Unified Capabilities (UC) Approved Products List (APL) Process … · 2014-10-25 · brochure...
Transcript of Unified Capabilities (UC) Approved Products List (APL) Process … · 2014-10-25 · brochure...
© 2014 TASC, Inc. | Proprietary
Presented by Gordon Bradley October 8th, 2014
Unified Capabilities (UC) Approved Products List (APL) Process and Successes
© 2014 TASC, Inc. | Proprietary
2
Outline
UC Defined 03
Governance & Policies 04
Reference Architecture 06
UC Requirements (UCR) 07
APL Process 08
Testing Rules of Engagement (RoEs) 09
Distributed Testing 11
APL Successes 14
© 2014 TASC, Inc. | Proprietary
3
UC Objectives:
Migrate DoD to common,
converged IP-based
network services to achieve:
Integrated and interoperable
operations; and End-to-end
security.
UC Defined
UC Definition:
The integration of voice,
video, and/or data services
delivered ubiquitously across
an interoperable, secure,
and highly available
Internet Protocol (IP)
network infrastructure,
independent of technology,
to provide increased mission
effectiveness to the
warfighter.
© 2014 TASC, Inc. | Proprietary
4
UC Governance
DoDI 8100.04 DoD UC
UC Requirements
(UCR)
UC Master Plan (UC MP)
DoD CIO
Joint Staff Implementation Guidance
DISA Planning
DoD Component Network Implementation
CJCSI 6211.02D
UC Steering Group UC Industry Advisory Board
Approved Products List UC Implementation Plans
DISA GIG Convergence Master Plan
DISA Campaign Plan
DISN Technical Evolution Plan
UC Implementation
Plans
UC Network Cutover
Plans
© 2014 TASC, Inc. | Proprietary
5
Version 1.0
UC Policy Documents DoDI 8100.04.
‒ DoD Unified Capabilities (UC). ‒ Signed 9 December 2010. ‒ Addresses Distributed Testing and UC Test
Requirements
UC Master Plan (UCMP). ‒ UC MP includes DoD-wide UC migration planning and
investment guidance. ‒ Provides a UC architecture, a mitigation plan for
security risks, and resource requirements for meeting the UC migration strategy.
UC Process Guide. ‒ This document defines the roles, responsibilities and
processes required to gain UC APL status for communications equipment to be connected to DoD Networks.
‒ Version 2.2, June 2014
October 2011
DoD Chief Information Officer
Department of Defense (DoD)
Unified Capabilities Master Plan (UC MP)
© 2014 TASC, Inc. | Proprietary
7
UC Requirements (UCR)
Establish standards to develop unified capability solutions.
‒ Identifies only the minimum requirements and features to support UC Reference Architecture.
‒ Does not contain a complete set of specifications for commercial features that do not affect assured services.
Allows for standardized Unified Capabilities Test Plan (UC TP) for Interoperability (IO) and Information Assurance (IA) testing.
Facilitates collaborative development of Information Support Plans (ISPs).
Terminology. ‒ Required, Conditional, and Optional.
Requirement waivers. ‒ Only by DoD CIO.
Applicability. ‒ Based on submission date.
7 Version 1.0
© 2014 TASC, Inc. | Proprietary
8
The UC APL is the single authoritative source for certified UC products intended for use on DoD networks.
UC APL Tracking Number Assigned and Stakeholders Notified: Vendor, Sponsor, Test
Teams, DISA
Initial Contact Meeting (ICM) held to determine Testing
Center, Device Type, Applicable Requirements,
Business Model
IA/IO Tests Scheduled
Testing and Certification
IO Testing
JITC Issues IO Certification
Testing Setup
IA Testing
DISA CA or DoD Component DAAs Provide IA Approval
Product Placed on UC APL
Product Submitted for UC APL testing with
complete documentation per UC
APL Process Guide
UC APL Process
© 2014 TASC, Inc. | Proprietary
9
UC Test RoEs Services Prototype Pre-Production
Assured Services
Features (ASF)
Full test.
Or incremental test/Desk
Top Review (DTR) if based
on previously tested product.
Full test.
Or incremental test/DTR if
based on previously tested
product.
Non-ASF
(Affecting ASFs)
Partial test.
Full test of interaction of
features.
Or incremental test/DTR if
based on previously tested
product.
No test. Vendor Letter of
Compliance (LoC) of vendor
tests of non-assured
services features meeting
brochure claims.
Partial test.
Full test of interaction of
features.
Or incremental test/DTR if
based on previously tested
product.
No test. Vendor LoC of
vendor tests of non-assured
services features meeting
brochure claims.
Non-ASF (Not
affecting ASFs)
Random test of potential
interactions.
Random test of potential
interactions.
© 2014 TASC, Inc. | Proprietary
10
UC Test RoEs (Cont’d) Services APL Ready Post APL
ASF
Full test.
Or incremental test/DTR if
based on previously tested
product.
Full test for new software
versions or significant IA-affecting
hardware changes.
Or incremental test/DTR if based
on previously tested product.
Non-ASF
(Affecting ASFs)
Partial test.
