5 ?:;CJ
AO
t
•
on •
Guide o evie g
Info a ·o anagement and
hno ogy ues the
Fede (;ovenunent
Preface
run electromcall u in
n of n 1hous nds ·Of
n emen1 d Bud ct (0 , 18) cslimaie
taons "'ti~ h ndlcd electronic Uy.
l f tor in chic in efficient d
De clop1n
h en
G 0 er. LI Pref c
Second. OAO must use cons1 Lent d. di 1plin appro h for condu.ct1n au1om11ed
inform 11on y tcm hfe cle (AlSLC) re e . O 0 ' ~thodology upon Its
ollect1\C inform uon s stem udit e pcnen e n a useful. dijCiplinecl nd
pro h for identJf)' in udit pro ms to dte them.
l bfahin
hip
cialists of dh•erse b karounds. It is also seful for
on sy terns analys'ts
eamen
The m~th olo y pnp d under e directaon of llliam S. Franklin. Di tor,
Infonn uon Sy terns ethodology _n Support, ho can be reach d 11 02) 512-6408.
Oene L Oodaro
i t nt Compuoller Gene
ccounun1 nd lnfonnalion M em nt 01 · ion
ii GAO SAF er. 1.1
Major Contributor o this PubllcaUon
c ounf n nd Inform ti on . I n .. tmen t Divislont
\ hin ton,
nt 01.rtttor
nager
c no I dgmen
G 0 SAf er. 1.1 Maj<X Contributon
Table of Contents
Pre·f act . • •....... ...... . . . . . . . . . . .. ......•. ......... · . · · · · · · · · · ·
. I jor ont uto co t ubllt ,, oo . . . . . . . . . . . . . . . . . . . . . . • . . . . . . . . . . . iii
................................ ....... ..... ........... . ... . iY
0 \'tr\'lt .. .. . .... .. . .. . .. .. ... . .. .... .. .. .. .. ... .. .. .. .. .. .. .... 1
Pl nnl c
C n ent o e Pl n1n Ph~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • . . . . . . . . . :S
1.0 e Pl ning Ph . ....... ...... .. . .. ... •.. .. .. .. . .. .. .. .. .. ... . 7
1. 1 Sttateg rRM Planning . . . • . . . • . . . .. .. .... ................... 13
1.1.l S<:ope, Definition, d Or _t'on Segment • . . . . . . . . . . . . . . . . . IS
1.1. Sutu nd OpportUnity ses nt Se me t . • • . . . . • • . . • • • . • . • 1
1.1.J 1RJ.o St . tegy Segment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
I- Pro m-Le el lRM Plannin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • . . • 33
I .l Scope. Definition. n.d Or ani ti Seament . . . . . . • . . . . . . . . . . . JS
Status nd Opportunity s ment Se nt . . . . . . . . . . . . . . . . . . l
.2.3 l S te Segment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
onc:tpt
Conten1 . of e Co cept Ph . . . . . . . . . . . . •. . . . . . . •. . ••. . . . . . . . . . . . . . . . I
_,o The Con ep .Phil.Se . . . . . . • . . . • . . . . . . . . . . • . . . . . . . . . . . • . . . • . . . . • • . .S3
- · l Con ept n ProJCCl lnni ·on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . SS
2. l Project lniti tion Se nt . • . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S9
-· ' ·2 Project Definuion nd Scope Segment . . . . . . • . . . . . . . . . . . . . • . . 63
_.I .3 ork Plan. Slalid ds, d PrQ ea Orpniz.ation Se t •.. •. ••. • 69
_.I..J ppro I Se t • • •••• •. •. •• •• •• •• 7l
T le of Conre 01 C 0 SAF ,,.er. I.I
~·clopment,nd Dtplo ment
ntcnt of the De 1 n, De elopmcnl, nd De lo rncnt Pha c .
c S 1cm Design. De ·clopmcnt nd Ocplo mcnt . h c ....•
. l ltcf311\'C De i n. De clo m nt and Dcplo ment . . . . . . . . . . . .
I .I ecds Jdcnr1 1c uon an De 1gn c menr ....•..•....
. l... S · tcm Dc clo mcnt nd .~ployment Segment . . . . . . .
.1.3 Re\ icw Sc ment . . . . . . . . . . . . . . ............ .
Custom Dt 1 n. De clopme , n Deployment . . . . . . . . . . I
.2, I • ccds ldcntific uon Segment . . . . . . . • . . . . . . . . . . . . . I07
2.2 S tern Dtst Se mcnt . . . . . . . . ......... .. I IS
3.2.3 Sy tem De clo men t nd Deployment Sc m nl . . • • • . • . • . • . • . • • 121
nl • • . • • • . • • • • • • • ••
•:? S Lem • :1 intent ce . . . . . . . . . . . . . . .. ..... .... .. .... . l 9
4. . I tcm Con 11 ration n gcmcnt Scgrnt:nt . . . . . . . . . . . . . . . . . . I
4.2. S tern Modi 1c11.tion Segment . .. . .. . . . .. . . . .. •.. 1.5
• ·I
B·I
C·I
D·I
·I
lo ry . •... .. . .. ... .•........ . ... •. .. ... . . ... .•.. .. .. .• • •. G-1
Work he · ·I
[nde ........• . ............•...••.... .........................•. 1-1
GAO S F er. I.I T blc of Content
Abbrevlatrons
DP
A.I
\I LC )'CIC
. PR
D
C SE
coco. 0
COT
DOD
OP uthority
0 0
G.1
GS
fG
lOC
I
10
I V
Q , IB
PER
Q
RFP
ROC
F
CE
iaUOll G 0 SAF vcr. I.I
Overview
th the eli ery all the
nd
Th tem
Oo emment
m ny
r lfe c de p
G 0 S F "er. 1.1 0 erve
1 nmn Ph
Conccp1 Ph c
G 0 S F \Cf. I.I
:r cm De 1 n. c clopmtnt, nd Oeplo mcnt Phue
cm desi n. C\clopmenr. and
th t n be l en, ( I ttcra1ive e.sign.
ploymcn1. third
S 1em Ope uon and M inicnancc Ph
During 1h1 ph c. u rs frequently cb lC their funetfoll.l.l ope tion I re uiremen nLil
1he olu c 1e of ch nge becomes so e ensiv lhu a ne pl'Qgrarn or m ~or
modcm1z uon initi ti e is requi~•
r nl llon ot tbf • f ethodo 017
G OS 'U . I.I 3 0 ervi
ntull
SLC
uldtl n
0 en. te -G 0 SAF er. . I
f e Planning Ph
nl 1
c Plannm Ph
. . .................. ............ . . 5
................•.....•... ..... .•. ....•.... 7
I.I 1 cc 1 IR t Pl nn n . . . . • . • • . . • . . . . ..•.•.••..•....•• ..•..•....
I . I. I
IS
• . • . • . . • . . • . • . • . . . • . . • • IS
1
l6
nt 16
ent ...•.......... 17
cnl .............. 17
• • • • 17 • e • • ,. • I • e • 9 • • o • •
I
d m Thi Seim nt .. . .. . l
I. l
1
21
... 1
egmcn1 . • . 2
l •••••• •A!l!f
..............
. . . ,. ............. .. . "
in tlus Se nt ..... .
1.1.
nt • • • • • • • • e • e e II • • • • o 4 e • • • • e e e e • • • e • e e • • t e
GOS er. 1.1 Pl nn n
1~ P nm·Levcl l Pl nn ng . . . . . . • . . . • . • . . . • . . . . . . . . . . . . . • . • . . . . . 33
I . ~ .L . ' ...•.. .....•........ 35
s
35
3
36
36
37
9
I . ·-
nt •.•.•••••....•..•..•...••...
pe De ·cl in Thi e nt •.••. .
1.2.
In IS l ..... .
Pl nni n G OS er. I.I
1.0 The Pla·nnlng · hase
Phases of t e System ife Cycle
Phase 1 P ase 2 Pha e3
System
D in
Planning Co cept Oeve opment,
an
alntena ce
Deploy n
Planning hase
~ 12 Se nt3
Segm n 2 3
Sir•
e Plan ing Ph
G 0 S F ·er. 1. 1 1 Plann1n
IPJ plann1n pcrv e all le el o ,gcncy m n cmcnt. l o c le el il m .y be perceh·cd
pr es of defining in sy tern 1ic w y th infonn Lion .ncede · to effectively complish
Pl .nnm GOS e.r. 1.1
h pcd by (I) the need to rNna e pro mn-
loy em of
G 0 F er. I I 9 Pl iog
Prog 1n'1 perfonrtW1Ce.
p <>grim
IA R
I urt 3 ud1un in th r
ni 1n uu re: IRM por ie,
e u 1t ere ould enc r 1
th proJe t le el o ould be
Pl n ing GAO AF ver. I.I
lusi e. Th udi< . or
bcn on iuon m ni r. ori in e 1
G 0 S F \Cr. I.I 11 Plannin
Plannin GOS er. I.I
1.1 Sr Planning
nan are s nchronized 10 occur
er or mformauon rcsowus on business
e er. the l<> hi h IRM
·pend on ho mueh the CEO
G 0 F \Cr. I.I Pl nn1n
uon . ec nolo 1cal ppro he • lime ff3Jtle an other resource alloc 1ion nece 10
u >the en · 1nfonn 11 - nee .
udlt 1 mn
~n~ ron
urlln of m n
oals lh
Plannm GAOS
1.1 . 1 Scop
1.J.l.l rn t
1.1.1.l
1.1.1.1.J
1.1. l .l. run to m of st rin cornmn
GO ~e . l.l Pl nan
1.1 . 1.l R I lion hip to t tr ~1m
e "' r- ptrf nned 1n th egmcnt I
ni uonal tructure 10 CTI urc that st
ObJeCll e:S.
1.1.t.J tnc:y Produc nd Dotuments D ti red Dunne Thi
1.1.1 .J. t (mjs ion and
for
ls
1.1.1 .l charter. identifyin1 mem rs of e IRM t eg c pl ru team
definin C'C:$pomibdities for intt tin d top.down
s ce ic plannin i iti . .
I.I.I 3.
1.1.t. . er ocumcnt 1ion cribin the
dm cmcnt of ch poin
.1.1. emtnt R po blUtl lse:h t ~ in ht e me t
1.1.l.4.I . guuantee commllmccit <o d in o cment n the
1.1.l. ~2
1.1. l.4
1.1. l.4.4
J.J.1 .4.5 he le of pl nnin mH ton
Pl nn1n1 16 0 0 SAF er. 1.1
1.1.1 R ponslbiliei Dlscbar d In Thi e mt•U
1.1.l .1 nuf. c1 1c members (high-le cl ro ram m n ers) 10
ate on che plannin team.
1.1.l .2 fine irate ic program-rel ted i u · to
nJD proc:e • incl _ ing issue of
l.J. .6 lRM R pon b litl
.1. 1.6. l Idenufy spec1 1c (hi h-tc el) membc to puticip tc on the pl nin
1ea.m.
