The extent to which the network is not dependent on a single element,media, or method.• Dynamic: The extent to which the network can adapt when there is a change instatus.• Autonomous: The extent to which tasks are undertaken or carried on withoutoutside control. It is the ability to exist independently; responding, reacting, ordeveloping independently of the whole.ManageableManageable is defined as capable of being controlled, handled, or used with ease. It isassessed using the following measures:• Scalable: The extent to which the network/system/organization can grow toaccommodate additional users; hardware or software either co-located or globallydistributed from the original system configuration.• Reconfigurable: The extent to which the network/system/organization canaccommodate changes in hardware, software, features, or options.• Controllable: The extent to which a network manager has the ability to exerciserestraint, direction over, or perform diagnosis to ensure optimal function andsecurity; power or authority to guide, monitor, or manage.

Page 36Net-Centric Environment Joint Functional Concept 1.029• Maintainable: The probability that an item will be retained in or restored to aspecified condition within a given period of time, when the maintenance isperformed in accordance with prescribed procedures and resources.• Upgradeable: The extent to which the network or system can accept new versionsof software to meet changing requirements.• Repairable: The probability that the system/network can be to be restored tosatisfactory operation by any action, including parts replacements or changes toadjustable settings.ExpeditionaryExpeditionary is defined as supporting a military operation conducted by an armed forceto accomplish a specific objective in a foreign country. Expeditionary is assessed usingthe following measures:• Deployable: The extent of effort required to relocate personnel/systems to a JointOperations Area (JOA).• Maneuverable: The extent to which network elements support warfighters on themove.• Modular: The extent to which the network/system comprises “plug-in” systems/units/forces that can be added together in different combinations.• Transportable: The extent of mobility within the JOA.• Rugged: The extent to which the system/network can support operations inextreme environments and/or under conditions of high physical stress.• Reach: The extent to which the network/system can operate over extendeddistances to meet mission requirements.• Employable: The time and effort required to commence system operation uponarrival in the JOA.• Sustainable: The extent to which the network/system is able to maintain thenecessary level and duration of operational activity to achieve military objectives.Sustainability is a function of providing for and maintaining those levels of readyforces, materiel, and consumables necessary to support military effort.QualityQuality is defined as lacking nothing essential or normal. Quality is assessed using thefollowing measures:• Accurate: The extent to which a transmission/data stream is error-free.• Traceable: The extent to which information is capable of being tracked or traced;the ability to follow, discover, or ascertain the course of development ofsomething.• Complete: The extent to which all necessary parts, elements, or steps are present.• Consistent: The extent to which information is free from variation orcontradiction.• Timely: The extent to which information is received in time to be useful.Page 37Net-Centric Environment Joint Functional Concept 1.030IntegratedIntegrated is defined as all functions and capabilities focused toward a unified purpose.Integrated is assessed using the following measures:• Interoperable: The extent to which systems, units, or forces can provide servicesto and accept services from other systems, units, or forces and to use the servicesso exchanged to enable them to operate effectively together.• Accessible: The extent to which all authorized users have the opportunity to makeuse of information capabilities.• Visible: The extent to which users and applications can discover the existence ofdata assets through catalogs, registries, and other search services. All data assetsare advertised or “made visible” by providing metadata that describes the asset.• Usable: The extent of difficulty regarding the initial effort required to learn andthe extent of recurring effort to use the functionality of the system and/or theextent to which the context of the information used and/or created by aninformation capability can be derived.Page 38Net-Centric Environment Joint Functional Concept 1.031 5.0 Implications Net-Centric future force implications impact all of the DOTMLPF areas. 5.1 Doctrine • The Information Age may refine the application of the principles of war and therole of information in warfare will be made more explicit in doctrine.• Doctrine will continue to be a point of departure, guiding principles, and bestpractices.• Tactics, Techniques, and Procedures (TTPs) will evolve to reflect the increasingsignificance of information in all aspects of military operations.• Development of doctrine will be more dynamic and collaborative and will bedriven increasingly by wargaming and experimentation.• Joint operations will become the norm at successively lower organizationalhierarchical levels. 5.2 Organization • The effective application of the elements of national power in the InformationAge will require new

organizational relationships between DOD and its missionpartners.• Within the Joint Force, organizational structures will transform as informationand understanding are shared. New organizations will emerge, existingorganizational structures will change (e.g., flatten), and some organizationalstructures will disappear.• The Net-Centric Environment will facilitate, to a greater extent than is currentlypossible, the formation of new organizations with diverse structures, resources,degrees of persistence, charters, and missions. For instance, the diverse natures ofCommunities of Interest (COI) are best exploited in a Net-Centric Environment.• The extremities of organizations will become increasingly important as thesenodes are fully connected in the environment. Horizontal relationships betweenorganizations (both formal and informal) will become more important. 5.3 Training • Training curricula will need to change to develop the knowledge, experience, anddesired behaviors for operating in a Net-Centric Environment. The curriculumchange process must also become more responsive to rapidly transformingoperational practices.• Exercises will need to focus more on gaining experience and familiarity with abroad spectrum of players drawn from the Joint Force and its mission partners andutilizing the Net-Centric Environment as the medium for interaction. • The concept of “train as you fight, fight as you train” will require training andexercises to take place on portions of operational networks in order to properlyPage 39Net-Centric Environment Joint Functional Concept 1.032simulate the complex interactions that occur in the Net-Centric Environment. LiveVirtual Constructive training environments will emerge.• Training will need to support the ability of individuals and small groups to pluginto ad hoc teams or COIs without the benefit of the unit cohesion that comesfrom training and operating with a standing unit over a longer period of time. 5.4 Materiel • Solutions will be developed to connect traditionally disadvantaged users (those atthe extremities of force or that operates in challenging mediums such as under thesea). These solutions must support near-continuous access to enterprise servicesregardless of location or rate of movement. When disconnected from the network,these systems must continue to operate and allow graceful re-entry to the networkto include automatic synchronization of information between the disconnectedsystems and enterprise resources.• Emphasis must shift to developing solutions that support all functional areas asprimary customers, as opposed to building better C2 networks.• Materiel solutions must support multiple levels of security in a dynamic COIarchitecture.• Identification verification technologies will need to evolve significantly to supportdynamic role-based security. Identity management concepts need to mature tosupport the dynamic requirements of the Net-Centric Environment. • Information systems must be designed to work with metadata from a wide rangeof communities of interest.• Capabilities must be increasingly interoperable at the information and physicallayers. Increased emphasis on the Net-Ready Key Performance Parameters andadditional interoperability and net-centric processes, in particular systemsengineering of end-to-end performance to implement real-time requirements, isnecessary to ensure Technical Area Interoperability.• Digitally Assisted Aids/Tools help the commander to assemble the information inways that improve visualization and help create a rich understanding andassessment of potential alternatives that enable superior decisionmaking. Theyprovide advanced planning and cognitive capabilities to aid in courses of actiondevelopment, modeling, and simulation capabilities to evaluate COAs and predictresults, and supporting analytical information to aid in dealing with uncertainty.• Intelligent user-modified agents will filter and frame user informationrequirements within the network, allowing commanders and staffs to access theinformation that they need quickly and efficiently. The user-tailored informationflow provides feedback to those teams publishing information so that they cancontinually adjust their collection and fusion processes in such a way as toprovide the most meaningful products, for example, information pull as well aspush.• Fielding of materiel solutions must be better tied to joint training. Fielding ofcritical materiel solutions must include resources and planning for recurringtraining.Page 40Net-Centric Environment Joint Functional Concept 1.033 5.5 Leadership and Education • Leadership

will need to deal with the dispersion of authority across the set oftemporary and informal organizational structures that will evolve undercollaboration.• Leadership must embrace the cultural change required to function effectively inthe Net-Centric Environment.• Education at all levels must address the new framework provided by the Net-Centric Environment and reinforce the cultural and cognitive changes required forsuccess in this environment.• Leadership development will need to address the challenges of decisionmaking ina Net-Centric Environment.• Educational institutions must continually adapt to provide the best research andanalysis on future warfighting concepts.• Leadership development will need to address the possibilities offered by self-synchronization and other concepts and their impact on the idea of unity ofcommand or the command process. 5.6 Personnel • Administrative functions that require simple, repeated decisions will be phasedout; administration will be more efficient, given the enhanced physical,psychological, and mental demands, and more personnel will be made availablefor duty in currently understaffed units.• Operating in a Net-Centric Environment will create new mental and physiologicaldemands on personnel. These will need to be addressed through a combination ofhuman engineering (such as ergonomics), process engineering, and personneldevelopment.• Expertise not organic to units may be provided by a virtual presence or personnel,negating the need for a physical presence and/or assignment (e.g., analysts,advisors, maintainers). Through the use of reachback capability, distributedoperations are enabled allowing for smaller deployed footprints and enhancedmobility, both strategic and tactical, for joint forces. 5.7 Facilities • Bases and facilities in CONUS and OCONUS will require continued investmentand partnership with commercial information services to support a net-centricinfrastructure and supported data management strategy for forces in garrison.• Training and exercise facilities will require a higher level and more thoroughinstrumentation to evaluate unit performance beyond the most basic metrics forsuccess and to assess the use of information.Page 41Net-Centric Environment Joint Functional Concept 1.034 6.0 Scope 6.1 Timeframe and Applicable Military Functions and Activities The NCE JFC is written for the Joint Force Commander at the operational level 10 to 20years in the future with applicability across all levels of command from strategic totactical and across the ROMO. The NCE JFC provides functional support to the JOCs, other JFCs, and describes the net-centric capabilities, attributes, and measures in support of the JICs and the CapabilitiesBased Assessment (CBA) analysis process. It also provides a conceptual basis andanalytical framework for the operation of the Net-Centric Functional Capabilities Board. 6.2 Impact of Strategic Guidance and Deviations in the Concept The challenges of the evolving operational environment require that U.S. military force,all relevant agencies, and coalition partners work together with the Joint Staff and otherDOD agencies to enhance, integrate, and develop new Joint warfighting capabilities. Themandates set forth in the National Security Strategy, 2004 National Defense Strategy, andNational Military Strategy serve as a basis for the development of strategic andoperational Joint Force capabilities required for operating in the Net-Centric Environment.The NCE JFC conforms to the strategic guidance by providing the net-centric capabilitiesand attributes that enable the U.S. military to conduct the required net-centric tasks andactivities necessary to meet the strategic guidance. • National Security Strategy (NSS): The NSS directs an active strategy to countertransnational terrorist networks, rogue nations, and aggressive states that possess,or are working to gain, Weapons of Mass Destruction or Effect (WMD/E). Itemphasizes activities to foster relationships among U.S. allies, partners, andfriends. The NSS highlights the need to retain and improve capabilities to preventattacks against the United States, work cooperatively with other nations andmultinational organizations, and transform America’s national securityinstitutions.• National Defense Strategy (NDS): The NDS supports the NSS by establishing aset of overarching defense objectives that guide the DOD’s security activities andprovide direction for the National Military Strategy. The NDS objectives serve aslinks between military activities and those of other government agencies inpursuit of national goals.• National Military Strategy (NMS): The NMS derives objectives, missions, andcapability requirements from an

