HQ NORTH AMERICAN AEROSPACE DEFENSE COMMAND NORAD REGULATION 700-1
HQ UNITED STATES SPACE COMMAND USSPACECOM REGULATION 700-1
Peterson Air Force Base, Colorado 80914-4100 21 June 1993

Communications-Computer Systems

COMMUNICATIONS-COMPUTER SYSTEMS REQUIREMENTS PROCESSING

This regulation prescribes policy, procedures, and responsibilities for documenting and processing requests for command, control, communications, and computer systems and/or services supporting North American Aerospace Defense Command (NORAD) and United States Spade Command. This regulation also
provides the authority for establishing a Communications-Computer Systems Requirements Board (CSRB) for NORAD and USSPACECOM to review, prioritize, validate, approve/disapprove, and suggest recommendations to support communications-computer systems requirements. It applies to HQ NORAD, HQ
USSPACECOM, United States Army Space Command (USARSPACE), Naval Space Command (NAVSPACECOM), and Air Force Space Command (AFSPACECOM).

1. REFERENCES:

1.1. CJCS Memorandum of policy No. 77, Requirements Generations System Policies and Procedures,
17 Sep 92.

1.2. DOD Directive 5000.1 Defense Acquisition Management Policies and Procedures, 23 Feb 91

1.3. DOD Directive 5000.2 Defense Acquisition Management Documentation and Reports

1.4. DOD Directive 7920.1 Life Cycle Management of Automated Information Systems (AIS)

1.5. DOD Directive 7920.2 Automated Information System (AIS) Life-Cycle Management Review and Milestone Approval Procedures.

1.6. Air Force Regulation 700-3, Communications-Computer Systems Requirements Processing, 30 November 1984.

1.7. NORAD/USSPACECOM Regulation 102-1, The NORAD/USSPACECOM Integrated Command and Control System (NUICCS) Mission Systems Integration Process, 11 March 1992.

1.8 Integrated Tactical Warning and Attack Assessment (TW/AA) configuration Control System Directive (CCSD) Volume I, Policy and Procedures, 16 September 1991,

2. SCOPE. Policies and procedures prescribed in this regulation apply to all NORAD/USSPACECOM communications-computer systems requirements.

3. TERMINOLOGY. See attachment 1.

4. POLICY.

4.1. NORAD/USSPACECOM focal point for all communications and computer systems (less functional intelligence productions system) is the Command Control Systems and Logistics (SPJ6) Directorate.

No. of Printed Pages: 13
OPR: SPJ6N (Maj Andy Anderson)
Approved by: Maj Gen Bracher
Distribution: F;X (Naval Space Command/VN17, Dahlgren VA 22448-5170 .........5
US Army Space Command, Peterson AFB CO 80914-5000 ............................. 5)

2 NR/UR 700-1 21 June 1993

4.2. The NORAD/USSPACECOM Communications-Computer Systems Requirements Board (CSRB), co-chaired by the NORAD Assistant Chief of Staff, USSPACECOM Assistant Chief of Staff, and USSPACECOM Vice Director, command Control systems and Logistics (SPJ6V), is established to review, prioritize, validate,
approve/disapprove, and suggest recommendations to support communications-computer systems requirements. Board membership includes senior (0-6 level) representatives from each directorate. The CSRB is the final arbiter of NORAD/USSPACECOM communications and computer systems requirements.

4.3. Communications and computer system requirements in support of operations shall be validated by NJ3 and/or SPJ3 before consideration by the CSRB.

4.4. The Communications-Computer Systems Requirements Working Group (CSRWG) is established to assist the CSRB to discharge its responsibilities outlined above. The CSRWG is chaired by the Deputy Director for NUICCS Policy, Architecture, and Integration (SPJ6N) or his designated representative.
Membership includes Communications-Computer Requirements Officers (CROS) from each directorate and special staff element.

4.5. All NORAD/USSPACECOM directorate and special staff elements will appoint a CRO, who will be the organization focal point for processing communications-computer requirements. CRO names will be submitted to the command focal point (SPJ6N). All communications and computer system requirements, including requests for changes, upgrades, modifications, reconfigurations, and new capabilities, will be submitted by the user to his
CRO.