1.1.1 ••2 i<: program-rd ~ · lO be
1.J.1.7 udlt Obje~lt ur:ln Thi S ent
1.1.1.7.1 eloped busin pl.n hi h t
core USUlCS mission and rogmn , issu
b. or imp e
nd
c. m u~ of petform
ilU ed d
r.1.1.1.1 ii ronnaUy
fPDU.lUCllnaJ SU'U~~
b. · plannin1 pproacla are e bli
c. trainin i pro ded CQ c plannin team
in e pl mn proceu.
G 0 AF ' 'er. l.I 17 Pt nt
t.l .1. .J sse ..,.hethcr lhe e ic IR! pl nnin proce-1 :
l integrate USl!lC (m1 ion planning:
b. reflec:ts gcncy· I fR.\f polic1e • ard an p edu11e :
h
d. pro idc top-do 10 ency compo ents; and
e 'fc II cly or
from a e ym
1.1.t. . udl T
1.1.1 . . 1 Fo.llo
l.J .J.•
1.t.t. is may be their
c .) (0 r.
ml ions, o •
udjled):
b. ncy' legislated
c. J.m.incd
is
d. e imp ed lC and
Plmnin 18 G 0 ver. LI
e. the a enc h ldcnli 1cd perfonn nee me uru th r will be u cd
in scs 1n pro nun crfec1ivenes .
L t.J. ..a A se the c pab11ity of the gene 's pl nmn or an1z tion. Thi c n
be one by obt nin infonn tion on:
the ompo ition and s ill or the pl.anning te m, n hethcr
agcnc_ c cculi c m nagcmcnc on 1 e the rru
pcrs ncl ro be dcqu re nd ppropri re:
b. hcther the cc m members h c prior e pcrience in performing
pl nning cti tti d whether hey h e been succ sful in the
Pll.St:
c. hethcr ency e cC"uti e man ement h esr•bli hed a
pJ nnin effort lncludfo enior rcprescntatl cs from u er, hey.
nd IRM ora n· tion ffe(;ted by the pl n: d
d. hcthcr ch. IRM pl nnln.s chancr ensure that (I) gcncy· 1d
mi ion go I • and objecti es a.re properly renectcd an
incorpo tcd Lnto the plann ng proce : (2) uba ency-level pl n
uff1cicnlly comprehcn i c d complete; suba enc ·le el
pl n are not rcdund nt ot o crl . ppina; and ( ) the ell('.y- ide
I n, on c ppro c , i implemented chedulcd.
l.1.1.8.5
rocedu s.
1.1.1. udiC Products and Work Paper O _ tlop d In Thls ttm nt
1.1 . 1.9.1 Coples of con res ion I, prior GAO, lnspcctor Oc:neraJ, intern l
udit. and financial Int~ 'ty er report related to the pro m or
cti i1y. I ent'(y problem rcas pcnincnt to th icw.
G er. 1.1 P Jinan
1.1. .. l
1. 1. •. umm nz1ng the u nor'
I.I. .9 ... umm.Jrizin the u Hor' ~ 1e of the cncy's
b1lity m Ju m
nd reprc nt tion of the planning t m
b. the pl nnin unit ch mr. uthoricy. nd respons1bili11es.
t.1 . 1. . Wor papers a scum the cffccll enes of the polici and
for intc r ting IRM Ian nh ency- i bu incss
Pl nnm ..o GAOS er. LI
1.1.2 nd Opportunity A
1. t.l.l ency Obj ctl
1.1.2.1. Underst n lhe force.s of thee terna.1 environment (Congress.
constituents. the pub! c, etc.) whjch m y influence or constnin ~
a cncy's plannill8 process.
1.1.2.1.1 Identify t c gen y"s mi sion. goals and objecti es and the
inform tion re.sources nee d to support them effccti ely and
di 1ciently.
l.1.2.1.3 In light of probable fu1ure cen · . etermine the trengths.
, nd chang bility of mana eme:n1 and proa:ramm ic
nd constituents' s tisf ction ilh o craJI ency
J. l.1.t.4 s e the iability d c pab.UI)' of current IR: infrastructure
co up 11 prob ble futu scenario .
1.1.l.t.5 Document m Jor information technologicaJ and nctional trends.
1.J.2.1.6 De 1ne m jor IRM objecti. to s Lisfy information n in support
of a ency m · ion, o , and objecti e .
.1 2.l Rd llo11 b.ip to Otbn m~nb
T111 c ment I s the groun wor nece to develop £RM s e for upportin future
m1 s1on cenario • org niuuon I tru tun:s. and b iness ·proccues.
GAO S F ~er. LI Planning
.1.2 . tnc Products nd Documents Otll end Durio Tbi Seiment
t.J . .J. l De cription of e tern J ( cto th t m mfl ence or con tnin the
gcocy's pl ning process.
t.t.2 . .2 Description of the cncy's mis io s. oils, an object"ves.
t.l. .3 ency m gemcn
nee in light o
or dcfkien i
d objectives.
usine.s
1.1.. .5 e
1.1.2.3.6 De.scri t n of m j r inform 1ion technolo y d fun tionaJ iren
l.l . ..J.1 Summary of nujo IRM ob ectivcs o saisfy infonnation
uppon of ency mi ion, o , d objectJ es.
l.1 .2..i ment R po Jbl Ill Oise ara.td io Tb epncnt
l.L2.4.1 gcncy's prob~ e fulW'e
ency' mission~ o&ls.
I. • 4. ning cam the IRM objecti es
th t e cy' tnle ic ision.
1.1. .J Pro ide c ecu i e-lc el 'n u , gu1 u. su est.ions, an
consuu ·ve critiei:sm to help the pl nning tc m current
con itions and iden ify opponunilies for impro e.mcn
I l.l. .4 elp c pl nin team fine the s
nee to carry the ge 'so e
obJecti cs.
Plann1n G 0 SAF er. I.I
l.1. •. 4.5 Re 1ew resul of 1 1us an . o ponunuy e menl nd pro 1de
on ensu or ppro 31 bcf re chc pl nnmg te m e clop the JRM
tr IC IC pl n.
1.1.2. . r pon lbltlll DI ch r td In hl t ment
l.1.2 . .. 1
l.l .•. 2 si t the pl nning c m n cs in · the curr~nt lRM inf structure
nd l potenti I c bility for the gen y"s is.ion.
1.1.2.6 IR.1\1 R pon lbllltl Dl ch r td In Th ament
1.1 .l.6.I ist the pl n11in team in sessinii (I the cumni IRM
.in fr ·structure and its potential c pability for supportin the ency'
i ion. nd ( ) the IRM objc:cti fot supponin the 1 ency'
t 1egic vi ion.
J.l .l.6.2 Be len 10 trends nd identify new Lechnoto ies lh t m y be pll
in support of the a en y's vision.
J.1.2.7 udlt bj ell Durln his St ment
In Lh1s .c auditor' objecti c i 10 undcrst .nd how ri · orou ly md effec1i cly th
enc h current condition. pec:ifk lly, the aud.ilor u to no whc r
che a ency h :
1.l.l.7.l clc ly identified nd un emood the cm ncls nd cons 'nts of ils
e tern I en ironmcnt. nd how these may affect the ocomplish nl
of mis ion nd oals:
t .1.l.7..2 identified strengths and e nes cs in i CUIT'Cfll JRM cap bilit by
an lyiing its current proce eSeS n ow of da or lnfonn tion u in
u ines proces.s run neerin methods;
l.1.2.7.J ysccm Jic lly identi 1ed ood c:ue orized the infonnllion resooice
nee ed 10 chic e its 111ted mis ons o Is~ d
0 F ''Cr. l .I Plan nm
J. ••. 7.~ 1dcnt1 1c maJor 1c hnolo 1c I trend ffordtng o portunrnc for
1mpro c m1 s1on pe Onnilll c.
1.1. • . \ dil for Thi m t
1.1.?.8.t cnnanc hcther the h i cnt1fie che con traan t of I.he
c tern I en.,,·ir nment; re 1c gcncy· documen uon of lhe
imp t or th c em I en ironmcnl on mis ion pcrfonnance.
1.1.!.
d
l.l.2.8.J
I. I. •..
l the
nd
I.I.-..
I. ·•· De rlop In tot
.l.•. 9.1 D
ti iLiC
en y mimon
lannin GAOS er. l.I
J.l.l.9.l W r pa rs ummarmn · GAO ntl se of:
omp ri ot\ of t 1e mi sion ith eg.i I twc ~qu irement.s:
b. the rele nee of the ency's in orm tion requirem ms to o erall
mi ion and pro m ObJecli e . ell thee ltmal
co i ronmenl;
c. bud c and rel ted pl n • includin exi ting st tegic, ctictl,
and ~ntion I pl:ins·
d. the effccu en of the enc 's operations, including IRM
mis ·on-support Ii ities; d
e. 1he ency· i entifkation of op rrunities for pplyi.o
technolol)' and for rccngfoeering current p es hen
w mn1td.
G O S F er. 1.1 Pl nnin ·
Pl nan 6 GAO SAP er. 1.1
1.1.3 IRM Str tegy SeQment
U h1 h-IC\CI fRM I IC n ~f
e mcnt
1.1 .J. l enc Objec-ll ror Thi e ment
I.I. .1.1 De elop hiah-lcvel I M 1 tc reOectin (a) a S year to 7 year
gcncy- i e iew of how infonn llon resources used to support
the ency mi ion, o Is, and objectives: (b any bud c
onsuaints.
l.l.J.1.2 Produce n lR.\1 strate ic pl n that prcsen 1 vision of how lRM
re ourcc will be used 10 uppon the aency mi sion in th future.
includin an 0 enll inform lion hilectural r me ortcl that
upporu lhe selection, u e, and integration of mfonn 1ion resou
within 1h ency.
l. l.J. J.J Obt in mana ement re iew nd approval of the IRM sl tc y d
tr: te ic p~ n.
1.1 • .l r tlon hip to Other amen
lhe R ult of the t tus and op ttunity ass sment e mcnt. an
n ante r: 1ed 1r cegy and hitectural fram ork for improvin 1 ency o uons.
~normed here i rercquisite 10 producin program~le el, operari naJ tion
G 0 S F \'er. l.t 27 Planning
I. . tU tred Dunn bis nunt
I •I . . . I 7 ye ~
to
en y. The plan
mts ion t le cnt ~ m jor functions n o rations:
enc l go Is an o jectiv and how they re 10 be chic ed;
c. opcn11on J moun:e (including nformalion re outce ) rcqui
10 meet th oaJs and objectivtS:
chc le for implcmen1in. propose new program n Ii ti
nd cripllon of lhe or niution l d opcnuion~ imp
of these inati ti e .
c. rforman e ao nd meas re ;
f. n rchi1ec If ork.:
ey e tern r to t could affect th hie ement of go
d ob1ecci es; an
h. sch ute ro future program e luations and pl ning
l.l.J.J. umm ry of he gency' bud et, ·ncluding preli minary rovam·lcvcl
IR! 1 bud ct .
