Title: Page 1 of 18
1US Army Information Systems Engineering Command
Product Certification and the I3MP
Program LandWarNet Conference
19 August 2008
Robert M. Wellborn I3MP Engineering Team Lead US
Army Information Systems Engineering Command
2Purpose
Discuss the rationale and methodology to get
products on the DoD Unified Capabilities Approved
Products List (UC APL), the Army Information
Assurance APL (IAAPL) and the I3MP Recommended
Products List (I3MP RPL) for use on PM NSC
Procurements
3Todays Non-Converged Network
4All Services One Network
Single/Converged Network Providing Service
Delivery of Numerous Segregated Services and COINs
Regional Data Centers Provide logically
segregated users based on Authentication
required Services
VoIP IPv6 Enabled
Distribution Console with Failover
Trusted Gateway CDS
NIPR
Citrix Server / Terminal Server (Application
Servers)
5IMOD Solicitation Requirements
- PM NSC IMOD solicitations require products from
the current JITC Approved Products List (JITC
APL) now known as the Unified Capabilities APL
(UC APL). - PM NSC IMOD solicitations require IA products to
be on US Army Information Assurance Approved
Products List (IAAPL). - Performance evaluation and recommendation by
ISEC, to the I3MP RPL, is not mandatory but
generally required for products proposed in most
IMOD solicitations.
6Current Product Procurement Zones
Procure from 3 Separate Product Lists
Combined Procurement zone
IAAPL
I3MP RPL
7Interim Product Procurement Zones
Utilized starting in FY09-FY10 if performance
requirements are incorporated into the UCR 2008
8End State
Requirements to establish a single APL could be
included in the UCR as early as 2012
UC APL
Future Product Procurement Zone
9UC APL Characteristics
- DoD Certification Requirements
- One Process
- Multiple DoD Test Facilities
- All devices providing RTS services
- All layers of the OSI model
- Based on the UCR
10Current JITC Certication Characteristics
- DoDI 8100.3 requires use of APL products
- DoD Sponsorship Required
- Vendor funded (CRADA)
- JITC conducts IA IO testing of products for
inclusion on the UC APL under different
certification categories such as a SMEO, MFSS
ASLAN - No current APL category for DWDM products
- JITC is capable of testing wireless products
- JITC does not test all aspects of product
performance - One Configuration One Test One APL
11Current IAAPL Certication Characteristics
- DoD 8500.2 Requirement
- DoD Sponsor not Required
- Vendor Funded
- OIAC intent is to add IAAPL Categories that
apply to I3MP Core, Distribution and Access layer
products in FY09 - FIPS 140-2 certification is conducted by NIST
- IPv6 validation is conducted through JITC UC APL
testing - NIAP/CC certifications are conducted at numerous
certified test facilities worldwide - Submit Request for addition to IAAPL to OIAC
- Approved products forwarded to PM CHESS
12Current TIC Evaluation Characteristics
- Army or Vendor Sponsored/Funded
- TIC tests products and capabilities not covered
by current UCR - TIC tests to customer (e.g., I3MP) requirements,
DISR standards, DoDDs, DoDIs, NETOPS
requirements, STIGs, ARs and Army BBPs - TIC tests to DoD IA Standards
- TIC tests to DoD IO Standards when requested by
the Vendor, PM NSC or the JITC - TIC conducts Wireless testing
- TIC conducts IPv6 testing on behalf of the JITC
- TIC can conduct performance testing at other
facilities - One Configuration One Test
13Test Sponsorship
Vendor or Integrator recommends product for
testing
Theater SSE
PM NSC/Theater PdM/TMD
Technical Advisory Group Evaluates product for
potential testing
Not recommended
Recommend Testing
Recommended
Test Sponsorship Team determines test location
cost Test rationale cost sent to PM NSC for
decision
PM NSC/Theater PdM/TMD
Legend
Not approved
Approve Testing
Approved
- ISEC
Test Sponsorship Team Sponsors Test
- PM NSC
14UC APL Product Certification Process
Interoperability Certification
Information Assurance Certification
IA Product Testing
JIC Product Testing
Both Certifications Required For PlacementOn
Approved Products List
DISN DAA Validation
Joint Staff Validation
APL
15JITC APL Process Timeline
Initial Submittal
5 mos
2 mos
4 mos
6 mos
3 mos
1 mo
APL Memorandum Released, product added to the APL
ICM
- Test Diagram (SUT)
- STIG Questionnaire
- White papers, diagrams, manuals, etc
Note The above timeline assumes a 2 month
availability from new test request
Initial Contact Meeting Identifies what STIGs
will be required for the Self- Assessment
16Army IAAPL Process Timeline
New Product or Software Release
18 mos
24 mos
6 mos
12 mos
FIPS 140-2
NIAP/CC
IA Testing
Networthiness
JITC UC APL Testing
FOCI Evaluation
17Product Certification Testing Forum
- In cooperation with several product vendors, OSD
NII has agreed to host a Government/Industry
Product Certification Testing Forum to identify
process improvements that would allow DoD to
field new products faster and reduce overall
testing costs. The event will be called the
Unified Capabilities and Certification Working
Group. OSD NII will send out invitations to the
services as well as COTS product vendors inviting
them to participate in this Working Group. - The timeframe is tentatively scheduled for 5-6
Nov in the DC area.
18Points of Contact
- PM NSC
- - Rob Wellborn, robert-wellborn_at_us.army.mil,
I3MP TAG Chair - PdM DCS-CONUS
- - Tony Moles (Signal Solutions, LLC),
tony-moles_at_us.army.mil, Senior Systems Engineer
East - - Cary Russian, cary.russian_at_us.army.mil, Senior
Systems Engineer - West - PdM DCS-Europe
- - Jimmie Morris, jimmie.morris_at_us.army.mil,
Senior Systems Engineer - PdM DCS-Pacific
- - Dave Rogers, david.rogers6_at_us.army.mil, Senior
Systems Engineer,