4.6. The Communications-Computer Systems Requirements Document (CSRD) (AF Form 3215) is the primary means used by NORAD and USSPACECOM to document communications-computer systems requirements. An explanation of the CSRD and other applicable requirements documents follows:

4.6.1. CSRD. The user-completed CSRD describes the capability required, justifies the need, and serves as the validation and approval document for that need. A CSRD documents communication-computer systems requirements expected to cost less than $25 million in I year or less than $75 million
total and does not require research and development (R&D) funds (3600). In addition, a CSRD can serve as a source document for Air Force MAJCOM program elements (PE). Detailed instructions for completing AF Form 3215 are contained in attachment 2, including an example AF Form 3215.

4.6.2. System Development Notification (SDN). The SDN is the standard document used to propose changes to the Worldwide Military Command and Control System (WWMCCS). Additional information and SDN formats can be found in JCS Publication 19, Volume 1.

4.6.3. Mission Need Statement (MNS). A MNS is used to document a communications-computer systems requirement when funding exceeds thresholds for a CSRD or R&D funds are required. A MNS is also used for requirements meeting the CSRD funding threshold when the requirement impacts joint
interoperability or JCS influence is needed to obtain funds. Instructions for the writing and processing of MNSs can be found in the reference at paragraph 1.1. Any questions concerning MNSs should be addressed to HQ USSPACECOM, Deputy Director for Plans and Policy (J5I) or NORAD Deputy Director for Requirements (J5R). All further references to requirements in this regulation concern CSRDs and SDNS.

4.7. All communications and computer Systems requirements will be submitted through the CROs to the NORAD/USSPACECOM focal point, SPJ6N. SPJ6N will present the requirement to the NORAD/USSPACECOM CSRB or the CSRWG, or forward the requirement to the appropriate implementing agency, such as HQ AFSPACECOM
or the local base communications squadron, as appropriate. All communications and computer systems issues and requirements are considered and resolved using this approval process.

NR/UR 700-1 21 June 1993 3

5. RESPONSIBILITIES/PROCEDURES:

S.1. User. Prepares the CSRD, which must be a clear, concise description of the operational need in the format shown in Attachment 2. Submits the CSRD (or SDN) to his organization's CRO. Provides justification for sole source procurement, explanation of urgency, funding sources, and all pertinent
background material necessary to assist in properly evaluating and acting on the request.

5.2. Communications-Computer Requirements Officer.

5.2.1. Acts as the organizational focal point for all communications and computer systems requirements developed in assigned organization.

5.2.2. Reviews all CSRDs (or SDNS) submitted by users within his organization to ensure compliance with Attachment 2 and other appropriate governing directives.

5.2.3. Submits the requirement to the appropriate Integrated TW/AA Configuration Control Panel in accordance with the Integrated TW/AA Configuration Control System Directive (CCSD), Volume I, 16 September 1991., if the requirement identified in the document falls under the purview of the
Integrated TW/AA System. A CSRD returned from the appropriate ITW/AA board or panel should have a Universal Control Number (UCN) assigned as part of the Standard Change Form staffing and tracking procedures, ensuring ITW/AA System community involvement.

5.2.4. Forwards CSRDs (or SDNS) from his organization to SPJ6N.

5.2.4.1. For HQ NORAD/USSPACECOM work centers located in CMAFB, day-to-day, O&M requirements (administrative telephone requirements, etc.) may be submitted according to HQ AFSPACECOM and 21 SPW directives.

5.2.5. Maintains liaison with command focal point (SPJ6N) to track document status.

5.3. NORAD/USSPACECOM Deputy Director for NUICCS Policy, Architecture, and Integration (SPJ6N).

5.3.1. Trains CROs on the communication-computer systems requirements process.

5.3.2. Receives CSRDs (or SDNS) from CROs and reviews them for accuracy, urgency, etc.

5.3.3. Refers the requirement to the NORAD/USSPACECOM Integrated Command and Control System (NUICCS) Concept Review Subpanel in accordance with NUR 102-1 if the requirement meets the NUICCS Impact Criteria as outlined in NUR 102-1 and NORAD or USSPACECOM Command, Control, Communications, and Computer System Master Plan (C4SMP), Appendix H.