1.1. .~ \t n em nt t po blUtiH D
I. l. . . l Provide fin I ~eculive- le cl commcn . guidance, u e tions. and
onstruc11vc ~ntici m to help 1h pl nnin team complete the 1RM
1r te y and 1 cg1c I .
1. l .. ic pl n i con istent ith .an linked to
the ency bu mes 10 the budget
u._..a.J Re 1e nd 1 pro e I.he s leg.le plan.
I. I. ·-
I. I. .. 1 planmn1 tum in fonnuJatin propos d fRJvf tnrc its d
evclopi s tcg1c pl
Pl nn1n 8 G 0 S F er. I.I
l.J.J.5.l As sl pl nn n team in pre 01jn lhe proposed stnHeg1es ind
pl n to m cmcnt. inclu in descripcion of the imp 1Ja1 he
plan 111 h e on pro -le cl ope tions d on the
ccomplishmen1 of the gc y's curren1 minion ( w:h as the bility
to deli er rv1ces, org niulion I resttUcwrinii. rcrum on in cs1mcn1.
rsonnc I re u. tion . d rcen i nccrin of o prooe~
l.J.3.6 'R I RH po bilttt
1.1 •. 6.1 sist the pl nfog 1e in formul lin propostd lRM t Le and
c clop1n Lhc s te1ic plan.
l.l.J.6.l silt the pl nning team in ptesentin1 the proposed straLC i d
plan LO man emenl. includin a desmpdon or the imp.acts th 1 the
pl n will h ve on rognm-le el opentions &Od on the
or
compIi hmcnt t c gency' currcnt mW·on such as the biUty
10 i er ices, org ni t'onal resuucturina. re stment.
personnel reduction , .d rccnginecring of ork processes)
J. l.J.7 udit ObJtttl Durtn1
1.1 .7.1 De1cnnjne eloped n lRM. s tegy and
tnite ic plan.
l.l.J.7.l plan c rve a
er it .is comprch nsa cty
l.l.3.7.J Determine emcnt appro ed th IRM
1ra1cgy an
1.1.J.8 udlt T for Thh qmt11t
1.1.J.8.l
G 0 S F ·er. . I Pl:mn n
J.I. ..l
I. .J. .J c tr tc 1c IR! f pl n inc u s th folio 1n
tion :
b.
c.
c.
g. chi emcn or go ls
h. pro r m e alu 11ons n plinning
l.J J ..4
l.J.l . .s Determine ether the I 1 tr tc 1c pl n 1 Im cd to the a en y's
bu t'l. mcludin rclim1nary pr r m-lc cl tR! ud ets.
l. t J.8.6 ctcnmne hethcr th I t t tc 1es d qu:ucly consi er h l mu t
srnon smoo hly from tl\c ol IR! en iron cnt 10
. J.J . .1 h re 1c cd nd ppro ed
1.1 .9 udlt Produ or h ent
1.1. .9. l The gen y' IRJ f tr tc 1c pl n d 01 er mng·r r t d
d u cnt c1on, ncludm r l\ue ·rurc d rel tc bud et d
Pl nnm G 0 S er. I .
J.t.J.9.l ork p pen whether.
the a en y c 1ab.lish d 0\1emin trate ie for 1dcntify'n and
m n i ng in formation resouru ithin the ency. includin
cncywide IR.M o I . o tr ll umpdon • Item ti e choice •
nd constraints:
b. these cnueg:ie$ ere provided co program-le el unitS for th · ir
use in de . elopin th lr components of the l Sln e ic plan:
c. the strategic IR1vt plan includes all the cntic I elements.
d. the plan can drfre decision-m in.g for in ettin in future
Inform tfon resources necdc4 to acc<>mpUsb e y mission.
goals, and obj c:ti es:
e. the tRM stra1egic plan i linked lO the a ency's bud ct indudin
prclimin.ary prog:ram·le el IRM bud c ;.
r. the JRJ ~ str te es adequ tely con ider h must be done to
transidoo smoothJy from lhc old IRM environmen1 to the new:
nd
senior man ement has re ie ed and ppro ed the lRM nnue
nd strategic plan.
1.1..J.9.J Document lion of the eni c ecudve's and lhe design tcd IRM
offki rs re ic nd ppro I of 1 stmcgic pf •
G 0 SAF ver. LI )1 Pl nnin
3 GOS
1.2 P ogram· evel IR
Pl n onttn
R \I n emen t
udil
dt u ed m ere uue un
G f,cr. 1.1 nan
on idH I on
n(_ Pr lOI
his pro 1lc to ro ..•1dc infonn t'on on L e
ppll nd pr c ure • trcn s nd w
1l i.;uncn IR! 1
ncemcd 1th the 1n
i1y:
1ha1
d et-ermine
0 lhat
G 0 SAF er. I I
1.2.1 Scop • Definition, and Org n lzatlon Segm nt
c en . n«ds toe blish the pl nnin resource d proce es necc:s ary o inte e
lR~t pl nnin ·uh bu me or pro nm lannin . ~1 n emcnt upport. I dership. and
ommttmcnt rt ritic I elements 10 c:nsu h t re rce are effectively irccled to
compleun the I~ f operation I plan. The ope ti c question to be m ercd n thi gment
1 • Ho ,. should ~ t or aniz.e and ~·hat alttmari~ pproa htS should t considtr to impro t
tire informatron systtms, producu, and st us tnar suppon tli a ency's mission?.
t. .1.1 tnc Obj ctlvu :for This t rntnt
1.2.1.1.1 Obtain pro ram man emen ' commitment• .in ol c~nt. on
.and coun bility for the pl nning proc
1.2. 1.1.2
y
J .2.1. J .J
1.2.1 . 1..i Pro"·1dc necessary trainin to cm rs o t plannina 1um.
J.2.1.l..5 Plan quality su
indudin ocuments.)
program obj ti
l.l .1.l Rtl tlon hip to Other taments
e wo perfonned in thi cg:mc:nt I ys necess ry nd o · • control en iron.men and
r niz lion I truc:tu.re to ensure tb t IRM o pl ns ppropri ely i entify specifo:
IR~ I proJ o uppott pro
I. .1.J enc Pl'odU C ind ()(Umtn Ddi tr Dur na . it
1.•. 1.J.l Charter fo pro m pl nnin m 1dentif in members
defimn respo:ns1b1hties for int enc · IRM plan ith
ro ~ m o Is and obj nvcs.
G 0 SAF "er. I.I P anmn
1.l.1. nd program pl _nnin.s issues 10
the pl _nm n process.
1.l.J .•J sc edu le of pI nin rru e tol'\Cs an
l.2.1.4 ~I n emen Respon lblllt Disch r ~ f Tb St enl
l.l.J .1 Communic tc nd gua1 ice to mir
planning p ocess.
I, .1.4.l ppoint I planning team members nd di th charter an ·
responsib1lit'cs of tho in olvtd, particul ly the integrui of
pro ram o Is _ objcetives 'th IRM pl $.
1.2.J.4.l
1..2-.J.4.4 Re ic ;ind pro e e planntni hedulc d - ork program.
1 .1. ' rR pon bllhl DI cha t
l.l~ l.! . I Identify pccific mcm r to participate on che pl ning IC
1.2.l ••l level ation iss lO be
unn
1.2.1.6 UU IR pon lbltlll 0 cha m nt
l.2.1.6.1 Iden 1fy pec1fic mcmbe. lO p run ltam.
1.l.1.6.l 0 ilb users to help define pro m·le el o 0 be
dn sed durin - the plannin process.
l.2.1.7 u It 0 1 Uv Ourh1 T ent
1.1.1.1.1 A w ether che ency h s Le ·cpl n 'ch at
nufic :
m1 ion n pro mi e.
Pl ruun 36 GAO SAF \CT. LI
b. i sue hat or imp ct the LRM o rauon Ian;
c. . re o perform nee for sessing whether custom r nc-e
i tied and program go J hie ed.
1.2.1.1.1 s hclher the lRM ope tion J pl .nning proc i form Hy
instnutton Ii d throo h ppropri tc org ni tfon I 1ructures.
hc1e • and procedure • ilnd ?ttlher.
rt$ponsibilities re cle ly
b. ppro h are est bl hed · d
c. nin t m a.nd o
&.l.J.1.J se whether the cncy's ope tion l pl ni n proce s:
is integrated 1th pro nm pla.nnin :
b. reflects ency- ide RM polides, tandard nd pr~dures;
c. h- pro ram·le c1 man gemcn1 support:
pro idc top-do n guidan e co rogram componeni,~ nd
c. i effectj ely or anrzcd 10 inclu represent ti ·es ftom pro&nm-
le el rmnagement, user group , CRM
.2.1. • udlt Tasks ror Tbb Seam nt
1.1.J .1 Following he a ency ptofile step • compile n document
i1ppropri cc bac round i.nfonn don, includin. the current st tu.s of
the IRM en ironment pcn.incnt to the gency pro · m. or d 'ty 10
udited. Cul'T¢nt slttut inform11ion ould 'nclu em ~or
information nows ( and rcporu bet een information · rovi
nd inform tion J crs and o er inform rio produ ts sel\lice
upport ng program go Is nd objecti es.
l .l.1 ..2 followin the ency profile step • re ie the re n Hlerature 1.e..
con ion , rior GAO, Inspector ~n ral. inLem.al udi
l'i d
Anand I [ntegrity Act repo . rel ted to the ro ram or
i ntlfy problem are pertinenl to 1 re 1ew.
G vS f ver. 1.1 7 Pl nnin
1.... 1..J sscs he ency' 1n1 eg1c lRl r1 pl n to determin hcth r the
ency:
1dent1 1cd the t ted ency m; ion • go I , obJCCli C
pertinent to the rogram lo audite ;
b. hethcr pro ram oals and obj t' es con is1ent ith e
ency' le i J (ed mand
c. nd program is ues th t ill im t
l.l.t. A css the c p bil11y of m ency' planrun
be do b ob ining inform _tion on:
hethu
m of
b. w etMr 1 e ltaim members h~ c prior c periencc in pcrfonnin
I nm tJ 1lie d htlher th y ha e been ua: ful in
t:
c. he the
d.
1.1.1 .5
Pl nn1n 38 G 0 SAF er. I.I
.• . I. • u ii roduc nd \ ork pt Dneloped ln hi me-nt
1.2.l. . I D
"
t .2.1 •. op1e of congr"mon J, pnor GAO. tn pc tor Gene I. in1em I
u u. nd Finan 1 ln eglil Act ttport rel ted to the pro am or
u ·icy. 1dent1f in pro lcm re . pemnent o the n:vic .
l.?.1 .9.
1.2.J. • or p pe mm rizin 1he u ito re le of the a ency'
planning c p bth ty in lu in
ch com 1tion. ills. d reprc cnt lion o the plannin team:
b. the c « Utt e m n c en ch er. m cup. uthority, nd
r poru1b1lities.