analysis of the NSS, NDS, and securityenvironment. The NMS provides focus for military activities by defining a set ofinterrelated military objectives and Joint operating concepts from which theService chiefs and combatant commanders identify desired capabilities andagainst which the Chairman of the Joint Chiefs of Staff assesses risk.Page 42Net-Centric Environment Joint Functional Concept 1.035 6.3 Impact of Future Context Documents and Deviations in theConcept This concept was developed in the context of numerous DOD efforts to transform theforce. The Network Centric Operations Conceptual Framework 2.0, Net-CentricOperations and Warfare Reference Model 1.1, and DOD Net-Centric Data Strategyplayed particularly important roles in the identification of required capabilities andattributes. This document provides a unifying framework of principles, capabilities, andattributes to integrate the many net-centric efforts underway. Future updates to these andother net-centric related documents, such as the Net Ops Conops and the future NCOECONOPS should reflect the capabilities identified in this concept.Deviations from this concept (particularly in foundational elements such as definitions) infuture context documents will likely hinder progress toward achieving a net-centric forceby furthering the lexicon issues that have already been identified as problematic. 31 However, this concept acknowledges that the understanding of the net-centric functionalarea is immature and rapidly expanding. As the community’s understanding of NetworkCentric Operations evolves, new principles, capabilities, and attributes are likely to beidentified and should be incorporated into future revisions of this concept. 6.4 Risks and Mitigation Military commanders and leaders at all levels will need to manage risks as they operate ina Net-Centric Environment. Risks remain inherent in the planning and execution ofmilitary operations. Additionally, there are risks associated with identifying, developing,attaining, and maintaining future net-centric capabilities 10 to 20 years in the future.Military leaders must employ prudent risk management strategies, including both theacceptance of calculated risks and the development of comprehensive risk mitigationtechniques. The risk mitigation discussed below is only a point of departure and theimplications Section of this concept provides more details on necessary changes, most ofwhich address one or more risks. The following list is intended to identify significantrisks associated with implementing a Net-Centric Environment. This list is not intendedto be exhaustive.• The increasing dependence on information processes, systems, and technologiesadds potential vulnerabilities that, if not adequately defended, could be exploitedby adversaries, or result in serious mission consequences. Mitigation: Increasednetwork security training and emphasis at all levels. Development of newInformation Assurance strategies and technologies.• Elimination of intermediate echelons and the ability to monitor force activity at anarbitrary level of detail may lead to information-enabled micromanagement,inhibiting the decentralization of decisionmaking to lower echelons. Mitigation:Wargaming and experimentation to inculcate value of decentralization. Education. 31 DOD Inspector General Report, “Management of Network Centric Warfare Within the Department of Defense” (D-2004-091) June 2004.Page 43Net-Centric Environment Joint Functional Concept 1.036• Overwhelming levels of information may lead to increased decision times or theinability of leaders to locate and identify decision-relevant information.Mitigation: Investment in smart agent technology. Training. Wargaming in a LiveVirtual Training Environment.• Capability and interoperability gaps in training, equipment, physical interfaces,and doctrine may pose challenges for operations with less digitally-capable forces.Mitigation: Retain key legacy interfaces. Increase training with allies in scenariossuch as described in the vignette.• Over-reliance on information and communications technologies may result inforces incapable of operating effectively in the absence of those technologies dueto failure or attack. Mitigation: Increased reliability of new equipment andappropriate levels of integrated redundancy in system architectures. Training andexercises that realistically simulate conditions of failure and attack.• Failure to coevolve technological, organizational, and doctrinal innovation maylead to inefficiencies in

the deployment and utilization of net-centric systems andconcepts. Such failure may arise from, for example, unresponsive acquisitionprocesses, organizational and cultural inertia, insufficient scientific advancement,or overly optimistic assumptions about technical or organizational capabilities.Mitigation: Increased joint wargaming and exercises, particularly at the small unitlevel. Increased investment in commercial technology. Integrated Joint ConceptDevelopment and experimentation.• Insufficient scientific understanding of the psychological and sociologicalfoundations of cognitive and social behavior results in fielding systems, designingorganizational structures, and developing doctrine that is not effective in real-world Knowledge systems. Mitigation: Increased research in this area. 6.5 Assumptions There are several assumptions common to all Joint Functional Concepts that provide theoverarching environment in which U.S. military operations will take place:• Future U.S. joint military operations will take place in a Net-CentricEnvironment;• Affordable technology will allow coalition partners and other agencies to acquirenet-centric materiel;• The U.S. will be operating in a complicated, uncertain, and dynamic globalsecurity environment 10 to 20 years in the future; and• There will be greater emphasis on asymmetric threats and the possession andpotential use of weapons of ever-increasing power.There are also critical assumptions that are relevant to the NCE JFC:• Substantial continued investment in research and development will overcomeunanticipated barriers to technical advancement that would preclude sustainedchange in military operations; andPage 44Net-Centric Environment Joint Functional Concept 1.037• DOD and Service cultures will evolve at an increasing rate to accept and employknowledge area capabilities. 6.6 Relationship to Other Joint Concepts An assumption common to all joint concepts is that future U.S. military operations willoccur in a Net-Centric Environment. The relationship among the various families ofconcepts is depicted in Figure 6-1. The Net-Centric Environment Joint FunctionalConcept must provide net-centric support to each of the joint concepts, thereby assistingthe Joint Force Commander in shaping the battlespace. The Net-Centric EnvironmentJoint Functional Concept:• Identifies essential Net-Centric Environment capabilities that enable the conductof net-centric technical tasks and activities across the ROMO in support of jointoperations using a network that is ubiquitous, autonomous, interoperable, andreliably supports tactical, operational, and strategic needs;• Identifies essential Net-Centric Environment capabilities that enable humans toleverage the technology and conduct comprehensive collaboration in support ofdecisionmaking, staff planning, and battlefield management in a distributed anddecentralized manner; • Supports the Net-Centric Environment capabilities identified in the joint operatingconcepts, joint functional concepts, and joint integrating concepts;• Provides a single point of reference to inform and influence the joint conceptsregarding the net-centric military function (net-centric capabilities and attributes);and• Provides a single point of reference to synchronize net-centric terms and activities.Capabilities identified in Version 1.0 of the C2 Joint Functional Concept that (1) arenetwork-related and (2) appear to have application across multiple functional areas, havebeen expanded upon in this concept in order to show an integrated, net-centric conceptthat, if implemented, will optimize information-dependent capabilities across allfunctional areas. These capabilities do not replace the need for specific C2 capabilities,but rather complement the C2 capabilities by providing a framework to integrate the JointForce at a lower, more informal, and more efficient level. Figure 6-2 depicts therelationship of the Net-Centric Environment to the other functional areas.Page 45Net-Centric Environment Joint Functional Concept 1.038 Figure 6-1. Relationships of Joint Concepts Force Application (FA)Battlespace Awareness (BA)Focused Logistics (FL)Force Protection (FP)Joint Training (JT)Force Management (FM) Net-Centric Environment (NCE) Informal Dynamic Patterns Of Collaboration Joint Command and Control (C2) Formal Decision Processes Figure 6-2. Formal and Informal Interaction between Functional AreasPage 46Net-Centric Environment Joint Functional Conept 1.0A-1 Appendix A. Reference Documents 1. “Net

Ready Key Performance Parameter, (v1.0)” briefing, n.d.2. 2004 National Defense Strategy, 2004.3. ADM GIG BE, 3 January 2003.4. Alberts, David S., John J. Garstka, Richard E. Hayes, and David T. Signori.Understanding Information Age Warfare. Washington, DC: CCRP PublicationSeries. 2001.5. Alberts, David S., Richard E. Hayes, Daniel T. Maxwell, John E. Kirzl, andDennis K. Leedom. Code of Best Practice for Experimentation. Washington, DC:CCRP Publication Series. 2002.6. Alberts, David S. and Richard E. Hayes. Power to the Edge. Washington, DC:CCRP Publication Series. 2003.7. ASD NII Memo Subj: Joint Net-Centric Capabilities, 15 July 2003.8. ASD NII Net-Centric Checklist v. 2.1, 13 February 2004.9. Battlespace Awareness Functional Concept, 4 February 2004.10. C4ISR Architecture Framework, 18 December 1997.11. CJCSM Instruction 3170.01, “Joint Capabilities Integration DevelopmentSystem,” 12 March 2004.12. Concept of Operations for Global Information Grid Net Ops (Net Ops CONOPS)Final Version, n.d.13. Data Visibility Component Guidance, 24 October 2003.14. DOD Architecture Framework (DODAF), v. 1.0, Desktop, 11 February 2004.15. DOD Architecture Framework (DODAF), v. 1.0, Volume 1, 9 February 2004.16. DOD Architecture Framework (DODAF), v. 1.0, Volume 2, 10 February 2004.17. DODD 8101.1, Global Information Grid (GIG) Overarching Policy, 19 September2002.18. DOD Discovery Metadata Standard Review, 2 June 2003.19. DOD Net-Centric Data Strategy, 9 May 2003.20. Focused Logistics Functional Concept, 4 February 2004.Page 47Net-Centric Environment Joint Functional Conept 1.0A-221. Force Application Functional Concept, 4 February 2004.22. Force Protection Functional Concept, 4 February 2004.23. Global Information Grid Enterprise Services (GIG ES): Core Enterprise Services(CES) Implementation, 10 November 2003.24. Homeland Security Joint Operating Concept, 2 February 2004.25. Joint Capabilities Integration and Development System (CJCSI 3170.01D), 12March 2004.26. Joint Command and Control Functional Concept, 4 February 2004.27. Joint Concept Development and Revision Plan, July 2004.28. Joint Operations Concepts (JOpsC), 3 November 2003.29. Joint Publication 1-02, “Department of Defense Dictionary of Military andAssociated Terms,” 12 April 2001. (as amended through 23 March 2004)30. Joint Transformation Roadmap, July 2004.31. Joint Vision 2020, n.d. 32. Major Combat Operations Joint Operating Concept, 5 March 2004.33. Merriam-Webster Online. Merriam-Webster Incorporated. 2005. http://www.m-w.com/ (Jan 2005) 34. Military Acronyms, Initials and Abbreviations: http://www.fas.org/news/reference/lexicon/acronym.htm 35. National Military Strategy, n.d.36. Naval Operating Concept for Joint Operations, n.d.37. Naval Transformation Roadmap 2003: Assured Access and Power Projection…From the Sea, n.d.38. Net-Centric Operations and Warfare Reference Model Version 1.0, 9 December2003.39. Net-Centric Operations and Warfare Reference Model Version 1.0, 9 December2003.40. Net-Centric Operations and Warfare Reference Model Version 1.0, 9 December2003.Page 48Net-Centric Environment Joint Functional Conept 1.0A-341. Network Centric Operations DOD Report to Congress, 27 July 2001.42. Network Centric Warfare: Developing and Leveraging Information Superiority,August 1999.43. Quadrennial Defense Review Report, 30 September 2001.44. Stability Operations Joint Operating Concept, March 2004 (Draft).45. Strategic Deterrence Joint Operating Concept, 11 February 2004.46. The National Security Strategy of the United States of America, September 2002.47. The U.S. Air Force Transformation Flight Plan, November 2003.48. Transformation Planning Guidance, 30 April 2003.49. United States Army Transformation Roadmap 2003, 1 November 2003.50. Webster’s Third New International Dictionary, Unabridged. Merriam-Webster.2002.Page 49Net-Centric Environment Joint Functional Concept 1.0B-1 Appendix B. Glossary TermDefinitionActionA structured behavior of limited duration. (JCDRP 7/2004)ActivityA structured behavior of continuous duration. (JCDRP 7/2004)AgilityThe ability to move quickly and easily. (Power