5.3.4. Forwards the CSRDs (or SDNS) to the appropriate agency to obtain a technical solution consistent with the need, and ensures interoperability and support ability issues are addressed. Figure 5.1 is a graphic depiction of normal CSRD processing. The routing and staffing may involve external NORAD/USSPACECOM activities, including supporting/component commands, base communications units, DISA, and other agencies required to be involved in the particular request:

5.3.4.1. If the requirement involves stand alone systems within HQ NORAD or USSPACECOM (see definition at attachment 1), the technical solution and implementation may be accomplished totally within HQ NORAD/USSPACECOM. In such cases, NORAD/USSPACECOM should coordinate with appropriate host agencies
to ensure proper support (e.g. maintenance, training, etc.) is available.

5.3.4.2. If the requirement affects either Cheyenne Mountain AFB or Peterson Air Force Base infrastructure, it is processed according to host base procedures.


NR/UR 700-1 21 June 1993

5.3.4.3. If the requirement affects locations outside the Peterson complex and does not involve Peterson AFB or CMAFB), SPJ6N submits it to HQ AFSPACECOM/SCXXR.

5.3.4.4. For requirements impacting more than one USSPACECOM component, SPJ6N assigns a "lead" component which processes the document and coordinates processing with other affected components. SPJ6N identifies to the "lead" component points of contact (POC) from the other affected USSPACECOM
components. The "lead" component has authority to task other component POCs as designated by SPJ6N to provide technical information on their portions of the technical solution. Any issues or problems encountered during requirements processing are elevated to SPJ6N for resolution.

5.3.5. Reviews technical solutions with the user for accuracy and ensures proposed solutions are compatible with USSPACECOM communications-computer architectures and are interoperable with existing and planned systems.

5.3.5.1. If the requirement meets the NUICCS Impact Criteria as outlined in NUR 102-1 and the C4SMP, Appendix H, SPJ6N refers the technical solution to the NUICCS Technical Review Subpanel in accordance with NUR 102-1.

5.3.6. Chairs the NORAD/USSPACECOM CSRWG.

5.3.7. Approves/disapproves CSRD requests up to $50K without formal CSWG or CSRB approval. Submits CSRDs exceeding $50K to CSWG or CSRB for validation/approval.

5.3.8. Tracks/maintains the status of each request submitted through SPJ6N until the requirement is satisfied. Provides regular CSRD status updates to Directorate/Special Staff CROS.

5.4. NORAD/USSPACECOM Communications-Computer Systems Requirements Board.

5.4.1. Ensures communications-computer systems requirements and funding profiles receive Command visibility.

5.4.2. Ensures compatibility, interoperability, and integration of communications and computer systems and identifies the resources to satisfy the requirements.

5.4.3. Approves/disapproves communications and computer system requirements involving funds between $500K and $1M. The CSRB will make approval recommendations to the NORAD or USSPACECOM Deputy Commander in chief for requirements involving $1M or more in NORAD/USSPACECOM funds. The co-chairmen
will schedule CSRB meetings as required. Additionally, the CSRB co-chairmen may choose to handle urgent requirements through normal staffing procedures.

5.5. Communications-Computer Systems Requirements Working Group will approve/disapprove requirements involving funds between $50K and $500K. The CSRWG chairman will schedule CSRWG meetings as required. Additionally, the CSRWG Chairperson may choose to handle urgent requirements through normal
staffing procedures.

5.6. NORAD/USSPACECOM Directors/staff:

5.6.1. Appoints CROs to be their organization's focal point for all communications-computer systems issues. These CROs will also be members of the CSRWG.

5.6.2. Identifies deficiencies/requirements in NORAD/USSPACECOM communications-computer capabilities. Documents any communications-computer deficiencies/requirements which meet the criteria of AFR 700-3 via a CSRD (or SDN). Submits all such documents through their own CROS, who will then
forward them to SPJ6N for processing.