I.' .. .5
er. I.I Plann1n
Pl nnm 0 C 0 SAF er. I l
1.2.2 nd Opportunity A
1.2.• 1 en bjectJ ror bl tnt
1.2.l.1.l ndcrst d the on::es of the extern l en ironment (bud el, Con re ,
on tituents. the · ublic. ere.) hic:h m 'i influen e or c s n e
cncy's planning p
1.2 .• 1.2 Determin the imp t n c u c of ny c nesses or e t 1enc1e
h 1 imped lh au inmcnt or pro m go Is and objecti c .
t.2.l. t. s css user/ u tomcr satisr uon with c
sc ices, nd produ d es1abli h m
1.2.• J. I enLi y
goal an rtun11ic o
redesign
t.2.2.1.5 ources nee 10
n dficu:ntl
l.l. . . se ~unent OU t hnic: I support ope t oru, le hni
architecture. and c p city.
1.2.?.l.7
t.2.2.1. Document and es technology trends nd 1den11fy o po unmc ~ r
usin new technology 10 im ro e prDg rn ope tion well
e~ic delh•cry.
G 0 F \'Cr. 1.1 41 Pl nn1n
...... l.9 Define m JO I ob;e<:ta cs 10 s tisfy ·nform 1ion needs in up n
of program go I d ObjCC I C •
the und ·or to de ·clop lhe I ope tion I plan.
1.2 .... nt Produ nd D men bis St tnt
I. '.2.J. t De~ 'ptio o the a enc · mis ion. go Is, nd objcctivCJ: di
c tern I en 1ronmen
.1.2 .. 2
th l hinder th ency m1ss'on.
.2.2.3 e ment of u er/customer ti faction ilh
e ices. n prod ts, including
1.2.2 ..4 to better UJe inform Lion
1. ....3.S De cnpt"on of infonn ii • nd resources needed
to upport pro ram o I
J..?.2 .6 rt o tion . tech nic I
.l.2 .1 D c puon n scssmen of lRM org ni don's skills. pruticcs •
or szauon, and c p b1lluCJ.
1.2.l.. 0e1Cnption of m JOf inform tion technolo trends and
opponunities for u ing ne technology for impro ed pro ram
o perauon ell ice elivtry.
1.l.2.J. Defin1tJon of cnten or est blishin prioriti amona ystems
C\•elo m nt projec
1.2 .... ment Re po lblllrle in Thi tptnt
l.l . . . 1 le 1 le ent of the gcrn:y' missioo. oals.. d
Pl nntn GAO SAf ct. I. I
1.2 ..2.4.l Pro 1dc lhc plannin 1cam ith mpu from pro ri.m mam1 ers.
includin priority· ;C"tlin cnteri . guid net. su e tion , d
con tru ti e criticism.
1.2.l ....J
1.1.2 ..a ..a Re iew rcsul of tu n ponuni y ument nd provide
con en u . r appro J before lhe pl.a.nnin te m be in ork on the
ne 1 egmcnt
l.l.2.S L' r R pon lbllltl · Dl.sdtaraed In Thlt •1m1nt
1.2.2.,S.J si lhe plannin te.am in identi fying the l) 1rcngth and
t
we nc es of exi 1in tcc.hnologic I p bil de d (2) inform uon
products, sy 1cm • nd sc ic neede 10 ccomplish pro m goal
nd ob ecd e:s nd tisfy customer needs.
l . Z.5.l Identify lhc e tent 10 which current yssem function I processe
meet u r needs. and identify opportunil es for wo · proce s rcde ign
nd impro cm nt of pro ram operation .
I. "'.l.S. ist the pl nnin letm in c si n the ill . p ctice , nd
or ni tion or user group~ to determine l) their trfecti ene in
ervic n cu tomm and up rtm pro ram oaJ nd objecti es d
• r'Cquircments for t ining · d suppon.
t.l.l. I .\f R pon lbltllle 01 char td In Tb
l.2.2.6.l i 1 the pl nnin.g tum in i ncif in the current t1ttu1 o
po1en1i I improvements to program p llcation of information
lechnology, and dentify opponunitic for work process cede 1gn d
improving progrtm operations.
1.1.2.6.l Be len 10 1~ nds. nd idenufy new cechnolo ies th t m y be pplied
in suppon of a en y ope lions.
1.2.2.6.J is1 the plllin .ng tc m to d fine m jor infonn rion tcchnolo
o jecu es th 1 ti fy infonn tion nee .
G 0 F er. I.I 43 Pl nnin
u .... 6A
nd
J. •. :?.7 u ir bj~cli
line e ork or
tions by etc.arty d ntifying
1.2.•.• I n Ir in of 11 c 1cm.JJ en 1ronmcn1, d how
c t lhe corn Ii lunent of issions d ao Is~
1.2.2.7.2 c nes c in i current I
1 inment of program o
1.• .2. crvlce ,
n pr d lRM
sup po
Ll .2.7. u mforma1ion re ources to up rt prognm oals
nd 11 fy customc . including opporrun1ti to re-
e nee ed to support
1. ..... 7.6 h nc c o urrcnt I M tcchnic: I sup
rch11cc1ure. an c p iry:
.2 -·'· nc c or lhe I.RM or ni Lio • sk.tlls,
1h11e :
d the opponuni1ies for
operations ell
l.~ ....1.9 pno IC moog planned ystems
Pl nnin G 0 SAF er. I.
1.l .• .8 udit T k ent
1.2.:?• . 1 lerrnine nether the
ribed the conslr1:i nu o 1
m y ffect the complishmcn
1.2.2 .. l Re ie eney ocumenmion ·
a quately nd cle .ly fined e IRM c> ~ecti to · tisfy
inform tion needs in support of · ro ram o $ and obj li
l.l.2 ..J lntc icw usen/cu.stomen. ~ iew agency document tion. n s
he r the eoc.y h ( ) obt incd feed k from I.he u:ser
community on the sufficiency of lRM suppon. to program operations
nd (b cl ly identlficd d aniculllcd u.ser/custo er em111 i
impro ed io onn don ystems and suvices.
l.l.2. .4 lntervie lhe user community, re ic 1ency document tion an
determine the dequacy of the ency's identific. tion of bener a s
to e inform tion rcsou:rce co upport program o I and o jectiv •
inc luding opportunilies LO red i ork v.1\.l~·:H;,>
l •. 2. .5 gcncy h
1.2.2.8.6 Detemune wh ther the ency h i ent'ficd the ucngth
v.eakntsses of CWRnt I.RM technical uppon operations. tec:hnic I
· hituture, d ctp iry; and rcv.iew the documentation to temi1ne
the uacy of the cncy's . n
1.2.l. . .1 Oeierm.inc hether the gency h i ntified lhe rren
e ncs . of the lRM or aniution's skHI p tic , iution.
d cap.abilities and review die document1tion o determine the
dequ.acy or the aaency's S.CS.Sli\elll
l.l.2.
s~5 ment.
1.2..2••9 Determine be-ther lh a ency h documented the criteria for
establi hin prioriLit atnon ptanncd s stems e elopment p jCC
G 0 S f vet. I.I 45 Pl nm
rc"iew the ument uo re
qu te nd rclc nt o
1.•. l.9 udlt Pr uct nd \ o.r k P · pen Dt elop d In
l.?.2.. 1 Docu n umm rizin e tern I n intemaJ re ie s of pro ram
mt ion 3nd o erall perform cc. l~ acli•.. itie:s in support of
ro nm opcr Lions. n other u itie rel ted to lhe perfonnan e o
the omplishmcnt of program o ls and objecti c .
1.2.1.9.2 Wor p pc SU ·?in of·
ith st 1ed gcncy
mi ion
b. to overall
en ironmcnt:
c.
d. n · rel tc _ pl ns, 1ncludin exis.lin mate ic. ic I.
t1on,al plans:
c. on cmin needs for
d produ
f. ency criten for urin pcrfo the
effecu"cness of IR! suppon:
ope ·ons. includin -
unh's skills. pncticcs.
h.
ncenn current proccs
1. the enc ' critc noritics g pl nncd
y ems c tlo ment p je
Pl run GAO S
1.2.3 IRM Strategy Segm nt
1. .l. t
J. . .t.2
1.2•• l .J 0 m m n ement re"' c
pl n.
t.2.J.2 R I tlon hip to 0th r ~1ment1
menc umm nze the results of the l tu and op nunlty e smenl gmcnt nd
1c 1r tt y nd operation I pl n for impro in program opcr: 1ions.
G 0 er. I I 47 Pl nnin
1..2 •• nd bls me t
.... .l
..., y t ndlor hcmati ..·c an Jys1s for · h
in the o~ uon I pl .
I. .. .J Prchmm ry l t u ct for ach m jor roJect mm · cd in the
o rauon I pl n.
1.2.. d In hi
1.2 .. I Pro" 1 e tnal ommen1 . id nee. ug tion ,
cn11,1sm to elp 1 e pl nnin 1c m complete
r 1e y and opcr ttonaJ plan.
l.:: . .2 uon I plan 1 on i cent ith d linked to
ency usine s pl s.
... ~ 1 im lcmcnl lion trate
I • - r
.I
I .!. .~
I. .. .6 I ~1 R po bilJll D
1: .J ..6.1 e pl nnm team 1n fonnul un th JRM im lemenuuon
n · de clop1n o r uon p an.
Pl nnm GOS er. I.I
1..... 3 .6~
nl.
pe
.., .7 udlt bj ll\ Dur &ment
t. . .1. cl.oped n l implcmen1 tion
in·u
I .. 7. Deccnnme tber the ency'
b I t 1m lcmentinl chan 0
u uie .
J.2 .7 Detcnninc ·alb 311
tin ed to 1 gen usi
.2 .7.4 Oc1cnninc pp ... d th IRJ
m le
1... • udit
J ••J •. 1
'
into rQj C
complete ·
J. ho
t.l . .J
l ..3... Re ie the pl . b d et. 10 de ermine
he he'r lb lRM amp emen pf e
G 0 F vcr. 1.1 Pl nn ·n
equ 1ely u poned b undin inclu ed lhe in gency's bud cc:
determine he1hcr multi- c r funding 1 h cly t be contmuc for
implement t on proj to en ure their complcuon.