to the Edge)AssuredHaving grounds for confidence that an information-technology (IT) product orsystem meets its certainty or security objectives. (NCE JFC)AssumptionA supposition on the current situation or a presupposition on the future courseof events, either or both assumed to be true in the absence of positive proof,necessary to enable the commander in the process of planning to complete anestimate of the situation and make a decision on the course of action. (JP 1-02)AttributeA testable or measurable characteristic that describes an aspect of a system orcapability. (CJCSI 3170.01D)CapabilityThe ability to achieve an effect to a standard under specified conditions throughmultiple combinations of means and ways to perform a set of tasks. (JCDRP7/2004)CollaborationJoint problem solving for the purpose of achieving shared understanding,making a decision, or creating a product across the Joint Force and missionpartners. (NCE JFC)Communities ofInterestCollaborative groups of users who must exchange information in pursuit of theirshared goals, interests, missions, or business processes and who therefore musthave a shared vocabulary for the information they exchange. (DOD Net-CentricData Strategy)ConditionA variable of the environment that affects performance of a task. (JCDRP7/2004)CONOPS(Concept ofOperations orCommander’sConcept)The overall picture and broad flow of tasks within a plan by which acommander maps capabilities to effects, and effects to end state for a specificscenario. (JCDRP 7/2004)CriterionA critical, threshold, or specified value of a measure. (JCDRP 7/2004)DataInformation without context. (JC2FC v1.0)DoctrineFundamental principles by which the military forces or elements thereof guidetheir actions in support of national objectives. It is authoritative but requiresjudgment in application. (JP 1-02)DeconflictionPreventing elements of the Joint Force from operating at cross-purposes. (NCEJFC)EffectAn outcome (condition, behavior, or degree of freedom) resulting from taskedactions. (JCDRP 7/2004)End stateThe set of conditions, behaviors, and freedoms of action that definesachievement of the commander’s objectives. (JCDRP 7/2004)ExpeditionarySupporting a military operation conducted by an armed force to accomplish aspecific objective in a foreign country. (JP1-02)FrictionThe amount of organizational effort required to bring a certain set of capabilitiesto bear in a specified amount of time. (NCE JFC)Geo-spatialInformationThe concept for collection, information extraction, storage, dissemination, andexploitation of geodetic, geomagnetic, imagery (both commercial and nationalsource), gravimetric, aeronautical, topographic, hydrographic, littoral, cultural,and toponymic data accurately referenced to a precise location on the earth'ssurface. (JP 1-02)Page 50Net-Centric Environment Joint Functional Concept 1.0B-2 TermDefinitionInformationFacts, data, or instructions in any medium or form with context that iscomprehensible to the user. (JC2FC v1.0)Information Resource Information and related resources, such as personnel, equipment, funds, andinformation technology. (USC Title 44)Information SystemA discrete set of information resources organized for the collection, processing,maintenance, use, sharing, dissemination, or disposition of information. (USCTitle 44 [Paperwork Reduction Act])InfrastructureAll building and permanent installations necessary for the support,redeployment, and military forces operations (e.g., barracks, headquarters,airfields, communications, facilities, stores, port installations, and maintenancestations). (JP 1-02)IntegratedAll functions and capabilities focused toward a unified purpose. (NCE JFC)InterdependenceA mode of operations based upon a high degree of mutual trust, where diversemembers make unique contributions toward common objectives and may relyon each other for certain essential capabilities rather than duplicating themorganically. (JS J7 JTD)InteroperabilityThe extent to which systems, units, or forces provide services to and acceptservices from other systems, units, or forces and to use the services soexchanged to enable them to operate effectively together. (DODD 4630.5)JointConnotes activities, operations, organizations, etc., in which elements of two ormore Military Departments participate with interagency and multinationalpartners. (JS J7 JTD)Joint ForceThe term “Joint Force” in its broadest sense refers to the ArmedForces of the United States. The term “joint force” (lower case) refers to anelement of the Armed Forces that is organized for a particular mission or task.Because this could refer to a joint task force or a unified command, or some

yetunnamed future joint organization, the more generic term “a joint force” will beused, similar in manner to the term “joint force commander” in reference to thecommander of any joint force. (NCE JFC)Joint FunctionalConcept (JFC)An articulation of how a future joint force commander will integrate a set ofrelated military tasks to attain capabilities required across the range of militaryoperations. Although broadly described within the Joint Operations Concepts,they derive specific context from the joint operating concepts and promotecommon attributes in sufficient detail to conduct experimentation and measureeffectiveness. (JCDRP 7/2004)Joint IntegratingConcept (JIC)A JIC describes how a joint force commander integrates functional means toachieve operational ends. It includes a list of essential battlespace effects(including essential supporting tasks, measures of effectiveness, and measuresof performance) and a CONOPS for integrating these effects together to achievethe desired end state. (JCDRP 7/2004)Joint OperatingConcept (JOC)A description of how a future Joint Force Commander will plan, prepare,deploy, employ, and sustain a joint force against potential adversaries’capabilities or crisis situations specified within the range of military operations.Joint Operating Concepts serve as “engines of transformation” to guide thedevelopment and integration of joint functional and Service concepts to describejoint capabilities. They describe the measurable detail needed to conductexperimentation, permit the development of measures of effectiveness, andallow decisionmakers to compare alternatives and make programmaticdecisions. (JCDRP 7/2004)Page 51Net-Centric Environment Joint Functional Concept 1.0B-3 TermDefinitionJoint OperationsConcepts (JOpsC)An overarching description of how the future Joint Force will operate across theentire range of military operations. It is the unifying framework for developingsubordinate joint operating concepts, joint functional concepts, enablingconcepts, and integrated capabilities. It assists in structuring jointexperimentation and assessment activities to validate subordinate concepts andcapabilities-based requirements. (JCDRP 7/2004)KnowledgeData and information that have been analyzed to provide meaning and value.Knowledge is the collection of various pieces of processed data and informationthat have been integrated through the lens of understanding to begin building apicture of the situation. (NCE JFC)LethalityThe capability to destroy or neutralize a target. (NCE JFC)Material All items (including ships, tanks, self-propelled weapons, aircraft, etc., andrelated spares, repair parts, and support equipment, but excluding real property,installations, and utilities) necessary to equip, operate, maintain, and supportmilitary activities without distinction as to its application for administrative orcombat purposes. (JP1-02)ManageableCapable of being controlled, handled, or used with ease. (NCE JFC)MeasureQuantitative or qualitative basis for describing the quality of task performance.(JCDRP 7/2004)Measures ofPerformanceMeasures designed to quantify the degree of perfection in accomplishingfunctions or tasks. (JCDRP 7/2004)Measures ofEffectivenessMeasures designed to correspond to accomplishment of mission objectives andachievement of desired effects. (JCDRP 7/2004)MetadataInformation about information; more specifically, information about themeaning of other data. (JP 1-02)MetricA quantitative measure associated with an attribute. (JCDRP 7/2004)MissionThe end state, purpose, and associated tasks assigned to a single commander.(JCDRP 7/2004)Mission PartnersIncludes allies, coalition partners, international organizations, civiliangovernment agencies, non-government agencies, and other non-adversaries whoare involved with the activities or operations of the Joint Force. (NCE JFC)MultinationalOrganizationsA collective heading for intergovernmental and international organizations. (JP3-16)Net-CentricEnvironmentThe Net-Centric Environment is a framework for full human and technicalconnectivity and interoperability that allows all DOD users and mission partnersto share the information they need, when they need it, in a form they canunderstand and act on with confidence; and protects information from thosewho should not have it. (NCE JFC)Net-Centric (networkcentric) OperationsThe exploitation of the human and technical networking of all elements of anappropriately trained joint force by fully integrating collective capabilities,awareness, knowledge, experience, and superior decisionmaking to achieve

ahigh level of agility and effectiveness in dispersed, decentralized, dynamic anduncertain operational environments. (NCE JFC)Network CentricWarfareAn information superiority oriented concept of operations that generatesincreased combat power by networking sensors, decisionmakers, and shootersto achieve shared awareness, increased speed of command, higher tempo ofoperations, greater lethality, increased survivability, and a degree of self-synchronization. (Network Centric Warfare) A sub-set of Net-CentricOperations, see above.ObjectiveA desired end derived from guidance. (JCDRP 7/2004)QualityLacking nothing essential or normal. (Roget’s II)Page 52Net-Centric Environment Joint Functional Concept 1.0B-4 TermDefinitionRiskProbability and severity of loss linked to hazards. (JP 1-02)RobustHaving or exhibiting strength or vigorous health. (Webster’s)SharedUnderstandingA shared appreciation of the situation supported by common information toenable rapid collaborative joint engagement, maneuver, and support. (NCE JFC)StandardThe minimum proficiency required in the performance of a task. For mission-essential tasks of joint forces, each task standard is defined by the joint forcecommander and consists of a measure and criterion. (JCDRP 7/2004)SurvivabilityThe capability of a system and its crew to avoid or withstand a man-madehostile environment without suffering an abortive impairment of its ability toaccomplish its designated mission. (NCE JFC)Synchronization(1) The arrangement of military actions in time, space, and purpose to producemaximum relative combat power at a decisive place and time and (2) in theintelligence context, application of intelligence sources and methods in concertwith the operation plan. (JP 2-0) (JP 1-02)SystemA regularly interacting group of items forming a unified whole. (Merriam-Webster Online)Task An action or activity defined within doctrine, standard procedures, or conceptsthat may be assigned to an individual or organization. (JCDRP 7/2004)TransparencyEncourages open access to information, participation, and decisionmaking,which ultimately creates a high level of trust and collaboration amongstakeholders. (NCE JFC)TrustworthyThe extent to which confidence or assurance is held in information or decisions.(NCE JFC)UnderstandingKnowledge that has been synthesized and had judgments applied to it in thecontext of a specific situation. Understanding reveals the relationships amongthe critical factors in any situation. (NCE JFC)UserAny individual, organization, or automated system that interfaces with theinformation environment as a consumer or producer. (NCOW Reference Model)VignetteA concise narrative description that illustrates and summarizes pertinentcircumstances and events from a scenario. (JCDRP 7/2004)Page 53Net-Centric Environment Joint Functional Concept 1.0C-1 Appendix C. List of Acronyms BCTBrigade Combat TeamC2Command and ControlCBACapabilities Based AssessmentCBRNEChemical, Biological, Radiological, Nuclear, andHigh Yield ExplosivesCJTFCombined Joint Task ForceCOACourse of ActionCOIsCommunities of InterestCONUSContinental United StatesDODDepartment of DefenseDOTMLPFDoctrine, Organization, Training, Materiel, Leadership and Education,Personnel, FacilitiesERTEmergency Response TeamEUCOMEuropean CommandHA/DRHumanitarian Assistance/Disaster ReliefHUMINTHuman IntelligenceICRCInternational Community of the Red CrossIHRNInternational Human Relief NetworkIRSInternal Revenue ServiceISInformation SystemITInformation TechnologyJCDRPJoint Concept Development and Revision PlanJCIDSJoint Capabilities Integration and Development SystemJFCJoint Functional ConceptJICJoint Integrating ConceptPage 54Net-Centric Environment Joint Functional Concept 1.0C-2JOAJoint Operations AreaJOCJoint Operating ConceptJOpsCJoint Operations ConceptsJPJoint PublicationJROCJoint Requirements Oversight CouncilJTFJoint Task ForceMDPsMilitary Decisionmaking ProcessesNATONorth Atlantic Treaty OrganizationNCE JFCNet-Centric Environment Joint Functional ConceptNC FCBNet-Centric Functional Capabilities BoardNCO CFNetwork Centric Operations Conceptual

