In the past, distributed responsibilities for the management of tactical SIGINT resources have resulted in disconnects in architectures, redundancies in investments and capabilities, and interoperability problems among tactical systems, and between tactical and national systems. To address these shortfalls, in March of 1995, the Deputy Secretary of Defense (DepSecDef) directed the Director, NSA (DIRNSA) to provide more comprehensive management of all tactical SIGINT investment programs, which include RDT&E and procurement initiatives. The DIRNSA, as technical oversight authority, is directed to ensure:
To accomplish this directive, the DIRNSA appointed the Tactical SIGINT Program Office (TSPO) as the lead NSA organization to provide the assistance and guidance outlined above to the Services and the Department.
The DepSecDef memorandum establishing TSPO’s technical oversight authority provides that NSA will be an approval authority for all Service and USSOCOM tactical SIGINT investment programs. The authority vested in NSA is to ensure interoperability, connectivity, and modernization encompassing all aspects of tactical SIGINT programs to include: requirements, planning, programming, budgeting, and the acquisition process. Tactical SIGINT standards and protocols are identified and developed as an enabling mechanism to accomplish these goals. In its technical oversight responsibilities and as an approval authority for tactical SIGINT programs, NSA will certify that tactical SIGINT programs comply with identified standards and meet the SIGINT community requirements for interoperability, connectivity, and modernization. The verification of compliance with established tactical SIGINT standards is the primary enabler in meeting these goals. However, compliance with standards in and of themselves does not guarantee that interoperability, connectivity, and modernization requirements will be satisfied. Therefore, the TSPO will participate in all aspects of tactical systems development.
The Defense Airborne Reconnaissance Office (DARO) is responsible for the management and oversight of the development and acquisition of all joint military department and defense-wide airborne reconnaissance capabilities. DARO has identified the Joint Airborne SIGINT Architecture (JASA) as the blueprint for developing open Airborne SIGINT systems that are flexible and scalable.
The JASA Standards Working Group (JSWG) was established by DARO and NSA. It is responsible for identifying the standards and protocols necessary for implementation of the JASA and oversees the selection and development of standards to be included in the JASA Standards Handbook (JSH). This DARO-sponsored JASA standards activity is a subset of the overall responsibility assigned to NSA in its role as technical oversight authority.
To fulfill the responsibilities for Compliance and Verification (C&V), NSA/TSPO will apply the developed C&V process to ensure interoperability, connectivity, and modernization as directed by the DepSecDef. While the processes used to evaluate, resolve issues, and certify tactical SIGINT systems are closely related to the identification and development of standards, the TSPO certification authority does not make changes to the JSH as part of the process. Identification and publication of JASA standards and the JSH remains the responsibility of the JSWG. However, through close coordination with the JSWG, the TSPO will work to identify certification issues that are related to standards and provide recommendations.
The following section provides a description of the NSA/TSPO C&V process. This process will be applied for compliance and verification of standards published in the JSH.
2.1 Introduction, Background, and Purpose
The purpose of the C&V process is to support the management of tactical SIGINT developments and upgrades and to ensure interoperability, connectivity, and modernization. Standards for tactical SIGINT systems identified in the JSH (or a future Tactical SIGINT Standards Handbook) are mechanisms for enabling interoperability, connectivity, and modernization, but do not in and of themselves ensure this goal. The C&V process is designed to be flexible. It is applicable to standard and non-standard acquisitions (e.g., QRC, evolutionary, and "in-house" developments). It verifies compliance with identified standards and other program requirements. Through the TSPO, NSA will assist the Program Managers achieve certification by:
The goal is to balance potential impacts on a specific program against potential gains to the entire tactical SIGINT community. The key is the early identification of compliance issues and solutions to permit the Program Managers to accommodate adjustments efficiently and inexpensively, thus reducing impacts to the program while maximizing the utility of their efforts for the entire tactical SIGINT community.
2.2 Process Overview
2.2.1 General
The C&V process provides a mechanism for NSA to work within the established system acquisition process and with the users in the development of tactical SIGINT systems. NSA will certify tactical SIGINT systems in accordance with TSPO’s charter to provide comprehensive management of tactical SIGINT programs. The process is designed to provide for NSA participation and assistance in tactical SIGINT programs from the initial concept definition through operational test and evaluation. The process can be tailored for different programs depending on NSA’s overall involvement in the acquisition process, the point in the acquisition schedule where NSA begins participation, the type of acquisition, and the resources available. While all tactical SIGINT programs fall under this requirement, determination of the requisite NSA certification milestones will be based on a case by case evaluation of:
The C&V certification process supplements the acquisition process. It is designed to be participative and supportive in nature throughout the total acquisition process and is not to be a final "NSA test" upon program completion. It also offers NSA the opportunity to provide supporting inputs of technological solutions and to act as a "clearing-house" for previously proven and developing capabilities. Ideally, NSA will be engaged early in the development of the mission need statement and capstone requirements documentation, working with the users in the evaluation and certification of requirements with the goal of identifying methods of enhancing interoperability, connectivity, and modernization in support of current and future tactical SIGINT requirements. NSA involvement continues throughout the design and T&E phases of an acquisition, working with the acquisition agent in evaluating and certifying the design and eventual performance of a system to standards and providing recommendations regarding interoperability, connectivity, and modernization. The process provides for the TSPO, as NSA executing activity, to receive inputs from all relevant stakeholders in a particular acquisition to ensure that informed decisions regarding the certification of a system are made.