I. .J. .5 Re,,•ie the plan n rel le doc:: men tion interv1e e
of rc:i I 10 ctermine hethcr the IRM im lcmcnt uon tr 1e
equ tely nd ystem 1ic II on idc w 1 must be one to
implement the project 1 n 1 ton moothly from the old I~ 1
en ironm nt Lo the new.
l.2.J.9.l The a enc · . lRl ope 1ion I Ian, ui ludins the imrlement•tion
tra1e y. budgets. co t-benefh _ndfo Item ti es .ty
archttectures. and other plannin ·relate documcn1 tion.
t.l.•9.2 hetber:
the lRM operation pl n in Judcs n 1mplemcn tion st It! y
th 1 p and prioritizes 1 on item rn proJe<:t th t 111
hie e 1he IR.l objecti
b. he IRM Ope tion l Pl nd epth of
imp?ement:uio details ~
d.
e. the IRM implem nt Lion st e y and oper tion I plan are
equ tely supported by fundin 'n luded in the gen y' bud t;
nd whelh r multi· e fundjn 1 hkely to continued for
implem ntacion projecu to ensure their completion: and
f. the IR.\1 implement tion Ir tc y dequ tely nd $)' rem u
wh l must be one to implement t projects nd
moo hly from the old I ~ en ironment 10 the ne
I nnin 0 0 0 S F er. I. I
Con ent
C ntt C ncepr P c .•.••..•...•.• , •....•...•••...••••.....••.
e t Ph c . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S
- I n~ ProJt t ln111 lion . . . • . . . . . . . . . • . . . . . . . . . . . . . . . . . . . • . . . . . SS
21 I 59
59
59
~ I 1.3 s
• . I. I.~ 59
• . 1.1.5 60
~. I . I 60
.. I.I
- I
nt .....•
~ I 2 ProJc t 63
-·' ~.
• •I - 2
nt ........ 65
65
65
66
66
enl . . ..•. 67
- I. nt . . . . . . . . • , ..•.. 69
··························· 6
69
0
0
0
I
l
1s Se men1 .•.... 1
G 0 F er. l. l Con ept
- ·I. '.\1 Ol • • • • • . . . . • • • . • • • . . • . • • • .
- I
nt •.....
C nccp G 0 S F er. l.I
hase
Phases of the System Life Cycle
P ase 1 Ph · s 2 Phas 3
System
Design, Sy em
Plann ng Concept Op ratlon
Development, -
and
and
ain enance
Deployment
Concept Phase
~ 1\11 Segm nt 2 14
P o c Int tJOn - d -
urt 4. he Con pl Ph e
G 0 S F '-'e r. 1.1 Concept
n cpl G 0 S F vcr. 1.1
2.1 Concept and Projec
G 0 F er. S5 Co cp1
our e mcnl :
efinc.s
e elops or
Rt k \l n emenl
Busintn ru . Bu ines ri com
tor : nol doing one or mor p jec1 . not h in
111 in pl e to upport the gency, or not ucce
t1 and w11h1n the Jlocated bud et. B inc
in the o I· cne 1l n I)' 1 •
Con ept G OS er. 1.1
r tjme, bud ct n
th d m 1urity
(e . .• c pectin
' cm tructure -· mt urcd in terms of th precision used to fine tcm
obJecu e n o . t Ut. the number and comp le ity of procedunl chang lb t mu t
be made 1r. t ency to deploy the sy tc.m. th itu d comm1uncnt of
cment, de elope • n users of the system.
h. t the rojcct 1c clop · risk management pf for miri un n
.... uh de ·clop1n nd o ratm c y tcm;
m m1a1n onunu t o c 1 ht o 1he implemc 1 tion or the ris m n cmcnt I n:
n
upd c.e hen n of
lcm Ii c-.cyclc.
udll t mn on Ider: tlo
G 0 F ~· er. l.I 51 C cpt
he er nd I t 1e rn mem W er economic an I cost· nefit or return
n an' c 1men1 need o e lu tcd. n c onom1 1 m
In tr son t In o
cm De elo mcnt Life C cle .
Int rm ton stem ecun y
I Con 1dcr 11on
I be detenmned to 15 enJn of udit
ment gcnc~lly encomp,
ope of or . perform of the
en Pro 1le
c ud11 re m 1h1s part rdy on tl'le ency rofile r r mform 1ion on he t:R.\i
r n1 uon nd pphc blc r n r . pohc1 • and procc ures. Sy tern profll ·11 ro i
in 1 ht nto th curr nt I~ t en ironment.
Con e 1 s G 0 AF ''er. I I
2.1.1 Project lnitl tlon Segm nt
o ers .
2.1.J • ency Objet"ll ror This e m t
l.1.l.J. ppro e the inJtiation or m dc\'C:lopmcm or modem1 tio
project.
2.t.1.1.2 elect •he projc. ~1 tc nu ith e ppro: ri te for
e fully conductina the de clopment or tra
2.l. . Rel tlon:shlp to thtr ecm ntl
unn 1h1 e mem m en y rnn ition fro tutlly devclopin
1 cnu it tion Pl n. t is dunn tht 1 ency pulls toge
re urcc 111 _ needed lo perfonn the fo low.
•. l.L nt Produc nd Docum _ ment
.l.I .. I Aulh ri t1on rcqu st for project
2•• l.
, nd gene h
l •. 1.4 . Ian em nt Di thar1td in. his q;me:nt
2. 1.1. .t
G 0 er I . t S9 C n cpc
l. l.1.5 · r R po ibm Di ch r rd in hi t mtnt
1.1.J. .1 o ill ensure Lh t
impro c c
- .1. (. lR~t R pon ibiUt Dist:b rg mt,nl
- .1.6•
. . 1.7 ud't Obje-ctl ts urtn Thu eccm n
. 1.J •• 1
! . J. l. . udit ks for Tbh m t
?.1.1 .1 cnf uad document. that m ement . obtained to
rn1L1 te ro; t.
1.1 ..l
Co c 1 60 GAO S ' 'er. l . l
.I
. I.I. _u
2.1.l. .t
o tc m membcn.
G 0 SAF \t'f. I.I
2.1.2
l . t .l . t atnc Obj t1 for is tJ nt
2.1 •.• I
2.1.2.1 .2
1.1.2.1.3
G 0 6 Con ep
intc rauon. Often . m1 urc of on or more of c three
ppro he y needed.
.I. ..... E 1ma c prOJCCl inn1 uon cosl d. 1he ost of the ph_
2.1.l. Deri c e hfc )' le cost
ell·IC ceplt"d estunation
l. l.2.l.6
~I. .J.7 gc nt, user. lRM concurrc con the propo
.• . 1.l.l I cntify proje . l con.str ints .
· I tion hip to 0th r mm
Dunn th1
l ... d u Otll end Durln am nt
.1. .1 Document uon on the deficicnc1es to be ddrc sed d the sc:ope of
lhe project.
l . .2.J.2 S tcm concept cloped from Item _' e p roat lh l ere
con idcrc •
l.1 ~2 .3
l.1.2.J. Tethn1c fc.asibili1y stu .
c G 0 SAF er. I.I
• •J • •.a • Ian m nt R
.. 1.2•. 1
.J•. l
.?.l. . . t pon iUt
.1.2.. t
.1. -. I ~t ftoc:l•UUt~ibiUtl ut
Pro e u
.1.. 6.1 in
.... 1•• ..
for
G 0 F \Cf 1.1 6S Concc l
ccms nd pl tfonns. rchue cure • nd m thodolo y t
•. 1.l . . Prcpann preliminary o t-btncfi r and n
cc hn1c I fe 1b1lity fudy, n imu taon.
cycle co t e um res.
• . 1. .. 4 0 ming lid uon rom m n gers n II d st of u crs for I
umcn cntrated 1 chis mcnt
'. 1.2.7 udlt bjttth•e Durin meot
udit T e1ment
l .1.2. . l
l .1. . .2
.. .2• .J
condiuon.
Con epl 66 GAO SAF er. 1.1
2.1.2. ·" Determine ether .i ency m emenc h m .. ored he regress
nd re ic: ed the d umen1 de elo 1n this segment. c:nfy th 1
m emc:nt n u und rnand the lethn1c fc 1b1h of 1be
pCOJC:Cl nd ils oc1 ted ri ks. Final! • c:rify th l na emen h
ppro cd 1he project's scope nd s stem concc:
... t.l . .s Dc1cmf nc th l mana c:mcnt h obli ed ufficicnl funds 10 in1tt te
the project and ee it through 10 complc: ion.
.1.2.9 udit . ·oduc nd D elop d n Th l"pnen
l t .l.9.1 Copies of all pertinent documcnt:s tll1t pro tde o proj 1
o • s tem concc:p (in h1ding c.hc a ency's anal)'ias or hem fr.. e
con c:prual ppro h ), co t, risk. and technical i 1b1lity.
2.l.2.9.l
G 0 F ·er. I. 67 Cance
Con ep1 G 0 s \C • 1.1
2.. 3 Work Pl
2.1 .J nc
l ... J.l De cl p th proJcct i.-; r pl n or orlc bre down cru 11Jre.
... I. .l 2
e sing
ency's m1ss1on
2.1. .1. dopt c 1 un s and r and c ero dditiontl t rds. 1(
re uire , ~ r th proJCCl.
.?. l. .1. ~ .. clop n org m ation J tr\J ure for com lcun the project.
.. I ..• ntl tlon Ip to t tr t m n
or
pro
l.J . tfl Produc nd
.?. I. . 'or pl n.
•. 1 Project r nd rd
-·I. Or n12 1 naJ trucrure.
0 f H' 11 69 Concept
2. J.J... ~1 na.· ement pons blJIU Di ch . r d In h ent
2. 1. ..u En ure user nd IR..\1 coordin tton.
•• J •.a.2 Re iew nd ppro · e the o I n. projccl
aniz 1io su\lcrutc.
1
.J.J.S · tt R pon blllcJ · D a r ed lo Thls m nt
2. t .J.5.1 orlc with the project t m to i enufy d ommit person cl. 1th
the neccs ary kill for ign in de elopin 1hc proj •
l.1.3.5.2
2.1..l. . lR~I R pon lb UltJ 1r1ed In Thi e1ment
Pro ide uppon to the project t~m fo .
. 1.J.6.1 De elopin che wo plan .
l. I ..6..2 for desi nin · and imple en11n th
emen1. security. 1elccomrnunicat1oru. da.
rruc urcs, fc complian c rcqu1remcn to ope:n ysterm
rchitectu.tes, nd configu tion ma.na cmcnt for th projecl.
2.1 .•J Selecting proj t manag:ement ool for the vc lopment en ironment
nd for moni1ori.n1 th project.
2. 1 .6. Definin c or niucion I tru un:. 1h l i , the compon nts 11lhin
he en~ that will in olvcd in the proj 1; i _cnufying proJ t
Jc der; nd defining pro' t re ource requiremen .
l.l .6.5 0 t nin user a~cment on the or pLn. roject st ndards, d
urucrure and commitmcn1 (o proceed.in into · c
Cone t 70 G 0 SAF er. l.I
2.l.J.1 udit ObjectJ Durtn1 hi ~cmeot
The u helhcr:
.1.3.7.t
2.J.J.7.2 the u tr re 1c ed nd grec w1 h the roject team• propo als.