FrameworkNCONetwork Centric OperationsNCOWNetwork Centric Operations and WarfareNCWNetwork Centric WarfareNDSNational Defense StrategyNGONon-Governmental OrganizationNMSNational Military StrategyNORTHCOM Northern Command NSSNational Security StrategyOASD/NIIOffice of the Assistant Secretary of Defense for Networksand Information IntegrationOCONUSOutside the Continental United StatesOIRSOrganization for International Relief and SupportOPSECOperations SecurityQDRQuadrennial Defense ReviewROMORange of Military OperationsPage 55Net-Centric Environment Joint Functional Concept 1.0C-3RRFRapid Reaction ForceSOCOMSpecial Operations Command SOPStandards Operating ProcedureSOUTHCOM Southern Command TPGTransformation Planning GuidanceTRANSCOM Transportation CommandTTPTactics, Techniques, and ProceduresUAVUnmanned Aerial VehicleUNUnited NationsUSRUrban Search and RescueWMD/EWeapons of Mass Destruction/EffectPage 56Net-Centric Environment Joint Functional Concept 1.0D-1 Appendix D. Table of Capabilities and Attributes Table D-1. Knowledge Area CapabilitiesOverarching CapabilitiesTasks (The Ability to…)Deal with flexible authority relationsMaintain flexible attitudes towards power and authorityObtain and maintain an understanding of command intentAbility to establish appropriateorganizational relationshipsFlexibly adapt to changing operational needsEffectively collaborate with other entitiesOvercome organizational/cultural limits to collaborationAbility to collaborateEstablish trust in decisionmaking collaborationAbility to synchronize actionsFlexibly adapt actions to take advantage of opportunities andminimize impact of threatsAchieve situational awarenessCommunicate situational awareness to other decisionmakersAbility to share situationalawarenessSimultaneously process inputs from multiple sources and retain focuson the task at handAbility to share situationalunderstandingUse multiple methods to achieve situational understanding (e.g.,inductive, deductive, adductive reasoning)Achieve higher quality situational understanding via multiple means(access to expert systems, etc.)Communicate understandings to other decisionmakersUtilize virtual reality training, wargaming, and exercisesAbility to conduct collaborativedecisionmaking/planningMake high quality decisionsKnow tasks and teams assigned to tasksKnow available assets enterprise-wideInteract effectively with decision support tools in a collaborativeenvironmentAbility to operateinterdependentlyInteract with and accept inputs from non-traditional communities ofinterestPage 57Net-Centric Environment Joint Functional Concept 1.0D-2 Table D-2. Technical Area CapabilitiesOverarching CapabilitiesTasks (The Ability to…)Collect DataAbility to Create/ ProduceInformation Transform/Process data into informationTag informationPost/publish information Share stored information Advertise informationStage content (smart store)ArchiveCollaborateAbility to Store/Share/ExchangeMessageEstablish criteria for storing and sharing Share across areas Support enterprise-wide and COI-specific applications Ability to Establish anInformation EnvironmentSupport dynamic, priority-based resource allocationSupport mediation/translation services Correlate and fuse information Ability to Process Data andInformationProcess informationLink geographic information to underlying databaseAbility to Employ Geo-SpatialInfo Provide layering and drill downDisplay informationAbility to Employ InformationEnable machine to machine info-sharingTrain using simulation and mission rehearsalDiscover/searchPull/retrieve/accessSubscribePerform intelligent search/ smart pullAbility to Find and ConsumeInformationConsume informationSupport role-based access controlAbility to Provide User AccessSupport strong authenticationSupport multiple levels of securityAbility to Access InformationShare across security areas (Coalition, HLS)Restore/recover Assure information Validate informationDetermine an information pedigreeAbility to Validate/AssureDevelop trust in the information

Page 58Net-Centric Environment Joint Functional Concept 1.0D-3 Table D-2. Technical Area Capabilities (continued)Overarching CapabilitiesTasks (The Ability to…)Rapidly deploy/employ robust connectivity forwardTailor to specific capabilitiesFunction under range of infrastructure and ROE constraintsAbility to Install/DeployDynamically plan network architecture development processDynamically allocate resourcesID and maintain awareness of all nodes all the time“Wargame” the networkOperate without geographic constraintsSupport all operations and transitional states along the ROMOManage assured access/denialProvide ad hoc coalition connectivity Manage continuity and restoration of operationsAbility to Operate/ManeuverProvide timely and reliable delivery of informationDetect and defend against logical attackDynamically re-route servicesDegrade gracefully and contain cascade failuresContinue essential operations in degraded environments(WMD/WME, Natural disasters)Prioritize data flows from key databases/backups (mirrors)Ability to Maintain/SurviveAcquire additional network resources on demandConnect with all assetsConnect and share information amonginteragency/coalition/IO/commercial/NGO playersEasily search, file, transfer, communicate, support network taxonomyArchive large volumes of dataInform/update chain of command of network statusSupport separate constellations of COIsAbility to Provide NetworkServicesSupport geographically transitioning nodesPage 59Net-Centric Environment Joint Functional Concept 1.0D-4 Table D-3. Knowledge Area AttributesAttributeMeasureDefinitionFlexible The extent to which individuals or organizations dynamically meetevolving mission requirements.InnovativeThe extent to which tasks are performed in novel waysResilientThe extent to which recovery or adjustment is achieved givenmisfortune or changeResponsiveThe degree to which decisions and actions are relevant and timelyAgileMoving quicklyand easilyScalableThe extent to which organizations can seamlessly adjust size andscope to meet a given mission requirement.AppropriateThe extent to which understandings and decisions are suitable anduseful for the mission/situation at handRelevantThe extent to which an understanding/decision is consistent withcommand intent and mission objectivesCorrectThe extent to which understandings agree with fact ConsistentExtent to which understandings and decisions are in line with priorunderstandings/decisionsAccurateThe granularity and precision with respect to factCompleteThe extent to which all required elements are presentQualityLacking nothingessential ornormalTimelyThe extent to which the currency of understandings or decisionsare appropriate to the missionRobustThe extent to which individuals or organizations exhibit strengthor vigorous. ConfidentThe extent to which assurance is held in information or decisions.WillingThe extent to which a force entity possesses the desire to functionin a shared information environmentTrustworthyThe extent towhich confidenceor assurance isheld ininformation ordecisions.CompetentThe extent to which one is able to perform a task and/or functionPage 60Net-Centric Environment Joint Functional Concept 1.0D-5 Table D-4. Technical Area AttributesAttributeMeasureDefinitionAuthenticThe extent security measure designed to establish the validityof a transmission, message, or originator, or a means ofverifying an individual’s authorization to receive specificcategories of informationConfidentialThe extent to which confidence or assurance is held ininformation or decisionsNon-repudiatedThe extent to which the senders/receivers of data areprevented from denying having processed data. Non-repudiation is measured by the extent to which senders areprovided with proof of the sender’s identityAvailableThe extent to which authorized users are provided withtimely, reliable access to data and information servicesAssuredGrounds forconfidence that aninformation-technology (IT)product or systemmeets its certaintyor securityobjectivesIntegrityThe extent to which information is protected fromunauthorized modification or destructionSurvivableThe extent of assurance provided a system, subsystem,equipment, process, or procedure that the named entity willcontinue to function during and after a natural or man-

madedisturbance, for example, a nuclear burst. (Note: For a givenapplication, survivability must be qualified by specifying therange of conditions over which the entity will survive theminimum acceptable level or post-disturbance functionality,and the maximum acceptable outage duration.)RedundantThe extent to which surplus capability is provided to improvethe reliability and quality of serviceDistributedThe extent to which the network resources, such as switchingequipment and processors, are dispersed throughout thegeographical area being served Note: Network control may be centralized or distributedRobustHaving orexhibiting strengthor vigorous healthResilientThe extent to which recovery from or adjustment tomalfunction (misfortune) or change is easily achievedFlexible The extent to which success is achieved in different ways andthe extent to which the network dynamically meets evolvingmission requirementsResponsiveThe extent to which service is provided within required timeDiverseThe extent to which the network is not dependent on a singleelement, media, or methodDynamicThe extent to which the network can adapt when there is achange in statusAgileMoving quicklyand easilyAutonomousThe extent to which tasks are undertaken or carried onwithout outside control. It is the ability to existindependently; responding, reacting, or developingindependently of the wholePage 61Net-Centric Environment Joint Functional Concept 1.0D-6 Table D-4. Technical Area Attributes (continued)AttributeMeasureDefinitionScalableThe extent to which the network/system/organization cangrow to accommodate additional users; hardware or softwareeither co-located or globally distributed from the originalsystem configurationReconfigurableThe extent to which the network/system/organization canaccommodate changes in hardware, software, features, oroptionsControllableThe extent to which a network manager has the ability toexercise restraint, direction over, or perform diagnosis toensure optimal function and security; power or authority toguide, monitor, or manageMaintainableThe probability that an item will be retained in or restored to aspecified condition within a given period of time, when themaintenance is performed in accordance with prescribedprocedures and resourcesUpgradeableThe extent to which the network or system can accept newversions of software to meet changing requirementsManageableCapable of beingcontrolled,handled, or usedwith easeRepairableThe probability that the system/network can be restored tosatisfactory operation by an action, including partsreplacements or changes to adjustable settingsDeployableThe extent of effort required to relocate personnel/systems toa Joint Operations Area (JOA)ManeuverableThe extent to which network elements support warfighters onthe moveModularThe extent to which the network/system comprised of “plug-in” system/units/forces that can be added together in differentcombinationsTransportableThe extent of mobility within the Joint Operations Area(JOA)RuggedThe extent to which the system/network can supportoperations in extreme environments and/or under conditionsof high physical stressReachThe extent to which the network/system can operate overextended distances to meet mission requirementsEmployableThe time and effort required to commence system operationupon arrival in the Joint Operations Area (JOA)ExpeditionarySupporting amilitary operationconducted by anarmed force toaccomplish aspecific objectivein a foreigncountrySustainableThe extent to which the network/system is able to maintainthe necessary level and duration of operational activity toachieve military objectives. Sustainability is a function ofproviding for and maintaining those levels of ready forces,material, and consumables necessary to support military effortPage 62Net-Centric Environment Joint Functional Concept 1.0D-7 Table D-4. Technical Area Attributes (continued)AttributeMeasureDefinitionAccurateThe extent to which a transmission/data stream is error-freeTraceableThe extent to which information is capable of being tracked ortraced; the ability to follow, discover, or ascertain the courseof development of somethingCompleteThe extent to which all necessary parts, elements, or steps arepresentConsistentThe extent to which information is free from variation orcontradictionQualityLacking nothingessential ornormalTimelyThe extent to which

information is received in time to beusefulInteroperableThe extent to which systems, units, or forces provide servicesto and accept services from other systems, units, or forces andto use the services so exchanged to enable them to operateeffectively togetherAccessibleThe extent to which all authorized users have the opportunityto make use of information capabilitiesVisibleThe extent to which users and applications can discover theexistence of data assets through catalogs, registries, and othersearch services. All data assets are advertised or “madevisible” by providing metadata that describes the assetIntegratedAll functions andcapabilitiesfocused toward aunified purposeUsableThe extent of difficulty regarding the initial effort required tolearn and the extent of recurring effort to use the functionalityof the system and/or created by a information capability canbe derivedPage 63Net-Centric Environment Joint Functional Concept 1.0E-1 Appendix E. Implications for Experimentation The Net-Centric Environment Joint Functional Concept incorporates advanced andemerging concepts and technologies, and deals extensively with areas of endeavor thatare not yet fully understood, particularly with regard to Knowledge Area issues. As aresult, a robust campaign of experimentation will be necessary in order to develop, refine,test, and demonstrate net-centric concepts and methods.As a starting point for thinking about this experimentation campaign, this Appendixcaptures a set of first-order hypotheses and issues for experimentation and research thatsurfaced during concept development. E.1 First-Order Information Value Chain For The NCE JFC A number of key ideas and postulated cause-effect relationships can be extracted fromthe main document 32 to allow one to construct a hypothesized “information value chain”for the NCE JFC. This value chain describes a process by which data is gathered from theoperating environment, transformed into in-context information and actionableknowledge, and used in decision processes that lead to force action, which in turn affectsthe operating environment. At each stage in this process, force elements conductactivities to gather, process, fuse, and share information. How, whether, and under whatconditions these processes add value to the force’s mission effectiveness are appropriatesubjects for a net-centric research and experimentation campaign. Figure E-1 shows oneportrayal of an information value chain with a set of enablers that must be wellunderstood to contribute effectively to net-centric function of the force. 32 See, for example, the concept definition statement, the statement of the Central Idea of the functional concept, and the supporting hypotheses to that Central Idea.Page 64Net-Centric Environment Joint Functional Concept 1.0E-2 IndividualsEnvironment• Terrain• Weather• Red• Blue• Shooters• Sensors• Observers• Neutrals• Extra-theaterassets• Other DIME-relevantenvironsDataDataDataDataKnowledgeInformationDecisionsAction • High quality sensors• High quality,trained observers• Networking• Fusion• Post/Retrieve• Interoperability• Knowledge Building• Visualization• Knowledge Assistants• Discovery Services• Visibility of andAccess to Information• Decision Assistants• COA Analysis Assistants• Reach-back models• Reach-back experts• Flexible execution,incorporating:• Continuous decisionmaking• Continuous knowledgebuilding, monitoring• Continuous interactionwith other actors(information sourcesand decision makers) Figure E-1. Illustrative Information Value Chain for the NCE JFC, with enabling assets, technologies, and organizational capabilities Following Figure E-1, sensors (human and machine) gather data to characterize theenvironment along dimensions relevant to the activity and mission of the force. Thequality of this data extraction process, determined by the technical capability of sensingequipment and the capability and training of human sensors/observers, is the foundationfor building high-quality situational awareness. Extracted data is transported to variouspoints in the force via the force’s human and technical networks, where it can beprocessed, fused, correlated, and placed into context. This allows individuals in the forceto have access to information gathered by other force elements; further, it contributes toconsistency in the information representations of individuals across the force (as thoserepresentations are drawn from a common, global set of information sources); andimportantly, it provides for the representation and visualization of information in waysthat are comprehensible and