6 NR/UR 700-1 21 June 1993

5.6.3. Develops appropriate concept of operations.

5.6.4. Reviews proposed solutions to ensure the solution Satisfies the identified deficiency/requirement.

5.6.5. Provides a voting member to NORAD/USSPACECOM CSRB.

5.7. HQ NORAD/USSPACECOM, Directorate of Manpower and Personnel (ii), resolves manpower problems associated with NORAD/USSPACECOM CSRDs.

5.8. NORAD responsible agencies and USSPACECOM component commands:

5.8.1. Ensure technical solutions, as defined in this regulation, are developed for approved/validated NORAD/USSPACECOM CSRDB (or SDNS).

5.8.2. Direct implementation of solutions for NORAD/USSPACECOM requirements by providing:

5.8.2.1. Funds.

5.8.2.2. Project management.

5.8.2.3. Systems engineering.

5.8.2.4. installation,

5.8.2.5. Test and evaluation.

5.8.2.6. Operation and maintenance.

5.8.3. Ensure appropriate CSRDs (or SDNS) affecting NORAD/USSPACECOM, regardless of their origin, are coordinated through SPJ6N.

5.8.4. Identify to the appropriate USSPACECOM staff element those communications-computer deficiencies that impact multiple USSPACECOM components. The USSPACECOM staff element is then responsible for documenting the deficiency in the appropriate document and forwarding it to SPJ6N for
processing.

OFFICIAL CHARLES A. HORNER
General, USAF
Commander in Chief

MICHAEL A. KLICH 2 Attachments
Lieutenant Colonel, USAF 1. Glossary of Terms
Director of Information Management 2. Instructions for Completing the
Communications-Computer Requirements
Document (CSRD) (AF Form 3215)

NR/UR 700-1 Attachment 1 21 June 1993 7

GLOSSARY OF TERMS

Al.1. Approval (of the technical solution). Approval signifies corporate agreement on the technical solution proposed to satisfy a validated requirement. For a solution to be approved it must: (a) satisfy the operational requirement, (b) be consistent with appropriate architectures, (c)
be technically sound and cost effective, (d) have the capability to be integrated into existing or planned communications-computer systems, (e) be logistically supportable, and (f) increase Mission effectiveness or increase efficiency of operations.

Al.2. Certification. The action of reviewing proposed technical solutions to communications-computer systems requirements to make sure they are consistent with appropriate architectures and can be integrated into the Integrated Tactical Warning/Attack Assessment System.

Al.3. Communications-Computer Requirements Board. The corporate body established at NORAD/USSPACECOM to validate communications-computer systems requirements and approve or disapprove technical solutions.

Al.4. Communications-Computer Requirements Officer (CRO). The focal point, within each NORAD/USSPACECOM Directorate, responsible for reviewing and processing all communications-computer requirements.

Al.5. Disapproval. The result of a corporate review by the CSRB which determines that either the requirement is not valid or the proposed technical solution is unacceptable.

Al.6. Integrated Tactical Warning and Attack Assessment (TW/AA) System. System to provide timely, reliable, comprehensive, and unambiguous warning, assessment, and characterization information about ballistic missile, space, and atmospheric attacks to the National Command Authorities (NCA), Unified and Specified (U&S) Commands, and other users, through all levels of conflict. The three mission areas, ballistic missile, space, and atmospheric, when combined together, make up the Integrated TW/AA System.

Al.7. Interoperability. The condition achieved among systems or items of communications-computer systems equipment when information or services can be exchanged directly and satisfactorily among the communications-computer systems and their users (,TCS Pub 1).

Al.8. NORAD/USSPACECOM Integrated Command and Control System (NUICCS). A system of command and control systems designed to work together to support all NORAD/USSPACECOM missions.

Al.9. Stand Alone System. A HQ NORAD/USSPACECOM Stand Alone System is any communications-computer system or equipment that does not interface or connect to other existing systems. A personal computer (PC) on a desktop is an example of a stand alone system. A Local Area Network (LAN) is a stand alone
system only if that LAN is isolated from other base infrastructure, such as the base cable plant.

Al.10. Technical Solution. A detailed description of the hardware, software, data, connectivity, logistics support, and other resources necessary to provide the most cost-effective solution to correct a deficiency or shortfall in mission capability. It includes the recommended acquisition method and
strategy, estimates of all one-time and recurring costs, identification of manpower requirements (additional or savings estimates), and a schedule of events.