2.1.l.7.J \cd the uments de elope in this
ys1em vulnerabilities
\'CIOped. lnd th I
uisicion stan<Wds were follo
2.1.J. udit rn nt
l. l .J.. I
2~1.J •. l
.1.J....
l.l.J.8.5 lntervie
re nt
IC
G 0 SAf ·er. I.I Co
.I . .9 udit Product nd or aper D tlop n mrnt
2. 1. .9. l
et 11 on che 1o1. r
1ru ure or
2. t. .9.2
ho~
C ncepr 7 G 0 AF v r. I I
2 •• 4
c eloped in thi hase ro eterminc ~hcther the
ti fy the user's. ne ds. d hie e lhe
.,, l.4.1 ·bj~c th Cot hi ~ m ru
2.1.4.1. 1 Ensure th l 1he pro sed project ill correct e i ting e 1ciencies 111
leg cy mfonn 1ion y tenu. ddition Uy, 1( improved. servkce and
perform n e o I h \C been ser, then m n ement mu l en urc th 1
the e goal can met ith .re on be eh cc of ccess..
2.1..i.1.2 Ensure th t the u er Jnd I organlz..a1fons gree ith the project
le m's propo I.
2. l. . . 0 m m na e~n1 pro I of the produc and propo al c elo~
in uu ph c nd iLS u1ho · 1ion to be in the desi. n and
eHtopmenr ph
l.l.4 ..2 el t on hip lo 1her
2.. 4.2. l 1hc in I c mcnt of the Conccp and Project rnui ion Ph
ful compleuon of thi c ment mo the project to the
nd e\lelopment ph
.• . JA. I nc P odu<' nd Oocumrn 0 llYettd Dunn bis · im~nt
2.1.4 •. J
2. .4 . .l M n em nl' ppro 10 proceed ith the des i n nd clop n
ph e.
0 S F er. l.I Con ept
• . 1.4.4 m t R pon lbilld a.rnent
-· t.4.4. l Re 1e the ptoJC t te m repon. En ure th t he propo d )stem nd
usmc operations 111 Jmpro e crvl c or rform nee o Is.
2. lA.4. Authorize procccdin ith lhc dcs1gn nd cvclo m nt ph • if
:i propri te.
2.t... Di ch reed in bl t mHl
2.1..1.5.1 Coll bo e ith the project m in 1tpann he re n and
project p ro l from m n emcn .
2.1.4. JR. 1 R pon lblHll 0 c:h r td a Tb
Pro 1 e uppo11 10 the prOJ Learn (o .
l.t..i .. 1 Pr n the repon do min u c(s concurrence.
.1....6. ubmuun lhe rc-pon to m cmcru for ppro J.
2.l.4.7 udlt bj urln esrn nt
1.1.4.7.l e udi1orould assess hether enc m:m em1ml h CC\fte ed
t pro1ect cum· rcpon nd p ro ~ the ropo prOJC to
proceed to 1 de ign d ' 'Clo. mc-m ph
2.1.4. udlt (or his t mHt
2.lA.. 1 ubmilted its
l.1.4 .l Dctcnnmc whe1her m na emenl re 1e cd e project temn' report.
pprovcd the project. n ulhoritcd the proj t ieam to proceed 10
the 1 :n n cvelopment · h e. Document this 1io •
G 0 SAF vcr. 1.1
Z.tA. \ or nelop d In .m nt
l.lA.. l C pie of he roJe l ac m report .ln C\ 1 en c o m na c cnf
pro I o the roJ l nd uthont .non to procecJ.
1.1.-l•. or by
om lctin ho
1.1.•ell lhc
0 F vcr. l.l Concept
C n cpl G 0 SAf er. 1.1
Cont nt of h . , Dev lopment, and
D ployment · ha
.0
elopmcn Ol ' •••.. ' . . . . . . . . . . . . . I ••••• •
u
.. I.
3. . 1.5
.. l.6
•. 1.7
3. 1.1.
3. 1.1 .9
. I~ ..................... 93
....................... 99
99
I
100
l
100
IOI
101
10-
G 0 F ct. I. 0c I
. t.'. ,·!ff_~ .. ~"""; .......
Cut n Dcplo) mcnt ... 10)
~ - I 107
107
107
ot . 107
c ment 10
109
109
tlO
............ , ............ . IO
in Thi St men •...• 12
. . . . . . . . . . . .. . . .......... . I S
nt .•.•.•....•..••..•...• 115
116
116
117
117
II
II
119
I 0
I. I
. . . . . . . . . . . ........ ~ L.I
L..
Cl nt • • ! ••
. . . . ............. . ~
in men .••..
lo m nt G 0 SAF \-'et I.I
3.0 The Sy t.em De lgn, Development, and
Deployment Pha e
Phases of the System Ufe Cycle
Phase 1 Phase 2 Phase 3 Phas 4
System
System
Desi n,
?Janning Operations
C<>ncept - Development,
nd and I
ployment ainten nee I
System Oesignt Development a d Deployment Phase
nt 2
De n '------;
.i S tcm Dest n. cl mcnt. De lo. nt Ph
G 0 S f er. I I Des.a • De elop d [)e. lo imnt
ted into the 0 eml
nt. d De loymcri 0 G 0 SAF er. I.I
3.1
ineering Le., h rd
mall ifOUps o( use d elo
minimau the number or communic lion
na in hich user-dn en
desip effon nee
The 1tm111 e ppro
-Hill.I •l 2.
G 0 S F ~er. l.I De i n De elopment.
OC'\Clop1n ) tcm un r ny o the i1erati c p,p
c -cnt :
De1ermi e enc
d identify for
nd IR.\1 staff re ie
the ency' n : or
•ill nccenary; or (c
dctcnn1nin to used e clu i ely or in
cd methods·
t bit hin
En 1ncenn
un crstandin !tie e pcnmcntaJ n rure of Ch i1c i c pp
1 tem may fa.ii because it does not cc u er needs. chc c periencc m y
ne r1 I o le c through lesso le ed):
ods for p ictin number of
ilh lh.c cy les;
uncle thi pp ith con 1nu I han c in scope n
er requirement bet
~ 1 n. De\tlop enc. n · Deployment G 0 AF r. I.I
1 enllf m tm th ts to the c unc of 1hc propo ed y tcm.
n m n ement pl hould ensure lhat none of the ollowin shoncommg II al feet he
proJC t:
UOJ\I ufied or nc cr·cn in roto1yp1ng prOJ
in uf 1c1cnl docum nt 1 on de\'Clope for pro
1ntenm production en ironm n1:
unclear p tOt)'pe ob1ecu e :
protol pm u to oi doc mcnt 1ion o control ;
oor dimtion of the re pon ibili11e between d 1 proccssin d cu f
or nt tion;
I c of proper ools or t mm on the use of the 1001 :
of proper consider tton of ency· inform lion d ta uiremcnts:
unde 1ned rform nee me urc .
ud t I ffin on Ider llons
cncr I
The e lu tor no
lntr uction LO lnfonn rion rcsou es m n gem nl
U\lm fn1em.a11onaJ Inc. Broe ~ mlro · sPECTil • otyp1n1 • The Stand- I
~lcth ol •. "'600 Bo cc Ptu.a Ro . 1u r • P I 41
0 S F 'tCf. l.l De 1 n, De"elo mcnt. nd Otplo me 1
> rem de clop em hfe~ ycle m n em nt
Inf rm ll n ccum
\ tern milrnleniln c
tlon I on dtr lion
tnc. rom~
~ 1 n. De\clop nl, nd Deplo ment G 0 S Cr. 1.1
\1
3.1.1
.l . l.1 enc 0 je th•t for This e1ment
. l.1 •. 1 l cntify pccific user ccds, induding requirements ~ r pcrfonn
rity., reli b1lity, testin , nd da m1cgrity control .
. . 1.1.1 . Define ti t 11 be eli\'erc c ..• u r screens, d ub repcnu •
graphics .
.t.1.l.J lf con tua.I up n: i nee d to sist Wtth the ·dentifi t1on of
rcquircmcnu. si n. clopmcnt~ then prepare, revi
rclc e rC(Jucst for propos I RfP) for com~titi c b ds.
.1.1.l.4 En ure an en ·1ronmcnt tha.t f ilitate on- in communi on
bet ecn u crs nd dc,clopers. Th u e of regular echnical
is n for r ilh ting open
commun1ca11ons.
. I.I.)
.1 ..1.l.6 ti e ppro to be t. en for
1cm to m et th a c y's b in
J.1.1.1.7 E anu c sy cm architectu llcm .. 1 CJ th h e hiah potenti I
for ti fying the ( nee
.l.J .l.J.
&nd
rments 0
GAO S 'er. l.l s De.s1 • Dt\•clo mcnt. d ~plo mcnt
.1.l.1. t bl1sh ppropn tc compuung resource 1.e.. ro ram e t'I nt
~ or bench and of1 re up rt tool .
. t.1.1.1
J. l.1.1.. ll ~ indepcn cnr t stin a en1. 1f
nece e systems).
.J.1.1.12
J.1.1. t. l
.J.J.l. erify ltd re
Re ol e open 1 ue re
requirements.
.J.1.1.JS Dt\ clop 1nd re ie the p ed con .. crsion or reen m«n
·. l.1.l.J6 De clop nd re te polk1e r cdures th t sup rt the
1ransnion o lhe nc sy tern.
' . l.l.J .17 Obt tn m n emcnt ppro I ~ r Lhe cli er les from 1h1
De i n. De ·elopmcn • n De lo mcn1 6 G 0 F er l I
.l.1 .2 t tlon hip to Olh r .men
ment t n 1th the output of Ule Concc t n ProJCCl ln i1i tion. ph e for the
c of cnhan in ;in e 1 tin S)' tcm or de elopin n one. The produc and
umcn1. de elo~d tn du cgmcnt I y th found tion for the y rem de elopmcnt d
in 1 II t1on e mcnt ch t follow .
. 1.1.J tn · · roduc •nd ocumtn tll ered Durln hls
D umeru nd produc ifferent n mes in the encie . o matter h l they
· ;illc , the c documcn hould pro 1 e the folio in infonnation:
.l.l . . l hi ·IC el er requirem~n cribin t c encnJ n ture of the
p blem to ol cd o the cnhnncemcnt that i needed:
.J. l.3.2 o erv1c of the current ystem, includin
hi1ectu and ope hon feature th 1 !edged
em defide nci ;
. 1. .J I tfon o user fequiremen into
er en dhpl y , report form ,
netwo quircm n
l.l.l .4 o plan ( hedule. cti itie , ~rsonnel):
.
.1.1..! e ription of tem 1 e 1cchn1c: l olucions ( cc OAO/lMTEC-92-.5 1
for an c mplc of altem ll~c an l i );
.1. l. . u IC COSl·bencfit analyses:
3.l.1.J.7 u ted ri It 1.11 ly for cost and schedule failure. and
mtercon ti ity .and interoperability, in ludin& urity rei . icemen
. J. t. confip tion
. l.J.J . proj t tu rtpons:
. J.l.J.10 records o meet n
.l . t. .11 projc t~u t mcnl a pro ·1n this ub uent sc nu;
.. t.J.U RFP, if appropri t .
G 0 S F er. t.I 1 De i n. De clopmcnL and Deploy nt
.1.1 ..1 \1 n m ot Re pon bllltl mt nt
J. 1.1..i.1 ppr c the co nd de elope
. UA.