relevant for how it will subsequently be used by forceelements.High quality information sets allow individuals to transform information resident insystems and transported across networks in order to be incorporated into individuals’knowledge sets. The NCE JFC characterizes these processes as gaining awareness andunderstanding of the situation. Just as networking allows information sets to becorrelated and consistent, networking does the same for knowledge sets. While consistentinformation bases facilitate common perceptions of the situation, it is well known thatdifferent individuals have different sets of experiences and different ways of thinking,and can draw different conclusions when presented with common information.Page 65Net-Centric Environment Joint Functional Concept 1.0E-3Networking allows individuals to synchronize their perceptions, or at least to becomeaware of the different perceptions that exist in different parts of the force.With knowledge and information sets correlated (and when not correlated, with wellunderstood differences), activities and decision processes undertaken by individuals canbe correlated in ways that contribute to the agility and mission effectiveness of the force.This activity and decision coordination can be direct (taking place through explicitcollaboration) or indirect (occurring through common ties to the environment, andbecause individuals are commonly trained and have access to relevant and consistentpictures of the mission space). Importantly, decisions in this context refer to both formal planning and decisionprocesses involved in command and control and instantiated in doctrine via militarydecisionmaking processes (MDPs), as well as informal decisions made at all levels ofwarfighting and at all echelons of the force. Indeed, the decision by a force member tostop his vehicle or to switch display modes on a screen can be considered decisions inthis framework. The central point is that the kinds of decisions broadly impacted by thisinformation- and network-enabled capability go beyond those of formal command andcontrol of forces. E.2 The Net-Centric Environment Joint Functional Concept ValueProposition Figure E-2 illustrates the hypothesized NCE JFC “value proposition,” extracting from theNCE JFC text several important elements of the functional concept and how theyinterrelate and follow from one another. Connectivity• Human• TechnicalInformationInformationSharingInteraction/CollaborationSituationalAwarenessSharedSituationalAwareness Figure E-2. Network- and Information-enabled Situational Awareness,Interaction/Collaboration, and Shared Situational Awareness As a network- and information-enabled concept, the NCE JFC uses its Knowledge andTechnical networking to create the conditions for information sharing in the force. Thissharing of information, along with the collection of high-quality and relevant informationfrom the force’s Knowledge and machine sensors, improves the level of situationalawareness possessed by each element in the force. With better situational awareness andappropriate DOTMLPF, force elements can interact and collaborate more effectively(they know more about what they need to know, where that information is likely to befound, and with what other force elements their capabilities need to combine, and theyare interacting and collaborating in a policy, cultural, and technical environment suitablefor that interaction). This in turn permits force elements to further refine their situationalPage 66Net-Centric Environment Joint Functional Concept 1.0E-4awareness, as well as achieve consistency at appropriate levels among their individualpictures of the mission space. Thus, not only is situational awareness improved, but high-quality shared situational awareness is achieved as well. High quality shared situationalawareness allows for the development of situational understanding because the parties areworking from the same or comparable sets of facts. They can then work at sharing theirdeeper cognitive understanding of the unfolding situation. Enhanced shared situationalawareness and shared understanding allow the Joint Force and its mission partners toengage in value-added activities such as effects-based planning, rapid course of actionanalysis, and wargaming of potential options.The value chain just described, while logical, requires research and experimentation inorder to be verified and operationalized. Topics for an experimentation campaign toinvestigate and instantiate this value chain

include:• Knowledge networking;• Technical networking;• Coevolution of knowledge and technical networking;• Information sharing;• Situational awareness;• Collaboration/interaction; and• Shared situational awareness. Connectivity• Human• TechnicalDOTMLPFInformationInformationSharing Interaction/CollaborationSituationalAwarenessSharedSituationalAwarenessCollaborativeDecision MakingSynchronizedActivitiesForceAgilityForceEffectiveness• More effective/efficient in current missions• Able to operate differently, as demanded• Able to succeed in new mission areasConstructiveInterdependence Figure E-3. Value Proposition Hypothesis: Force Agility and Effectiveness Enabled bySituational Awareness, Interaction/Collaboration, and Shared Situational Awareness Figure E-3 suggests how the situational awareness, interaction/collaboration, and sharedsituational awareness created by the above-described processes lead to the ultimateobjective of the Net-Centric Environment Joint Functional Concept: a joint force that isunparalleled in its effectiveness, and is effective across a broad spectrum of missions andmission conditions (i.e., is agile). Components of this value chain include:Page 67Net-Centric Environment Joint Functional Concept 1.0E-5• Superior decisionmaking;• Constructive interdependence; and• Synchronized activities (including self-synchronization).Experimental testing of this set of hypotheses is critical, not only to establishing the valueand validity of net-centric concepts, but also to understanding the factors that bear onhow such value is created, and what capabilities and actions are necessary in order toattain its creation. Better understanding of how information and networking is and can beused by commanders and other force elements, how complex military organizationsoperate and adapt in complex environments, how evolving military and informationtechnology is affecting the conduct of operations, how that technology can best bebrought to bear in the Joint Force, and how the mind turns information into knowledge,and ultimately action, is needed to ensure the successful implementation of the NCE JFC.Specific implications for a research and experimentation campaign involve research inthe following areas:• Cognitive processes involved in Knowledge collaboration;• Knowledge creation from information;• Knowledge decisionmaking processes;• Effects of distance and networking on collaboration;• Developing adaptive learning organizations;• Impact of human factors on net-centric operations; and• Others. E.3 Other Recommendations for Experimentation In addition to these overarching experimentation issues that relate to how cognitive andoperational capabilities are created from information and networking capabilities, thereare research issues associated with how to best field a particular capability in the force.For example, suppose it is established that less rigid organizational structures (oneinterpretation of an agile Knowledge network) and a robust Technical network thatallows for rich communications and information exchange lead to enhanced situationalawareness, force element interaction, and ultimately to unparalleled force effectiveness.The question remains as to which is the best instantiation of that organizational structure,and which is the best technical implementation of communications and informationnetworks to achieve the needed awareness and interaction.In the ultimate end state, where there are ubiquitous sensor networks, perfect fusion tools,no restrictions on bandwidth availability and high-resolution, real-time, 3-dimensionalvisualization, any collectable information in any force would be available to any forceelement, and virtual collaboration environments would be indistinguishable in terms ofquality from physical “same room” collaborations. But how close to this end state doesone have to come in order to achieve effective distance collaboration, make effectivedecisions, or be dominantly effective as a force across the range of military operations?Answering such questions requires research in fields of organizational behavior, complexPage 68Net-Centric Environment Joint Functional Concept 1.0E-6organizational analysis, Knowledge-computer interaction, and others. What follows is asuggested list of topics relevant to creating effective Net-Centric Environments,processes, individuals, and organizations. These topics are an important part of the NCEJFC research and experimentation campaign; referencing Figures E-2 and E-3, they

dealwith making each concept and each arrow in the Figures as value-adding as they can be.• Effects of alternative organizational/command structures and doctrine/policy/TTPsets on information sharing, collaboration, and synergistic and synchronizedactivity.• Determination of effective education and training activities to ensure forceelements have knowledge required to successfully operate in a Net-CentricEnvironment (i.e., what does a net-centric warrior need to know in order toexploit this environment?).• Effects of various technical networking architectures on ability to shareinformation and collaborate.• Correlated effects of knowledge and technical networking capabilities onoperations. Effects of alignment/misalignment of Knowledge and Technicalnetworks.• Research in Knowledge-machine systems to explore concepts of trust(Knowledge-Knowledge trust, Knowledge-machine trust, machine-Knowledgetrust, and machine-machine trust).• Technical research into creating high-capacity, survivable, flexible, manageable,deployable, etc. networks.• Technical research into creating effective applications to facilitate informationsharing, fusion, discovery, and visualization.• Technical research into creating effective distributed collaborative environments. E.4 Phases of a Research and Experimentation Campaign A suitable framework for planning and executing such an experimentation campaign isdescribed in the Code of Best Practice for Experimentation, 33 which describes theexecution of methodologically-sound experimentation in complex issue spaces, such asthat of the Net-Centric Environment Joint Functional Concept. A complete and well-designed experimentation campaign will involve experiments and research projectsvariously geared towards discovery of underlying and important phenomena, testing ofhypotheses, and concept demonstration, all of which are critical to getting the theory right,understanding its application, and demonstrating its value and limitations to users anddecisionmakers. 33 Alberts, David S. Code of Best Practice for Experimentation. Washington, D.C.: CCRPPublication Series, 2002.Page 69Net-Centric Environment Joint Functional Concept 1.0E-7 E.5 Elements and Tools for NCE JFC Research and Experimentation A diverse set of analytic, research, and experimentation tools and methods is required forthorough investigation and validation of net-centric concepts. These tools and methodsinclude large-scale live military experiments, tabletop or sand table exercises, analyticstudies, modeling and simulation at many levels of resolution, and combinations of theabove, and others. Each of these elements has advantages and disadvantages. Forexample, large-scale live experiments often have the highest level of credibility andrealistic representation of military decisionmaking processes and their impact onoperational effectiveness, but are expensive, difficult to conduct scientifically, and are notrepeatable. Modeling and simulation studies are generally repeatable, and may or may notbe inexpensive, but it is difficult to capture faithfully, even in the most sophisticatedsoftware agents, the knowledge and decision processes whose enhancement is a focus ofnet-centric systems and processes. As is usually the case when studying complexproblems, a family of approaches is required.In designing and implementing a research and experimentation campaign, the fullcomplement of analytic and research capabilities available should be brought to bear.Some of these elements (inclusive of those discussed above) are:• Large-scale live experimentation• Mixed live-virtual force experimentation• Modeling and simulation studies at various levels of resolution• Modeling and simulation-facilitated Knowledge experimentation, including man-in-the-loop and hardware-in-the-loop capabilities to examine effects of realsystems on real decisionmakers.• Analytical studies of the value of information and collaboration, including thedevelopment of mathematical representations of information and collaborationeffects.• Reviews and integration into experimentation of related research from businessand academia, especially where cognitive and social issues are explored in venuessuch as distance learning, knowledge management, and distributed workenvironments.• Multiple levels of security technical, policy, procedures, and organizational issues.• Data fusion, both automated and human directed, including algorithms and value-added for each level of fusion. E.6 Other Research Topics for an Experimentation Campaign • Testing interdependency. • Testing the concept and implementation of Communities of Interest.• Testing Communities of Action.• Testing external to DOD