Al.11. Validation (of the requirement). Validation represents corporate agreement with the need expressed in a requirements document (such as a communications-computer systems requirements document). To be valid, a requirement must: (a) provide a needed improvement in mission capability, (b)
comply with DOD doctrine, and (c) implement NORAD/USSPACECOM plans.

NR/UR 700-1 Attachment 2 21 June 1993

INSTRUCTIONS FOR COMPLETION(; THE COMMUNICATIONS-COMPUTER REQUIREMENTS
DOCUMENT (CSRI)) (AF Form 3215)

A2.1. General.

A2.1.1. only original AF Forms 3215 and electronically generated forms will be used. If an electronically generated AF Form 3215 is used, both sides of the form must be printed. A sample AF Form 3215 is at Fig A2.1.

A2.1-2. All forms must be typed or legibly printed.

A2.1.3. All forms must have the NSPJ6N's, or his designated representative's, signature in block 17.

A2.1.4. If any discrepancies are found, the AF Form 3215 will be returned for correction.

A2.2. How to complete AF form 3215.

A2.2.1. BLOCK 1: Leave Blank.

A2.2.2. BLOCK 2: Brief descriptive title of the requirement. Title must be unclassified.

A2.2.3. BLOCK 3: Originator. Enter name, office symbol, telephone number, stop number, and current date of action officer (AO) working the requirement. This AO must be knowledgeable of the CSRD, since he or she will be the primary point of contact for information pertaining to the requirement.

A2.2.4. BLOCK 4: Indicate the priority (Urgent or Routine). Since NSPJ6N will process the requirement as quickly as possible regardless of the priority, make the priority realistic. Selection in this block must be consistent with entries in blocks 5 and 11. Most requirements are Routine;
Urgent requirements should have major impact on the NORAD or USSPACECOM mission. An urgent CSRD should have either "A' or "El entered in block 11 and "ROD" circled in block 5.

A2.2.5. BLOCK 5: Indicate Required Operational Date (ROD) or Proposed Operational Date (POD) by circling one and specifying a realistic month and a year. Do not enter "ASAP" as the date. Telephone installations, moves, etc., at Peterson AFB are performed by a contractor. The contract allows 10
working days to complete a routine requirement from the date the contractor receives the work order from 21 CS/XPC (721 CS) (not from the date 21 CS receives the requirement). Do not assume the requirement will be completed in less than three weeks from the date 21 CS/XP (721 CS) receives it.

A2.2.5.1. ROD indicates a Required Operational Date. A ROD is based on a specific need, such as a JCS directive or weapons system activation. Specific justification must be shown to prove that the mission will fail or serious mission degradation will occur if the ROD is not met. Routine requirements
will not have a ROD. Requirements with a ROD will be processed through the base communications-Computer Systems Requirements Board (CSRB) and the MAJCOM CSRB for ROD validation. This can take as long as six months. Once the ROD is validated, the CSRD is returned to NSPJ6N who will process the requirement as needed.

A2.2.5.2. POD indicates a Proposed Operational Date. If this date is not met, the mission can still be accomplished but efficiency in performing daily tasks will be hampered.


10 NR/UR 700-1 Attachment 2 21 June 1993

A2.2.6. BLOCK 6: Indicate whether your requirement will be used to process classified information or not by marking 'yes' or "no." If "yes" is Marked, a Security Assessment must be completed IAW AFR 700-3/s Sup 1, Atch 12. Instructions for completion of the security attachment are included at the end
of this attachment.

A2.2.7. BLOCK 7: Indicate whether or not the requirement will be used to process sensitive unclassified information by marking "yes" or 'no." Data subject to the Privacy Act is considered sensitive unclassified. If block is marked "Yes," then requester must confirm compliance with AFR 12-35, Privacy Act Systems of Records; APR 56-1, (S) Signal Security Policy (U); AFR 205-16,
Automatic Data Processing (ADP) Security Policy, Procedures, and Responsibilities; and AFR 70010, Information Systems security (FOUO).

A2.2.8. BLOCK 8: Leave blank.