. l. l.4 Re IC
3.1. l. .4 R u1rc 1h l I M nd u er or amz t1ons or to c er co en urc lh t
he i1c tion bein developed m c n
. l.1.-'. rces in ludia soft are
.). .4.6 nd ch er ble
.1.i..a.1 With lhi llC ti O.
. l.lA.8 pro res usma t e dined u lity ntrol n
.1.l.S ' r Re pon
. l.1 .. l eriu d define re uerc men t .
.1.1.s.2 pec1f rfonn n e. ecurit • nd 1nle ri1y rcquiremen
. t.1.~ Ensure th t pc onnel ith pri 1e u mess fun ion I ill
ar ail blc o c c ute thi c.
.l. l . p n icip le wilh ppropri tC lR.\i SI r IQ ele l , p j ular ile U ·e
m thod.
. l.J . P 3.Ct1 i tc with the appropn te I st ff to des1 ment
the tern .
. l. t.S. 1 1 ff 10 u te he economic an fl hn1caJ
. 1.1. .7 cnf nd lid tc tern require ent .
n. Oe\elopment. nd Dcplo m nt G 0 F ,. r. 1.l
. t . I. 1 '.\ t Di mea t
.1. 1. .1
. I.I. ·- e 1 c uon mc1h nd develop the
. l.1.6.
. 1.1. . mc1 te uh the ppr pn u: to ian ndd ument
tem •
. l .. .5
e.
. 1. 1. .6 re en t to man ement rcque t for ppro I to proc
. I. . Pr p c
.1.1. ertt c 1hc R or 1m1I olt It tton d u
. l. I. . e u lity
configu
.• t. udh bj ti f Durl nt
.. 1.7. t
.t.l. .2 0 cnnin
G 0 er. 1.1 De 1gn. De clop ent. and plo nt
• l. I. Detemune h loute n te
omp tin ro Cl.
.1.1. ·" e 1Lc u e
DI pl J1 or mt 1 tin
.l. l. u it t
.1.1. .1
or
.). ••2
3.1.l.
ptolO
en\ 1ronmcnt.
.f .t. ... rototype obJCCll c . Decennine lf e protot pc
. l.I . I 1litic
. Lt. . Detenm c
pri r 10
.l.1. .7 Rc\1e e for selecting 1 er 1 c ppro h.
The on n 1'ters1on .
. l.1 . .
rin im
De 1 n. \Cl p en . n Deplo nt 0 AF er. I I
. l. I. .
. 1.1. .lO
. I .L .ll cnfy h I the proJe<: t m n c ppli
:a cc led · t nd and
.J.t. .U De enninc helhc r 1h. propn le num~c o r ff, per onncl s tll ,
tr min • tools. n computin re ource are · ti bl~ 10 the roJe<:t
te m.
. l. l. . l.} c. .• on c ion or r-eengin~nn
111 n iuon to th new y em
.t.J .. 14 ohc1t tton d umen for nom lie ,
.1. 1.. IS nd control funcuon h ,.e
.J . I. udlt rodu
\\' r p.lpcr ummanzrn t e u 1tor'
.l.J. .1 C\.Cloped in thi gm nt for
c bthly lO the CCC tcd CO tpl Of
.1.1.9.l sis nd echn1 I ltem ti e
. t.l.9.J of the ency' ri nl plan for miti Un
project ris : an
•l .1.9. h.
G F \'tr. J. I 91 De 1 n. Oe\tlopment. d Deployment
De 1 n. De' cl pmcnt~ a.n Deplo nt 0 0 r. l I
3.1.2 Syste nd OepfC'\ym gment
. 1.2.1 tor ep nt
.l.2. l.1 futu~
.I .1.l
.1.1.L t I using
J. t. ...a imual esum tes for le el ore rt.
.1..2. J. IC •• S em to y em
.1.- .l. ull I fy
I e
.I .... t. re
.. 2.1. 0 n 1 fie r
re uirc
.I. .1.9
~· •. 1. O L'
G r I I De 1 n. De el enl. nd De lo nl
. . 1. .z Rel tlon hip 10 lht men
.1.2 ..
.l.l .. 7 e idcnce o user an cccp e:
re or
. l. .9 u 1cd or edulc, uv1uc . per onncl ;
. t.2 .10 n
.1. . . 1 project tatu fe"
. l.l .12 recor of m eun
.l. l.l .. ll reque l for m na emcnt pprO\ J ll dcs1 n 1tc
3.L .. I RFP or 01her olicit tion
94 G OS er. 1.1
.J. A In bl t men t
. 1. .. ..1.1 Rccoortnn ope or the pro;cct
.l.2 A. · d user o •uuzauon . oo~ 1n 1c on cc t re ult nd
. l.?.~ En ure th l the products from this segment eet lhc gene ' mi ion
thy ser requirem n .
. l. ..~ .f nnor pro ress of the proj l.
.1.1. . r pon billtJ Dl c ar td In Th eim n&
J.2.5.1 requircmcn for
ens• re th 1 such
.1.2 .l at s cm d 1t user d.
. 1 .2~. onomi d hn1c I
. t.' .... I en11f nd inform m · emcnt of h er o n1i 1100
th t m re uh from u in1 che y 1cm.
.• 2.· IR'I R pon 'b I ti
.1. • .l
.l.l.... . Pre arc rescn pro re re co m
. I. . udit bj (t urln hi t m nt
. I. •.. l has d qu cl dn the
c men .
.l. .. 1 Dec nc i de~elopme t an inst ll1t ion o jecu c h ~ n
m •·
.l.l. udit for bJ m nt
.t e de !led
.1 . .2
.1.l .
. l. •..
. I... . pphed
.I . . . E aJ nd re rce ere
. l.l .. l)
. 1. • .
tion
De 1 n. e clop cnt. nd Dcpto G 0 er. I. I
. l... . Determine hc1her a c ere 01101.1.cd or
m 1 lltng lhe tem urrcd 11n
in1m l d1 rupoon 1
.1.-.. 10 Ven! tcm is mcc11n t c
gen .••
.1.2 .. ll n ure tn l man gcment ppro ed mo in into t e n t e ment.
.l .2. Audit r due nd tlop ·d in .hi mtnt
Wor p umm ze s and potcnti J finding for the follo an1
11on :
. l.2 .. 1 he . e cy' n · m I an p en:
. . .9.2 1e t n u1on pl for con eni0T1 d cuto er from e le y
en 1ronm nt (i.e.• proce sy tcm co the replacemenr
en 1ronment:
.J. .9
... .9.4 hc~nce to 1
tern d oft are en tnecnn · nn 1ple n
pr IJCC .
G 0 F \Ct. I.I 1 Desi n. De elopmen nd IXplo cn1
1gn. ~ elo men . nd eplo e t G 0 SAf 'l<er
3.1.3 Rev iew Segment
menu or
re utcc 1
e.
. l.J.J enc bj th' r. r Thi e m
.I .1.J
.l. . l.l . decide hether o con11nue
lJ e appro h (nc 1 c le .
ne
.J .J. Re ic to IU l
c pen
. 1. . IA En ure th t communicimon channel to u r tern in open .
. I. .l. If e tern I cndor uppon 1 tiB needed for urthcr c clopment.
hen re 1ew :ind ppro c the Rf? or other olic1t tion re uc l.
. J .2 R I l ion hip to ther e men
0 F \ 'Cr. 1. Dt i. n • .De elopmcnt. nd Dt lo ment
.u .. Ir due n ument D li tr hi mtnt
e a en hould 1ng infonn uon:
.1. ence a.med in tha e&menl:
.2 to the
~·· e 1 ion 10 conunue rcitc
atlon
, or c 1dcnce of
e proj I, nd
R II ppropn 1e
. l. . nl h
.1. . l
ment
. J. . ~·
le te Iler tt method
'.1.J ..
.t._A ..$ to p 1 e p ~cct. then uth nze aban nm
. LJ._
. r In mr t
.J .S.l ether the entin: ) rem or of e y tcm meet LI
.. 3..l Cl he er to proceed ~uh uent atcrau .. e c de to more
loscly meet their tu al fun uon J per tion I requarements.
. I .6 IR. I Rt pon b I ti
.1 . .1 Confirm that complete ite tion ct user re u1rem nt .
rlopment.. d eplo mcnt G 0 S F er I 1
C I n
J.t .3. .2 Con11nuc o prepare an , pre ent pro re rcpo 1om
.I .6.J I de elopmcnt i
fon Lion . fe tu
.1 .6..a 0 fine and cd" from th .
lrcad implemented
an in Laite ner1th·e
.1.J . .5 Complete JI rclc nt ys em mcn1 ion or the to
IO I lled.
.I .7 udh bj bi mtnt
.1 .•7.1 De ermine i( man ement h pro I d suffic1en o crs1ght o er lhe
fOJ t.
. l .7.l IH1ermme dequ tcly s.cd n in
procecdm 10
3. 1.• ud t T ror fmt l
.I .. I 1ed co a
sou re ha'e been
1th the project.
.I .8 IS
h
. l .8 cnf
3. 1 •.
. J.•• E · Iu re the RFP hc1 ion
un oon in t m r th
G 0 F Hr. I. I IOI De 1 n. De cl nt. nd Ocplo. ment
.) .. I son le ed· in the i e , .. c pl'i
.1 . . udit Produc d Wor t\tlop in hi
.l .J .9.
10 G 0 s \'Cf. l.I
3.2 Custom De lgn, Developmen and D ploym en
c O\ er II JC ll' c of 1h1 p rt 1 10 c cnbe 1hc 11 uie nece ry to omple~e the 1gn.
J~ cl pmcn. Jn plo ment o cu 1om1zed ) tcm t one or more user ne . wtth minim I
J1 ru uon i c.. ;iy-10-d y o rauon . ln. ene I, c nrabute lh t I to mo t
tern
ing. curve:
n iii c d t :
henomcn u h clcctnc I
c on 1 er lton in th1 rt 1 the organi
in I ti llOn o( the d i n onct It i omplctc menuone ic
a o \ 'Cr. .I to Desi n. De elopment. nd De. lo mcnr
Im I f lOr need to be ree ... lu ted ih
cr-c re mcnt. n Deplo~ment pan:
R ·, I n
hould on 1<kr the ris d
fun er naJ 10
De 1 n De' clo mcn1. nd plo nt 104 G 0 SAf \Cr. I.I
J tor .in 'ulnc 1huc mto t e stem. The n m n cment ould help en urc 1 c
the nc e M) controls re es1;ibh c n cnforccd 10 mm te in l ri s nd thruts
udlt t mna on id lion
upplc entcd by mtenSt\C training in 'o
n desi n. and tructUred in
include G 0 o c tern
1n r uc11on 10 inform ion resources man cmcn •
mcnc life-cycle: na cmcnt,
1n rm uon terns
e anomic
G 0 \Cr. I I 10 De 1 n. De elopmenl CXplo. nt
nc Prom
en y pro tic or 1 nn t1on re r in the urrent IR. 1 or an1zJt1on
n lu;:1e nd procedure . P t re 1c • ud11 . r tudie m direct c udit
1 .im to de 1 1cn te m lht y rem c elopmem proce s. S tern rofilc ro 1de insight mto
1he umnt IRM en ·uonment.