(e.g., IRS, NATO, IOs, NGOs,).• Man-in-the-loop scenarios to test trust.• Testing of machine-to-machine interface.• Leverage off non-DOD experimentation (testing, e.g., Touring).Page 70Net-Centric Environment Joint Functional Concept 1.0E-8• Testing Knowledge dynamics to recruit towards. • Realistic aptitude testing.• Dealing with self-organizing entities.• Cross-portal access.• Measuring for cultural and social change.• Get inside the asymmetric threat process.• Compartmented Activity Data Sharing Process.• Rapid database generation.• Rapid data mining and analysis tools and techniques.• Correlation of multiple resolution M&S and geospatial information.• Web-enabled network services for M&S and analysis.• Social and cultural impacts on decisionmaking and shared understanding.• Artificial intelligence aids for fusion and decisionmaking. E.7 Areas for Developing Future Hypotheses • Ability to establish effective force arrangements. • Ability to support enterprise-wide and COI-specific applications. • Ability to perform Network Operations.• Ability to dynamically plan network architecture development process.• Ability to dynamically allocate network resources.• Ability to support separate constellations of COIs.• Ability to tailor to specific capabilities.• Ability to acquire additional resources on demand.• Ability to support geographically transitioning nodes.• Ability to support dynamic, priority-based resource allocation.• Ability to dynamically re-route services.• Ability to implement information assurance.• Ability to achieve shared situational understanding.• Ability to achieve shared situational awareness.• Ability to connect and share information amonginteragency/coalition/IO/commercial/NGO players.• Ability to share across areas. • Ability to collaborate.• Ability to perform intelligent search/smart pull.• Ability to develop trust in the information.• Ability to share stored information.• Ability to archive large volumes of data.• Ability to establish rules for machine-to-machine processes.• Ability to effectively trust and employ intelligent agents, processes, hardware,weapons, systems, and decision-aids.Page 71Net-Centric Environment Joint Functional Concept 1.0F-1 Appendix F. Mapping Capabilities to Attributes ATTRIBUTESAbility to Create/Produce InfoAbility to Store, Share, and Exchange Information & DataAbility to Establish Info EnvironmentAbility to Process Data and InformationAbility to Employ Geospatial InfoAbility to Employ InformationAbility to Find and Consume InformationAbility to Provide User AccessAbility to Access InformationAbility to Validate/AssureAbility to Install/DeployAbility Operate/ManeuverAbility to Maintain/SurviveAbility to Provide Network ServicesAssuredX X X X X X X X X XX X XRobustX XX XX X X X X XAgileX X XX X XX X XManageableX X X X X X X XX X X XExpeditionaryXXX X X X XQualityX X X XX XX XXXIntegratedX X X X X X X X XX X X X Figure F–1. Mapping Capabilities to Attributes: Technical AreaPage 72Net-Centric Environment Joint Functional Concept 1.0F-2ATTRIBUTESAbility to establish appropriate organizational relationshipsAbility to collaborateAbility to synchronize actionsAbility to share situational awarenessAbility to share situational understandingAbility to conduct collaborative decisionmaking/planningAbility to achieve constructive interdependenceAgileXXXXXQualityXXXXXXXTrustworthyXXXXXX Figure F-2. Mapping Capabilities to Attributes: Knowledge AreaPage 73Net-Centric Environment Joint Functional Concept 1.0G-1 Appendix G. Contributors Last Name First Name Rank/PosOrganizationAblesJimmy D.Mr.NCI Info Sys.Inc./USTRANSCOM/TCJ6-OPAtkinsonKennMr.DMSO/SAICBankertBrianMAJHQ USAF/XIIIBeasleyWilliamMr.OUSD (AT&L)/Joint Force IntegrationBellMichaelDr.CNO N61FBenhamBarryMr.Battle Command and AwarenessDivision, Future Center, TRADOCBodifordKurtMAJ (P) U.S. Army G8-FDJBoeckman ChuckMr.MITRE CorporationBoggsSteveMr.SAIC, Systems Study Integrator, JS/J6-ABoydBobbyMr.Futures Center, Architecture Integrationand Management

DirectorateBryantLouisMr.Evidence Based Research, Inc.BurrisCraigLt ColNC FCB/JS J6ACagleJosephLt ColHQ USAF/XIIICameronAndrewLCDRCNO-N6ICCarrollRickMr.NC FCB/JS J6A /SAICCarterDavidMAJOR HHC G3 HQDACartierJoannaDr.IDACentolaJoannaMs.Evidence Based Research, Inc.ConradWalterMr.SAIC/J6ACordrayElisabethMrs.Office of the Secretary of Defense forPolicy (Resources and Plan)CoreyShannonMs.Evidence Based Research, Inc.CranfordStevenMr.Simulation Technologies, Inc/HQUSAF/XIIICreighton KathleenCDRNC FCB/JS J6A DavisBrianMr.Evidence Based Research, Inc.DunningReginaMs.USTRANSCOM/TCJ6-AFaltumAndrewMr.Alion Science and Technology/JointStaff J6IFieldsEvelynRADM(Ret.)Evidence Based Research, Inc.FlournoyHoraceLt ColJFCOM J8/JI&IGarstkaJohnMr.Office of Force Transformation, OSDGrimsleyRussMr.SAIC/C2FCBHaneyScottLt ColJ8 WCAIDHarveyTinaLt ColAF/XIWSHayesRichardDr.Evidence Based Research, Inc.Page 74Net-Centric Environment Joint Functional Concept 1.0G-2 Last Name First Name Rank/PosOrganizationHintzWillisMr.Futures Center, TRADOCHolloman KimberlyDr.Evidence Based Research, Inc.HoranJohnMr.HQ USAF/XORI (TITAN)JakubekDavidMr.ODUSD (S&T)JonesErnestMr.U.S. Army TRADOCJoyceDanielMr.NSR, Inc./Joint Staff/J6IJurinkoStephenLTC (P) AAIC, Army CIO/G6KeaneSheylaMs.Evidence Based Research, Inc.Kennamer CelesteMs.HQDA G3/Alion Sciences &TechnologyKettlerThomasLT COL HQ AF/XOXRKinnyRoryCOLAF/XOR-NCKirzlJohnMr.Evidence Based Research, Inc.KroppWayneMr.Army TRADOC Future, AIMDLeberGrantMr.LMIT/ASD (NII)LeeRichardMr.OSD/AT&L/AS&CLeedomDennisDr.Evidence Based Research, Inc.LeidyCharlotteCAPTLead, NC FCB/JS J6A LittleLauraLtColJS/J6 Director's Action GroupMaddoxAliceMrs.HQ USAF/XIWAMalburgRonaldMr.CSC/USTRANSCOM J6MartinJo-AnneMs.The Boeing CompanyMaxwellDanielDr.Evidence Based Research, Inc.McArdleKim C.Mr.AF/XICC (Scitor Corp.)McCreedy Kenneth h LTCOffice of Force Transformation, OSDMcEverJimmieDr.Evidence Based Research, Inc.McKeeRobertMr.MITREMertzDonLt ColNC FCB/JS J6A MillerLynnMs.DISAMinerPatrickLTCUSCENTCOM, CCJ6MottramBonnieMs.Evidence Based Research, Inc.MullenEdwardCDRNC FCBNicksonMarkLt ColJoint Staff/J6OuelletteRogerMajorUSSTRATCOM/CL13PowersJamesMAJUSSOUTHCOMQuigleyJohnMr.Boeing (Washington, DC NavalSystems)QuintonKeithLt ColJS J-7RobinsonLourayMs.AF/XICS - SumariaPage 75Net-Centric Environment Joint Functional Concept 1.0G-3 Last Name First Name Rank/PosOrganizationRohatgiMukeshMr.Old Dominions University ResearchFoundationSadauskas LeonardMr.DASD (DCIO) CP/OSchullerJeffreyMr.Joint Staff/J8 WCAIDSeitzGregoryMr.Binary Consulting/Army CIO/G6 FCSShanleyWilliamMr.USJFCOM J-61SignoriDavidDr.Evidence Based Research, Inc.SiomaccoEdwardCOL, O-6 Army C10/G-6SmithBrianMr.Evidence Based Research, Inc.SobersArthurMr.CSC/J-8 Protection Assessment DivisionSpencerJayCDRJoint Staff/J8/Force ApplicationStephensVincentLtUSSTRATCOM/CL132Stockland OrvilleMr.NSA/123TabacchiLenMr.ASD NIITaylorBridgetteMs.CSC J8-PAD/DDFPValentOscarMr.Executive Assistant to Defense S&TReliance Executive Staff ChairVan DineWayneMr.DOD/IAA SPOVeneeriJaniceMs.DISAWatsonIanMr.NORTHCOM J5WhaleyStevenMAJU.S. Marine CorpsWilliamsGaryMr.SYColeman/Army G-35WilsonAnhtuanLCDRPACOM/J622YoungDavidMr.USJFCOM/Old Dominion UniversityZavinJackMr.ASD(NII)/DOD CIO==============================This is the html version of the file http://thedocs.hostzi.com/security_clearance.pdf.Google automatically generates html versions of documents as we crawl the web.Page 1

ALCOHOLCONSUMPTION ALLEGIANCE TO THE UNITED STATES DRUG INVOLVEMENTFINANCIAL CONSIDERATIONS SELF-REPORTING OBLIGATIONS CRIMINALCONDUCT SENSITIVE DUTIES PSYCHOLOGICALCONDITIONS DUE PROCESS FOREIGNINFLUENCE ADJUDICATIVE GUIDELINES SECURITYCLEARANCE HANDLINGPROTECTEDINFORMATION CONTINUING RESPONSIBILITY SEXUAL BEHAVIOR FOREIGN PREFERENCE USE OF IT SYSTEMS PERSONAL CONDUCT CLASSIFIED INFORMATIONOUTSIDEACTIVITIES PERSONAL CONTACTS So you need a Security Clearance... HOW TO RECEIVEAND MAINTAIN YOUR SECURITY CLEARANCE DEFENSE SECURITY SERVICEPage 22 INTRODUCTION Whenever a Department of Defense employee or contractor requires access toclassified national security information, the individual must be granted a securityclearance at the proper level to access that information. A security clearance isa determination that a person is able and willing to safeguard classified nationalsecurity information. The three security clearance levels are: Confidential, Secret,and Top Secret.A prerequisite for accessing classified national security information is completionand favorable adjudication of a background investigation.The investigation is noncriminal and covers a defined period of normally no morethan the last 10 years. The information collected must be sufficient to allow anaffirmative or negative determination of a person’s eligibility for access to classifiedinformation and suitability for employment.The adjudicative process is the careful weighing of a number of variables known asthe “whole person concept.” Available, reliable information about the individual, pastand present, favorable and unfavorable, is considered in reaching a determinationof eligibility. Eligibility for access is granted only where facts and circumstancesindicate that access to classified information is consistent with the national securityinterests of the United States.Page 33 RECEIVING AND MAINTAINING YOUR SECURITY CLEARANCE ..............................4 WHAT IS A “SECURITY CLEARANCE”? ............................................................ 4WHAT IS “CLASSIFIED INFORMATION”? . ................................................................. 4WHAT ARE “SENSITIVE DUTIES”? ................................................................. 4WHY DO WE NEED CLEARANCES AND FAVORABLE PUBLIC TRUST DETERMINATIONS? ........ 4HOW DO I GET A SECURITY CLEARANCE OR POSITION OF TRUST DETERMINATION?.........5 GETTING CLEARANCE ELIGIBILITY .............................................................. 6 ONCE I GET MY CLEARANCE ELIGIBILITY, CAN I SEE ALL CLASSIFIED INFORMATION? .....6HOW MUCH PERSONAL INFORMATION DO I NEED TO PROVIDE? .............................. 6ARE THERE ANY HELPFUL TIPS FOR FILLING OUT THE QUESTIONNARE?. ................... 6WHAT BACKGROUND AREAS ARE CHECKED? .................................................... 7 ADJUICATIVE GUIDELINES ........................................................................ 7 HOW IS THE SECURITY DETERMINATION MADE? ................................................ 7WHAT ARE “ADJUDICATIVE GUIDELINES”? ...................................................... 7 DUE PROCESS ...................................................................................... 8 HOW LONG DOES THE CLEARANCE PROCESS TAKE? ........................................... 8 CONTINUOUS EVALUATION ...................................................................... 9 SO, IS THAT ALL THERE IS? ........................................................................ 9 OBLIGATIONS ....................................................................................... 9 NOW THAT I HAVE MY SECURITY CLEARANCE, WHAT ARE MY OBLIGATIONS? .............. 9 PERSONAL CONDUCT ............................................................................. 9SELF-REPORTING .................................................................................. 10 SELF-REPORTING OF PERSONAL ACTIVITIES .................................................... 10 REPORTING RESPONSIBILITIES .................................................................. 11SECURITY ISSUES .................................................................................. 11POTENTIAL SECURITY CONCERNS