A2.2.9. BLOCK 9: Describe the requirement in a narrative form. If entire narrative will not fit in space provided on the form, continue narrative on an attached sheet of paper. Do not put "See Attached" in block 9 and then type the entire narrative on an attached sheet. Use block 9 before continuing on an attached sheet. Avoid specifying brand names or model numbers in this block.
Block 9 must provide sufficient information to indicate clearly what capability is required rather than a specific technical solution. Provide necessary criteria, performance parameters, and assumptions to be used to meet stated need. Also indicate required interfaces with other communications-
computer systems and any maintenance requirements. State TEMPEST, high altitude electromagnetic pulse (HEMP), nuclear, biological, and chemical (NBC), and any other survivability and security requirements for the system. If there is a recommended solution to the requirement, document the solution
on a separate sheet of paper and attach it to the CSRD.

A2.2.9.1. For telephone requirements, please indicate building number, room number, and jack number (if known). Include a simple drawing identifying placement of the telephones, which will assist in expediting the request.

A2.2.9.2. For computer requirements, indicate what capabilities the computer must meet. Statte software requirements in the form of what the software must do. Do not ask for WordStar or DBASE III+. Request a software package for word processing or data base management system instead. Brand names may be specified on a separate sheet of paper attached to the AF Form 3215.

A2.2.10. Block 10: Justify the requirement in terms of operational impact and cost, productivity and manpower impacts, wartime capability, mission placement of the telephones, which will assist in expediting the request.

A2.2.9.2. For computer requirements, indicate what capabilities the computer must meet. State software requirements in the form of what the software must essential need, safety, security, quality of life, etc. If a ROD has been indicated in block 5, then specific justification must be stated in this block.

A2.2.11. Block 11; Describe impact to the NORAD or USSPACECOM mission if the requirement is not fulfilled. Also assess and assign one of the mission impact codes, described below, in the box provided.

A2.2.11.1. Mission Failure. Failure to implement the requirement will result in the inability to perform the NORAD/USSPACECOM mission. (Block 4 must be marked URGENT and block 5 must indicate a ROD to use this code.)

A2.2.11.2. Serious Mission Degradation. Disapproval will allow continued accomplishment of the NORAD/USSPACECOM mission, but will reduce efficiency.

A2.2.11.3. Mission Impact. Disapproval will cause some degradation but will still allow mission completion.

NR/UR 700-1 Attachment 2 21 June 1993 11

A2.2.12. BLOCK 12: For occupants of Bldg 1, use this block for coordination of the building manager.

A2.2.13. BLOCK 13: For occupants of Bldg 1470, use this block for building manager coordination if the requirement impacts building electricity or air conditioning systems.

A2.2.14. BLOCKS 14 through 15: Leave blank.

A2.2.15. BLOCK 16; Name, office symbol, and phone number of the NORAD/USSPACECOM organization Communications-Computer Requirements officer (CRO). For telephone requirements, also include the name, office symbol, and phone number of the Telephone Control officer (TCO) in this block, with his
signature of coordination in accordance with AFR 700-8, VOL, Para 1-19.

A2.2.16. BLOCK 17: Leave blank. This block will be signed by the NSPJ6N representative.

A2.2.17. BLOCKS 18 through 44: Leave blank.

A2.3. How to complete Computer Security Assessment.

A2.3.1. HQ AFSPACECOM, Directorate of Systems Security (AFSPACECOM/SCXS) requires detailed security information on every CSRD associated with computer equipment. This information is required even if CSRD does not contain computer equipment requirements but does establish or maintain a communications path between two or more computers or networks.

A2.3.2. General Information. Figure A2.2 is a sample Computer Security Assessment. Refer to it when reviewing these instructions. Answer questions to the fullest extent possible. f some of the information is not known, so state.

A2.3.3. ITEM 1. The maximum classification and sensitivity of information to be processed on the entire system, not just new components being added to the system. The sensitivity levels are SL-I, SL-11, SL-III, as defined by AFR 205-
16.

A2.3.4. ITEM 2. The minimum user clearance of individuals accessing the information. A user is defined as an individual with a direct connection to the system and also an individual without direct connection who receives output or generates input not reliably reviewed for classification by a
responsible individual.