Full test of interaction of
features.
Or incremental test/DTR if
based on previously tested
product.
No test. Vendor LoC of
vendor tests of non-assured
services features meeting
brochure claims.
Partial test.
Full test of interaction of features
for new software versions or
significant IA-affecting hardware
changes.
Or incremental test/DTR if based
on previously tested product.
No test. Vendor LoC of vendor
tests of non-assured services
features meeting brochure claims.
Non-ASF
(Not affecting ASFs)
No test.
Vendor LoC of vendor
tests of features meeting
brochure claims.
No test.
Vendor LoC of vendor tests of
features meeting brochure claims.
© 2014 TASC, Inc. | Proprietary
11
Distributed Testing Background
UC services provide increased mission effectiveness to the warfighter.
UC integrates standards-based communication and collaboration services.
A distributed test concept must be implemented for affordable, responsive, and efficient certification.
A cooperative effort by all DoD Components is required to achieve Distributed Testing.
© 2014 TASC, Inc. | Proprietary
12
Distributed Testing Precepts
Products tested only once to gain APL status.
JITC shall be the interoperability certification authority.
DoD Component Labs are the primary test lab for B/C/P/S and tactical systems.
DISA serves as UC IA Certification authority.
DSAWG acts as mediator to resolve enterprise IA issues.
DAAs act as site IA accreditation authority.
Component Labs/JITC develop test plans.
Results provided to JITC in prescribed format.
Each lab has its own business model.
© 2014 TASC, Inc. | Proprietary
13
Distributed Testing Precepts (cont’d)
DoD Component sponsor required for each product.
DoD Components use their lab as first choice.
DoD Components shall only use alternative labs due to lab capability, resource, or schedule limitations.
‒ The sponsors or vendors shall reimburse alternative labs for costs associated with UC tests conducted.
UC certification Office (UCCO) shall manage the UC distributed test and certification processes:
‒ Schedule coordination, vendor orientation, test status monitoring, results posting, UC APL maintenance, and UC test requirements and results adjudication.
© 2014 TASC, Inc. | Proprietary
14
UC Successes
UC Fee for Service (FFS) ‒ Vendor payment for testing services
Testing Reductions ‒ Use of Letters of Compliance (LoCs) and Vendor Self
Assessment Report (SAR) to reduce testing time
‒ Use of Desk Top Reviews (DTRs) for products on APL
Distributed Testing Facilities to increase testing capacity ‒ Army Technology Integration Center (TIC), Fort Huachuca
‒ Air Force Telecommunication Systems Security Assessment Program (TSSAP), San Antonio
‒ Navy Space and Naval Warfare Systems Command (SPAWAR), St. Julian's Creek
© 2014 TASC, Inc. | Proprietary
15
FFS
Commercial Companies deliver products to DoD with certificate of Interoperability and Security
7
Unified Communications Requirements (UCR) supports established policy that commercial products must be on the APL in order to meet DoDIN requirements
Today commercial companies pay JITC to be evaluated against their UCR category, it is a manual evaluation
JITC is supporting DoD CIO and DISA Network Services (NS) to further delineate “standards” and automate the evaluation.
Expansion efforts will soon include Enterprise, Cyber tools/sensors as well as cloud services
12 August 2014
© 2014 TASC, Inc. | Proprietary
16
Testing Reduction Estimations
Test Day Reductions
Reduction of 69%
Total Testing Reduction (FY13)
© 2014 TASC, Inc. | Proprietary
Thank you For more information, contact
Gordon Bradley [email protected] (520) 538-5371
Or
Wayne Stark [email protected] (520) 538-4539
© 2014 TASC, Inc. | Proprietary
21
Acronym List ASF Assured Services Feature APL Approved Products List B/P/C/S Base/Post/Camp/Station CA Certification Authority CIO Chief Information Officer CJCSI Chairman of the Joint Chiefs of Staff
Instruction DAA Designated Approving Authority DCO Defense Collaboration Online DISA Defense Information Systems
Agency DISN Defense Information Systems
Network DODI DoD Instruction DSAWG Defense IA Security Working Group DTR Desk Top Review EI(s) End Instrument(s) GIG Global Information Grid IA Information Assurance IM Instant Messaging IO Interoperability IP Internet Protocol ISP Information Support Plan ISP Internet Service Provider JITC Joint Interoperability Test Command
LAN Local Area Network LoC Letter of Compliance MCEP Multi-Carrier Entry Point N-ASF Non- Assured Services Feature NetOps Network Operations PKI Public key Infrastructure PSTN Public Switched Telephone Network QoS Quality of Service RoEs Rules of Engagement SAR Self Assessment Report SBC Session Border Controller SC Session Controller SPAWAR Space and Naval Warfare Systems
Command SS Softswitch STEP Standardized Tactical Entry Point TIC Technology Integration Center TSSAP Telecommunication Systems
Security Assessment Program UC Unified Capabilities UCCO UC Certification Office UC MP UC Master Plan UCR UC Requirements UC TP UC Test Plan VVoIP Voice and Video over IP XMPP Extensible Messaging and Presence
Protocol