.............................................................. 12 BEHAVIORS THAT ARE POTENTIAL SECURITY CONCERNS ...................................... 12ALCOHOL CONSUMPTION .......................................................................... 12ALLEGIANCE TO THE UNITED STATES ............................................................ 13CRIMINAL CONDUCT ................................................................................ 13DRUG INVOLVEMENT ............................................................................... 13FINANCIAL CONSIDERATIONS .......................................................................... 13PSYCHOLOGICAL CONDITIONS .................................................................... 14FOREIGN INFLUENCE ............................................................................... 14FOREIGN PREFERENCE ............................................................................. 15USE OF INFORMATION TECHNOLOGY SYSTEMS ................................................. 15OUTSIDE ACTIVITIES ............................................................................... 15PERSONAL CONTACTS .............................................................................. 15HANDLING PROTECTED INFORMATION........................................................... 16SEXUAL BEHAVIOR .................................................................................. 16 YOUR SECURITY CLEARANCE IS A CONTINUING RESPONSIBILITY ......................... 16 3 TABLE OF CONTENTSPage 44 WHAT IS A“SECURITYCLEARANCE”?WHAT IS“CLASSIFIEDINFORMATION”? WHAT ARE“SENSITIVEDUTIES”?WHY DOWE NEEDCLEARANCESAND FAVORABLEPUBLIC TRUSTDETERMINATIONS? A security clearance is a determination that you are eligible for access to classifiedinformation and eligible to perform sensitive duties.Not everyone qualifies for a security clearance or occupancy of a sensitive position…only those people determined to be good security risks are given clearances andpermitted to handle classified information or perform sensitive duties.The purpose of a security clearance is to determine whether you are able andwilling to safeguard classified national security information or perform sensitiveduties, based on your loyalty, character, trustworthiness, and reliability.Classified information is official information or material that requires protection inthe national interest.Classified information is national security information, which means that it relatesto the national defense and foreign relations of the United States.If classified information is mishandled or given to the wrong person, it could harmour country’s security or that of our allies.Sensitive duties are those duties which, although they do not include access toclassified information, if performed by an untrustworthy individual, could causeharm to the national security. Some examples of sensitive duties include accessto restricted areas, access to sensitive DoD equipment, or information technology(IT) positions where the individual works with unclassified automated informationsystems. Positions involving sensitive duties, with no access to classified information,are known as positions of trust.We need clearances to ensure that only trustworthy people have access to classifiedand sensitive information. Common sense and personal experience tell us that notall people are equally trustworthy.The security clearance process is a tool that helps make sure national securityinformation is not given to people who can’t be trusted. Within the DoD, each civilian position is categorized withrespect to security sensitivity into one of four groups: • Special Sensitive• Critical Sensitive• Non-Critical Sensitive• Non-Sensitive RECEIVING AND MAINTAINING YOUR SECURITY CLEARANCEPage 55 HOW DO I GETA SECURITYCLEARANCE OR POSITIONOF TRUSTDETERMINATION? Special Sensitive positions involve the following: • Access to Sensitive Compartmented Information (SCI)• Access to unique or uniquely productive intelligence sources or methodsvital to the U.S. security• Positions that could cause grave damage and/or compromisetechnologies, plans, or procedures vital to the strategic advantage ofthe United States. Critical Sensitive positions involve the following: • Access to Top Secret information• Duties demanding the highest degree of public trust• Duties under special access programs, or SAPs• Information Technology (IT) I duties Non-Critical

Sensitive positions typically involve the following: • Access to Secret or Confidential information• Duties requiring public trust• Information Technology (IT) II duties Non-Sensitive positions: • All other positions are designated as non-sensitive Public Trust Determinations: Positions designated as presenting a “high” or “moderate” risk for adverse impactto the efficiency and integrity of the service are referred to as “Public Trust”positions. Those positions generally involve the following duties or responsibilities:• Policy making• Major program responsibility• Public safety and health• Law enforcement• Fiduciary responsibilities• Duties demanding a significant degree of public trust 1. Your agency must identify your position as one requiring access to classifiedinformation, assignment to sensitive duties, or public trust position.2. You then complete security forms (SF-85P, SF-86) or Electronic Questionnairesfor Investigations Processing (e-QIP).3. Your security office submits your forms or e-QIP to the Office of PersonnelManagement who will conduct an investigation.The type of investigation depends on the sensitivity designation of your position andwhether the duties require access to classified or sensitive information.4. The completed investigation is reviewed by adjudicators who make clearancedecisions.Adjudicators look at the “whole person” depicted in the report of investigation.What that means is that they consider all available information, both “good”and “bad,” when making clearance decisions and apply the criteria for access toclassified or sensitive information.Page 66 ONCE I GET MYCLEARANCEELIGIBILITY, CAN I SEE ALLCLASSIFIEDINFORMATION?HOW MUCHPERSONALINFORMATION DO I NEED TOPROVIDE?ARE THERE ANYHELPFUL TIPS FOR FILLINGOUT THEQUESTIONNARE? No! Access to any classified information depends on the level of clearance eligibilityyou have (Confidential, Secret or Top Secret) and the information you need to knowto do your job. This is called the need-to-know principle.• With a Confidential clearance eligibility, you have access solely to thatConfidential information which you actually need-to-know to do your job.• Similarly, a Secret clearance eligibility enables access to Secret andConfidential information on a need-to-know basis.• And, a Top Secret clearance eligibility enables access to Top Secret, Secretor Confidential information that you actually need-to-know to do your job.Your organization’s management determines what classified information you needto get your job done.The amount of personal information you’re asked to provide depends on the level ofsecurity clearance for which you’re being nominated. Generally, you’ll be requiredto complete the same questionnaire for all security clearance levels. However, thetype of security clearance you are nominated for will determine the depth of theinvestigative coverage into your background.• The investigation for a Top Secret clearance covers the last 7 to 10 yearsof your life.• For a Secret clearance, only the last 5 years are checked.If adverse information surfaces, deeper investigation into your background may bewarranted.If you’ve filled one out before, it’s helpful to have a copy of the previous one to referto. If it’s the first time you’re filling one out, it will help if you verify the addresseswhere you’ve lived and worked, and or have on hand the addresses and phonenumbers of people such as former supervisors, references, or former roommates.You must provide accurate, complete, and honest answers to all of the questionson your security questionnaire. Incomplete or inaccurate information can delayyour clearance because this information is required for processing your securityclearance. False information is prohibited by law and punishable by fines andimprisonment. Remember, the information you provide will be verified duringyour investigation. If you have any questions about what to put in your securityquestionnaire, see or call your security officer, and then answer the questions tothe best of your ability. If you doubt whether to provide certain information, it isalways best to provide the information (and any clarification, if necessary). Youromission of adverse information may be interpreted by adjudicators as falsificationof your security forms. That could cost you your clearance. Remember, when yousign your security forms, you are certifying completeness and accuracy under thepenalty of prosecution.The DSS Academy has a training video “Tips for e-QIP Submission.” This videoincludes 10 tips for completing the SF-86 via e-QIP and is intended to aid in successfulsubmission of your application. This video can be accessed by the way

of the DSSAcademy home page http://dssa.dss.mil/seta/training_videos.html. GETTING CLEARANCE ELIGIBILITYPage 77 WHATBACKGROUNDAREAS ARECHECKED? Although different investigations are used for various levels of access, they all lookat the same types of information:• Your employment history• Education• Reference checks• Your military service record• Foreign activities and travel• Your financial history• Your police records (if any)• Drug and alcohol abuse (if any)When your investigation is complete, it is sent to a Central Adjudications Facility(CAF). An adjudicator at a CAF will review all of the information, both “good”and “bad” (remember, the “whole person”) and assess it the information againstthe Federal Adjudicative Guidelines to decide if you’re eligible for a clearance orposition of trust.• If no significant adverse information turns up, you’ll be granted aclearance eligibility at the level requested by your agency.• If significant, adverse material develops, it could mean that your casewill be delayed until additional information is gathered and facts areverified. Ultimately, you may be denied a clearance.The 13 Adjudicative Guidelines for determining eligibility for access to classifiedinformation and eligibility to perform sensitive duties are:• Allegiance to the United States• Foreign Influence• Foreign Preference• Sexual Behavior• Personal Conduct• Financial Considerations• Alcohol Consumption• Drug Involvement• Psychological Conditions• Criminal Conduct• Handling Protected Information• Outside Activities• Use of Information Technology Systems HOW IS THESECURITYDETERMINATIONMADE?WHAT ARE“ADJUDICATIVEGUIDELINES”? ADJUDICATIVE GUIDELINESPage 88 Clearances can be denied only on the basis of substantive information that raisestrustworthiness. They are never denied on the basis of gender, race, religion orsexual orientation. DoD has gone to great lengths to ensure that the clearanceprocess is fair and balanced. Clearances aren’t denied without people getting achance to give their side of the story —to explain or rebut the adverse information.This is called due process. It includes essential appeal rights, which people mayopt to exercise to challenge clearance denials or revocations to an independentClearance Appeal Board.These rights include the option to either present a written appeal directly to theBoard or to make a personal appearance before a DoD administrative judge that willbe considered by the Board in its independent decision.Generally, the clearance process can take anywhere from 2 to 9 months, dependingon the type of investigation and whether serious issues were developed.The background investigation for Top Secret clearance will normally take longerthan the background investigation for Secret clearance.The higher the clearance level, the deeper the investigation into your background,and the more time it is likely to take. If complicated issues come up during aninvestigation, it will likely take even longer. The completion time depends onseveral factors. Expect the investigation to take longer if you have:• Lived or worked in several geographic locations or overseas• Traveled outside of the United States.• Relatives who have lived outside of the United States.• Background information that is difficult to obtain or involves issues thatrequire an expansion of your case DUE PROCESS HOW LONG DOES THE CLEARANCE PROCESS TAKE?Page 99 Once the initial adjudication has been made and as long as you are assigned to asensitive position or have access to classified information or material, you will fallunder the Continuous Evaluation Program (CEP).By definition, CEP involves the uninterrupted assessment of a person for retentionof a security clearance or continuing assignment to sensitive duties. This ensuresthat you maintain high standards of conduct and that questionable conduct oractivities are promptly reported for adjudicative assessment.CEP also includes reinvestigation at given intervals based on the types of duties youperform and clearance level.• Individuals in Critical Sensitive positions are reinvestigated every 5 years• Those in Non-Critical Sensitive positions are reinvestigated every 10years if they have access to Secret material, and every 15 years if theaccess is to Confidential information• When you hold a