A2.3.5. ITEM 3. Whether or not there will be any uncleared users and, if so, whether they are government employees (military and government civilians) or civilians.

A2.3.6. ITEM 4. The identification of every category of data to be processed by or stored in the system and whether or not any system user (as defined above) is restricted in accessing any category. Examples of categories are FOUO, LIMDIS, NOCONTRACT, NOFORN, ORCON, PRIVACY ACT, PROPIN, SCI, SIOP, SIOP-ESI, and US PERSONNEL ONLY.

A2.3.7. ITEM 5. Whether or not any portion of the system will be developed or maintained by people who do not have sufficient security clearances or do not use acceptable configuration management practices. Nearly every commercially marketed computer system has developers who lack either security
clearances or configuration management practices commensurate with the processing of classified information.

A2.3.8. ITEM 6. Security modes are defined on fig.A2.2.

A2.3.9. ITEM 7. The criticality of the system to the USSPACECOM mission. This is either CF-I, CF-II, or CF-III, as defined by AFR 205-16. Also state whether the mission supported by the system could be adequately carried out if use of the system were degraded or made impossible.

A2.3.10. ITEM 8. The physical location of the system.

12 NR/UR 700-1 Attachment 2 21 June 1993

1. Maximum data classification within the system:______________

2. Minimum user clearance:_______________

3. Uncleared users (Circle One): Y N

4. Categories(1):____________________________________________________________

_______________________________________________________________________

5. Operating system written by uncleared individuals: Y N

if yes and software is commercially produced - go to item 6

else indicate provider:___________________________________

6. Security mode of operation(2):

Dedicated System High Partitioned Multilevel

7. Critically factor(3):__________

8. System Location:___________________________________________________

9. Network: Y N

10. If yes:

a. Network name:___________

b. Proposed system:___________

c. Owner of data and equipment:_________________________

d. Maintenance performed by cleared individuals: Y N

e. Software development Y N

f. Operating agency:________________________

NOTES:

1. CATEGORIES: NOFORN, PRIVACY ACT, FOUO, CONTACTOR SENSITIVE etc.

2. SECURITY MODES:
DEDICATED: A computer system processes information exclusively used & controlled by a user or group of users having a security clearance and need-to-know for all information in the system.
SYSTEM HIGH: Users with access much have a security clearance for the highest category of
information, but some users may not have the need-to-know for all information in the system.
PARTITIONED: Not all personnel have the clearance and need-to-know for all information
handled by the system.
MULTILEVEL: The operating system provides the capability to permit various categories of
classified and unclassified information to be concurrently stored and processed.

3. Ref AFR 205-16, para 12-3 and table 12-1: When determining System Criticality locate the HIGHEST
organizational level supported by the system where denial of use could affect the mission, then determine the block describing the greatest effect on human life. The Criticality Factor (CF) will be the lower number of the two CFs.

Figure A2.2. Sample Computer Security Assessment.

NR/UR 700-1 Attachment 2 21 June 1993 13

A2,3.11. ITEM 9. Will the computer be connected to a network?

A2.3.12. ITEM 10. If the system will be connected to a network, then answer:

A2.3.12.1. Name of network (e.g. NORADLAN, USSPACECOM Secure LAN).

A2.3.12.2. Manufacturer, model (such as, 3084, 100/72, PC-AT, Z-248, Intel 80287), and type (for example, mainframe, minicomputer, microcomputer, microprocessor chip) of each computer and network involved in or affected by the requirement. This information is required regardless of the size or use of each computer or network; it applies equally to large systems, office systems, word processors, and computers embedded in other equipment or weapon systems, such as communications multiplexes, aircraft, and satellites. This information is required even it the requirements document itself contains no
computer but does establish or maintain a communications path between two or more computers or networks.

A2.3.12.3. The owner(s) and maintainer(s) of the data, software, firmware, and hardware in the system.

A2.3.12.4. Does the equipment maintainer have a security clearance?

A2.3.12.5. Will DoD or a contractor develop unique software application to be used on this network?

A2.3.12.6. Who operates the system/network?