The basic activities of the C&V certification process include:
These activities will be organized and managed as a C&V plan by TSPO. The primary objective of the C&V plan is to work the required activities within the framework and schedule of the acquisition activity. This includes participation in C&V team activities, C&V board actions, evaluations and analysis, and test planning and support.
The following sections provide definitions of the specific outcomes of the certification process and a brief discussion of each of the basic activities listed above.
2.2.2 Process Outcomes
The three potential outcomes of the C&V certification process are:
Certify: NSA confirmation that a system’s requirements, design, and performance comply with appropriate standards and meet or support interoperability, connectivity, and modernization requirements. Certifications may include:
Exceptions: areas of non-compliance that do not impact adversely on the tactical SIGINT community
Deviations: areas of non-compliance where a standard and/or interoperability, connectivity, and modernization requirement seems inappropriate
waiver: System does not comply with appropriate standards and/or fails to meet or support interoperability, connectivity, and modernization requirements, but the acquiring agent’s plan (schedule and budget) to attain compliance is acceptable. In this case, a system must be certified before waiver expires.
non-certify: System does not comply with appropriate standards and/or fails to meet or support interoperability, connectivity, and modernization requirements, and there is no acceptable plan to attain compliance.
2.2.3 C&V Team
The purpose of the C&V team is to provide an integrated working team with representation from the key stakeholders of a particular acquisition. The team will support the identification of formal certification milestones, standards profile development, evaluation and analysis of information and performance data, and test planning support. To the maximum extent possible, the team shall be integrated as closely as possible with the other ongoing program Integrated Product Team(s’) (IPT) activities of the participating stakeholders. In general, the team’s composition will consist of:
TSPO will lead, coordinate, and manage the C&V team’s activities.
2.2.4 C&V Advisory Board
The C&V advisory board is functionally different from the C&V team, although its members may be participating in both activities. It is composed of representatives from NSA, the acquisition agent, the user community, platforms, and other stakeholders or outside expertise as deemed appropriate. The purpose of the advisory board is to represent specific technical and programmatic stake holder interests on issues requiring resolution, and provide the Chief, TSPO with the information needed to make an informed decision. It is the responsibility and authority of the Chief, TSPO to certify, waiver, or non-certify a system.
2.2.5 Formal Certification Milestones
One of the initial actions of the C&V team will be to determine the specific formal certification milestones during the acquisition. These will vary from program to program, but in general they should be a representative view of requirements, design, and performance. NSA’s role in the selection of the formal certification milestones will be to ensure that the requisite standards and the interoperability, connectivity, and modernization requirements are evaluated and verified. Specific criteria will be identified and/or developed defining the metrics required for certification for of each of the formal certification milestones. These metrics should be as closely aligned with specific contractual requirements for documentation and acceptance performance criteria as possible, to minimize any potential impact on the acquisition’s schedule or budget, or acquiring agent’s resources.
2.2.6 Standards Profile and Methods of Verification
The standards profile and identification of methods of verification, results in a program-specific C&V matrix documenting the requirements for NSA certification of a system. The development of the standards profile is accomplished by the C&V team and consists of the following steps:
2.2.7 Evaluations, Compliance Resolution, and Certification
Throughout the total C&V process, there will be evaluations and analyses of documentation and test data. These evaluations will support formal certification milestones as selected by the C&V team, and as part of recommendations to be provided to the acquisition agent regarding technology and potential compliance issues. The results of these evaluations and analyses will result in one of the following:
There will be a formalized compliance resolution process for C&V issues. The emphasis will be to resolve issues at the lowest possible level so that TSPO can provide NSA certification. The C&V advisory board also provides inputs to the Chief, TSPO on these specific issues. The compliance resolution process provides for the elevation of issues that cannot be resolved at the working level to an additional two levels before issuing a "non-certify". These levels are:
The goal is to identify any potential issues early and to conduct the necessary evaluations and analysis to reach a mutually acceptable agreement enabling certification. This process formalizes roles and responsibilities to accomplish that goal.
ACRONYM LIST
ADDO (MS) Associate Deputy Director of Operations/Military Support
C&V Compliance and Verification
DARO Defense Airborne Reconnaissance Office
DepSecDef Deputy Secretary of Defense
DIRNSA Director, National Security Agency
DoD Department of Defense
DODD DoD Directive
DoDI DoD Instruction
ICM Interoperability, Connectivity and Modernization
IPT Integrated Product Team
JASA Joint Airborne SIGINT Architecture
JSH JASA Standards Handbook
JSWG JASA Standards Working Group
NSA National Security Agency
PEO Program Executive Office
PM Program Manager
QRC Quick Reaction Capability
RDT&E Research, Development, Test and Evaluation
SIGINT Signals Intelligence
TSPO Tactical SIGINT Program Office
TSWG Tactical Standards Working Group
USSOCOM U.S. Special Operations Command