security clearance, you are expected to comply withthe high standards of conduct normally required of persons holdingpositions of trust. See “Personal Conduct.”• You are expected to keep your security office informed of certain changes inyour personal life or activities in which you might engage that have potentialsecurity ramifications. See “Self-Reporting of Personal Activities.”• You are also expected to report any factual information that comes toyour attention and that raises potential security concerns about co-workers. See “Reporting Responsibilities.”Standards of conduct are set by Executive Order 12968 on Access to ClassifiedInformation. That presidential order directs that access to classified information isgranted only to individuals “whose personal and professional history affirmativelyindicates loyalty to the United States, strength of character, trustworthiness, honesty,reliability, discretion, and sound judgment, as well as freedom from conflictingallegiances and potential for coercion, and willingness and ability to abide byregulations governing the use, handling, and protection of classified information.”Failure to comply with the standard may cause your eligibility for security clearanceor occupancy of a sensitive position to be reviewed and possibly revoked.The concept of continuing evaluation is an important part of the personnel securityprocess. It means you are subject to periodic reinvestigation and to a reasonabledegree of monitoring by supervisors, co-workers, and security professionals betweeninvestigations. These safeguards are necessary because situations and behaviorschange over time. Experience shows that individuals approved for a security clearanceor position of trust sometimes fall into a pattern of unreliable or untrustworthybehavior after being granted an initial clearance. NOW THAT I HAVE M Y SECURITYCLEARANCE,WHAT ARE MYOBLIGATIONS?SO, IS THAT ALLTHERE IS? CONTINUOUS EVALUATIONPERSONAL CONDUCTOBLIGATIONSPage 1010 Although you may obtain a clearance or may be assigned to a sensitive positionor position or trust, the initial adjudicative decision can be overturned at a laterdate if you concealed relevant information during the investigation or after theclearance was issued.Employees who occupy positions of trust and handle sensitive information areexpected to report changes or incidents that may impact their clearances.The Adjudicative Guidelines can be a valuable tool in determining if a life-eventor situation might result in a need to report. Self-reporting, while mandatory,emphasizes personal integrity and is preferable to the incident or change beingdiscovered and reported by others.The following are some examples of incidents and life events where reportingcertain changes is expected or may be appropriate.• Change in Personal Status - Marital status (marriage, divorce),cohabitation (living in spouse-like relationship, intimate relationship, orbecoming engaged), change of name• Foreign Travel – A security briefing before any foreign travel, whether forpersonal or business reasons, clearance for travel to hazardous countriesfor Sensitive Compartmented Information (SCI)-cleared individuals• Foreign Contacts – Contact with individuals of any foreign nationality,either within or outside the scope of your official duties, in which illegalor unauthorized access to classified or otherwise sensitive informationis sought, personal concern that you are a target of an attemptedexploitation, all close and continuing relationships between SCI-clearedindividuals and foreign nations• Loss or Compromise of Information – Inadvertent or accidental loss orcompromise of classified or other sensitive information because the firstpriority in such a situation is to regain control of the classified material• Financial Problems – Filing for bankruptcy, garnishment of wages,having a lien placed on your property for failing to pay a creditor,eviction from a residence for failure to pay rent, or simply your inabilityto meet all your financial obligations• Arrests – Any arrest, regardless of whether or not charges were filed,other involvement with the legal system (such as being sued), anycircumstance where you were sworn under oath to testify about yourassociation or involvement in questionable activities• Psychological or Substance Abuse Counseling – When counseling isneeded, you are encouraged to seek assistance from your employer-sponsored Employee Assistance Program (EAP) or other counselingservice. Counseling for certain situations need not be reported if yousought the counseling on your own initiative to help you cope. Counselingmust be reported if you were advised to seek

counseling because ofwork performance or other undesirable behavior SELF-REPORTING SELF-REPORTINGOF PERSONALACTIVITIESPage 1111 Seeking help for life stressors does not reflect adversely on an individual’s judgment.Instead, it may be viewed as a positive sign that an individual recognizes that aproblem exists and is willing to take steps toward resolving it.• Outside Activities – Any planned or actual outside employment orvolunteer activity that could create a real or apparent conflict withyour responsibility to protect office.• Media Contacts– Any media inquiries about your job or organization shouldbe reported: ongoing personal contacts with media representatives whocover your organization or your subject are specialty should be clearedwith security.• Pre-Publication Review – Any technical paper, book, magazine article,or newspaper article that you prepare for publication or for posting onthe Internet, or lecture or speech that you prepare to give, must becleared in advance if it contains information or knowledge you gainedduring your current or any previous job.If you are entrusted with safeguarding classified material, or performing sensitiveduties, you are expected to report potentially significant, factual informationthat comes to your attention and that raises potential security concerns aboutco-workers. You are also strongly encouraged to help co-workers who are havingpersonal problems that may become a security issues if the problems are notaddressed.The following are examples of behaviors that may indicate an individual hasvulnerabilities that are of security concern or that an individual is in need ofassistance. This list is developed from the Federal Adjudicative Guidelines.You should consider reporting these behaviors when observed, so that yoursupervisor or the security office can determine whether some type of preventive orinvestigative action is appropriate.If ignored, problems signaled by these behaviors could impair the health, well-being, or performance of the individual employee, disrupt the work unit, or lead tocompromise of sensitive information. REPORTING RESPONSIBILITIESSECURITY ISSUESPage 1212 POTENTIAL SECURITY CONCERNS BEHAVIORS THAT ARE POTENTIAL SECURITY CONCERNSALCOHOL CONSUMPTION Early intervention is often the key to quick, effective resolution of problems withminimal or no impact to the individual or the organization.Because an individual exhibits one or more of the following behaviors does notmean he or she is a security risk. A security judgment is based on a pattern ofbehavior, and not a single action. And, it is a whole person judgment that takesmany factors into account, including strengths as well and weaknesses.The list of security-relevant behaviors is not a checklist for you to collect informationon your co-workers. It simply provides examples of behaviors that may signal anindividual is having problems or may need assistance. Consider the list, along witheverything else you know about the individual and the sensitivity of the individual’sposition, and then exercise your best judgment in determining whether to report,and what, when, and to whom to report.The following are examples of behaviors that may indicate an individual hasvulnerabilities of security concern or that an individual is in needs of assistance.This list of behaviors is not all-inclusive. The list is not a statement of Governmentpolicy, but simply illustrative of the kinds of behaviors that may be considered whena person is under consideration for a security clearance or a position of trust. Somebehaviors are obviously more significant than others.• Alcohol-related incidents at work, such as reporting to work or duty inan intoxicated or impaired condition, or drinking on the job• Alcohol-related incidents away from work, such as driving while underthe influence, fighting, child or spouse abuse, or other criminal incidentsrelated to alcohol use• Habitual or binge consumption of alcohol to the point of impairedjudgmentPage 1313 ALLEGIANCETO THE UNITEDSTATESCRIMINAL CONDUCTFINANCIALCONSIDERATIONSDRUG INVOLVEMENT • Actual or threatened use of force or violence in an effort to changeGovernment policy, prevent Government personnel from

performingtheir assigned duties, or prevent others from exercising theirconstitutional rights• Known participation in any organization or group advocating orthreatening use of force of violence, as above• Theft• Fraud (for example, bribery or solicitation of bribes, misuse of aGovernment credit card, misuse of leave, fraudulent travel or expenseaccounting, or tax fraud)• Pattern of disregard for rules and regulations (in addition to theft andfraud, this includes taking classified information home at night, ordriving while intoxicated)• Spouse or child abuse or neglect• Attempts to enlist others to participate in illegal or questionable activity• Use, possession, or acquistion of illegal/illicit substances• Misuse (use other than as prescribed), inappropriate possession, orinappropriate acquisition of prescription medication• Living or spending beyond one’s means• Unexplained affluence (unusually large or lavish purchases) or suddenlarge sums of cash that may indicate illegal source of income• Calls at work from creditors• Bounced or bad checks• Garnishments, repossessions, unfavorable judgments, or otherindications of financial difficulty• Failure to make child or spousal support payments• Reckless or compulsive spending, extensive gambling losses, or gamblingdebt• Bankruptcy• Improper handling of official finances or property, including repeateddelinquent accountings for advances, and unexplained cash• Shortages or loss of property, sloppy handling of cash funds, anddisregard for financial or property administration regulationsPage 1414 FOREIGN INFLUENCEPSYCHOLOGICALCONDITIONS • Pattern of significant change from past behavior, especially relating toincreased nervousness or anxiety, unexplained depression, hyperactivity,decline in performance or work habits, deterioration of personalhygiene, increased friction in relationships with co-workers, isolatingoneself by rejecting any social interaction• Expression of bizarre thoughts, perceptions, or expectations• Pattern of lying and deception of co-workers or supervisors• Talk of or attempt to harm one’s self• Argumentative or insulting behavior toward work associates or family tothe extent that this has generated workplace discussion or has disruptedthe workplace environment• Exploitation or mistreatment of others through intimidation or abuse ofpower or position• Other disruptive workplace behavior that resists supervisory directionor counseling• Verbal or physical threats toward work associates or family• Inability to control anger —throwing things, acts of violence• Stalking-type behavior (such as unwanted following or harassing phonecalls)• Extreme or recurrent statements of bitterness, resentment, vengeance,or disgruntlement that suggest a risk of some illegal or improper action• Threats or attempts to get even with work associates, acts ofvindictiveness• Unreported personal contacts with personnel from a foreign intelligenceservice, foreign government, or persons seeking classified, proprietary,or other sensitive information• Unreported close and continuing contact with a foreign national,including intimate contacts, shared living quarters, or marriage• Unreported relatives, or unreported contact with relatives, in a foreigncountry• Unreported relationship between relative, associate, or person sharingliving quarters and any foreign government, foreign intelligence service,criminal or terrorist group, or group advocating disloyalty toward theUnited StatesPage 1515 FOREIGN PREFERENCEUSE OF INFORMATIONTECHNOLOGY SYSTEMSOUTSIDE ACTIVITIESPERSONALCONTACTS • Exercising benefits of dual citizenship, including possession and useof a foreign passport or other foreign identity documentation withoutapproval• A deeply held commitment to helping a foreign country or group thatan individual that may show a preference over the U.S. or be temptedto circumvent U.S. policy or security regulations to assist the foreigncountry or group• Unauthorized entry into any compartmented computer system• Unauthorized searching/browsing through classified computer libraries• Unauthorized modification, destruction, manipulation, or denial ofaccess to information residing on a computer system• Unauthorized introduction of media into any Government computersystem• Storing or processing classified information on any system not explicitlyapproved for classified processing• Attempting to circumvent or defeat security or auditing systems,without prior authorization from the system administrator, other

thanas part of a legitimate system testing or security research• Failure to report paid or volunteer work for any U.S. or foreign media,publisher, academic institution, research organization or corporationrelating to the topics on which one has access to classified information• Recurring pattern of poor judgment, irresponsibility, or emotionallyunstable behavior• Deliberate omission or falsification of material information aboutbackground when applying for security processing• Association with persons involved in criminal activity• Indications subject may succumb to blackmail rather than risk exposureof a personal issuePage 1616 YOUR SECURITY CLEARANCE IS A CONTINUING RESPONSIBILITY HANDLING PROTECTED INFORMATIONSEXUAL BEHAVIOR • Persistent lax security habits despite management counseling (suchas discussing classified information on non-secure phone, not properlysecuring classified information or areas, or working on classified materialat home)• Collecting or storing classified information outside approved facilities• Revealing of classified information to unauthorized persons, includingnews media• Inappropriate, unusual, or excessive interest in classified informationoutside one’s need-to-know• Statements or actions that demonstrate an individual believes thesecurity rules do not apply to him/her• Pattern of self-destructive or high-risk sexual behavior that theindividual is unable to stop• Criminal sexual behaviorAre you able and willing to safeguard classified national information or performsensitive duties? Your loyalty, character, trustworthiness, and reliability willdetermine your qualification for a security clearance or occupancy of a sensitiveposition. Your continued diligence in monitoring your behavior and responsiblydealing with life’s events will help you maintain your qualification for a securityclearance or occupancy of a sensitive position. Should you have any questions,contact your local security office.==============================http://webcache.googleusercontent.com/search?q=cache:http://thedocs.hostzi.com/