..
De 1 n. c\clopm nt. d De loymcnt 106 G 0 S 'tier. I I
3.2.1 ent
e.
. 1. l nc Ob menl
.1.1.1. 1
.2.1.1.
l.
..:.1.1. cdu lh ill ppon the
rr n mon 10
..!. I. I J 0 pro l f r the u er n:quircmen
~ .... l.2 Rtlalion hip t
.2.1. nc: P du an 0 cumen tll end Durl I I St mt
.l. l .. H1 h-levet u er requirernen descn in the genera.I narure of the
roblem 10 ol cd or the en t i needed.
.2.J.J. n o eo 1e of he cunent or propo
de n tion of the httectura.1 nd ope
G 0 SAF \Cr. I.I 107 De i pt·o menc
.?.t .. Sys em fun tion require en 1.c • tran I uo · of u r require nl
pees u: ttm fu ctioru. u h di pr y • repo
t • cornmuru uon n.:l
.l . l. ..& ?rojcc WU rcpo
•• 1• Rcco o tin s bet
•J ep t.
.• 1.J.'7 sohci non cu I uppon i required.
) .. 1.4 tmmt Rnpo blHU t> bar
.l.1 .. 1 uth riz.c p ecdin
.tA.l tdc re.sources 1.e. pc onne , r c1l1t1 • funds fo lhi
e en
.. 1.4.J ri m emcnt pl . 1f one &lrudy e 1 • update it
us in mon I 1'1fortnation collected in this e enL
.1..a. d on mission OT
.l.I .
.2.1 ..
.2. l.-4
.2.1.
De 1 n. De' cl mcnt. nd De lo 10 G OS er. I I
.2. 1.-'.9 En ure th r prO.}CCl alcstoncs are bein JUS 1f neccs
En ure th l project co Sign- 0-COSI 0 S
en I hcct Ensure throu peer re" 1e · t at ptodu ts are curale.
o pie c. nd rcprc en h1 h qu rty.
. 2.l.5 ' r R pon ibilitlH Disc.bar ed in.
3.2~1.5.J Pan1 ip te ith lhe IRM oup to de lop pre emL e p posed
fun lion I and ope uonaJ ~u11lJme emcnt {or ppro" I.
Specify performance. ecunty.
requ1rcmen .
l.l.l~ usme1s d fun tional s ills
.?. t.S .~
.1.6 IR. 1 ponslbilit ar ed In This m Dl
.. 1.6.1 in1tion of e
.2.L6 .•
.l.l. . lcris C$ d
r partica on.
.l.1. ·"
~quire
.?.. y etwor in d
.. t.6. II h. tth er p 1c1 tion. p Ul.•;c~ulJ~ for rruanu d
tcd proccs es (c.. on-line ch processi.n
.2.1 .. reports tom
G 0 F \er. I.I 109 Des 1 , De\i elopmen an De lo. e t
.l.1.6. De clop um nt (c • Rf P f r contr 1 uppon tf
the u e . he
·-·1· udil bj ell ·
.l .l. .1 I requir cnt ha c en
.. 1.7.l De ermine elopmen1 team
tll .
lloc te the ate resource
·"·•· .J
.1.1 . ..a Dercnn1ne 1ha1 lhe thor u hly 1 cn11fied. efine . d
d umentcd It re uircments .
. 2. t. \udll s s for hi f mt
.l.l .. 1 un uon I nd per t1on I r
\Cd u in c O\Cnll nal tC(
usmc s a
.. l. .z un m 1 uou.
cc able
or the crm
De i n. Dc,·elopmcnt. n DeplO)tnenl 110 0 OS C'f. I.I
b Complete: 1remcnts pecific: non or u 1n s
n I s1 i complete 1f it h c: folio
nts. hclher m
) cl ses of inp t
1 Judm ex ep ion :
of I fiiure • t ble • an
d finition of II nns
ocum nt ")
c.
d. or
l C:T e:t
c.
tth t le
G 0 I I Desi • De c:I nt. n De lo) enc
r. d onJ •
. 't.
.2.1 . ....
J.2.J.8 e tn iti'vi for ppro im te c u nd sc eduJcs.
.2.l.8.6
cnteri in meeun the
.2.L .1
.".1. . 0 pu s
ere
.2. 1•. pro al be ore
.I. .10 Eval sot cltatJon nom h , in on i te Cl nd
~a.son bleoe s. ( ee 0 t.6.)
.2.1. udlt Pr UC nd in l'Dt
\' th e of:
·-1.9.t he u er· ·v uon of 0 rauon rt' Ul en1 ;
De 1 De elo n1. d De lo nt 11- G 0 \:Cf'. I.I
.• t.9. the con 1 tenc n Ir ceabiht of the u er rcqu1rcmen t~m
fun uon :
~ .... l " · ~
.2.l. .... the enc · ri m n:i ement I n for miti un project ris s; nd
. •1.9.
G 0 er I.I 11 De i n. Development. d Otplo mcnc
De 1gn. Dc'clopment. rid Deplo ment 114 G 0 er. I.I
3.2.2
.2.l .1 nc Objctl for m n
.2.2.l.1 0 inc It of system.
.2.2. l.2 De 1ne p ing fun uons t will nunipul te th da.
.2.. 1
.l.l. l. ,·clop oli u 10 ocument to
ent appro 1 oft lic1
.2.l.J.5
........, . re .
J ....2.1. ould fi cl 1 c ni
.l . . .
. .". l. pro
. . . I.I l n
.•.. t .11 I cnt1 d the
rcq rre to
~tr I I Ocplo. nt
... 1.t E 1im te
i n.
Rel tion hip to Ocher mtots
J.2.2.... 1
.... ? ....
..2 Pro<luc D rin1
l.2.l .l tcm s11n
.l .2 .2 ProJet:t t. tu
or eld b JI pl ers in ol ed ilh e system
Rcle
. .J sohca on
.J.
De 1 n De cl pment. d De lo. nt 1J G 0 S er. 1.1
.. l .7 Tclecommun1c t1ons nctwor t polo y in ludin nct\l.Or •
m trO Ii n re net ·or . and w1 m net
.2.2..
• .2 .9 n•
. .2.J. lO ope tion I
3.2.2.4 m nt R pon I illti 01 In b eam l
..l.4.1 ppro e
itcrui e
cd ystem {i.e.•
.2. 2.4.2 En un: u e o :a ency c ted policie . methods. standards. d tool
for 1he de ..·elopmenl of u er e ian peci 1c on.
.l.2.4. Pro i e the re to e clop the y tern
de i .
.2.l.4.4 II y tcm desi "· in10 oun1
.2.•4.S • tonator pro re o the proJ«t
. , .4.6
.2.iA.1 pp h for s urity, d inte rity. n
.2..5 ' trR hi earn nt
.2.•5.1
G OS er. I. 11 De 1 n. De clo ment. nd Dcplo mcnt
1.:u.. 2 Re' 1cw an on ur ~ Hh l c • tern e 1gn s i 1cauon .
..?.2 •• inc require ) tern pertorm n e nd
' .,···"·"'
., -
.•.•.. l mc lu Un t hn1cal arch1le ture o lion nd tr eof
. .2.5.6 1 t lRM an dcfinin 11 inter! c ( 1 c .. hum n an ther AlS) to
.•.•.., I . I R pon lb title DI ch r d in T I
to refine pec1fic tions r ecurity, d ta
tern ~rl' nn i;c. nd )Stem n:h b1hty
.... 2.6.2 Pc rm • , 'event maly i • tudies to detect
m1 in
.2.~.6. Re me:. nh u er p rt1 1p uon. u er pr c tn n
uppon 1 r qusre • or ~ ith lhe u m o clop t
ument nd a t 1n m nJ ement pprovaJ.
re cnt pro re reports t m n ement
n urc the UHC nt Of the hrou h peer
re lC \lo
h
) .... 2.6. uran e r intern I uditor fun ho in pl c. then
1 in concurrence from Q d in em 1 Lditor on the consistency
and compl tcnc s o the tran 1t1on from the user fun onaJ d
ope tion.a.1 requ1rcmenu to the pe ilic tJon i.e.,
requircm nts e bility).
rep the tcchnic I rchitecture pcc1fic tio11.
De 1 n. Oe,·clo ment, n Deploy cnt 11 G 0 SAF er. 1 I
.l• •6. 10 De ennine 1he 1clc ommumcai ion ne ork topolo and c
net '0 .
•2• •• ll De 1 n the lo 1 J n p tru turcs.
.2.2•• I De 1gn th pphc lion rognms in ludin
f n uon .
• ..2. .13 te the n into nnbu of the
0\ICrall
.2.1 . . l b on )' tem jgn spe ifi tio
ope aon requ1n:mcnts.
. .2.1 udlt Obj
J.2.2.7.2
).l.2.1.J
,
.... ~1ermin on i 1en1
uh the
.2.1.7 ·cnf th t unuu of
for y
CS) set
processes
ud t T r r
l.'. .l
G 0 S F er. I.! 11 De 1 n. De el men d lo mcnr
. ....29' si n
prognm or
.• J . .4 :.;mpli ce ith pphc ble poh ies. prn«d d
.2.2. .5 •c t e quality of e so ic1 t1on OOJmcn
nkal h11.cetUJe C:On.au•"""
ions
.2 .... ·'
~-
3.2 9 udit Pr UC nd 0 k D
or: pers umm nrin e.. LI of:
.l me odolo . ttt-hni
.2.l..2 reQ U1MICD 0
,;?_ .9 ic: inte
...l.9. e 1echm
.2.l.9 he re
--
~
9. then mcnt Ian any su porun riik ~
De 1 n. De elo en and plo ment G 0 . AF ver. 1.1
3.2.3 men
.l .. l en nt
.l .. 1.1
.2.J .. Est bli hand 1mplcmen1 llC'ti n.
.2.3. t.3 De elop d implc cn1 unit, intc tion,
.2.J.l.4 n re 1h t n independent erifi tion nd vali t10 of the cm
nductcd.
~ .. J.! Emure th t user cc l con uc-ttd.
.2. . 1. i 1c~tion , pl icrmon
u tion con rot.
.l.J.t.7 nsure th t lh stem i till ffordablc n _ cost effecth•e .
. . .J.l.
.l.3.1. De •clop d imp1 ment in tall tion plans ~ IOC nd full scale
eplo menL
.l .1.lO rt is required. lf so. d vclop
ob in mant cmcn1 ol dtati n ment (i.e., RFP
and lFB.
. .2 . l.11 Develop d imp le . m q. i ilion pt for the procuremcnl or
required computer equi mcnt. tclccommuni (on equipm nt. and
com~rci J oftw p u t hich often refened to
commcrti off·lh · hclf COT produc .
G er. I.I 1 1 De i , Devel pmcnt, and Dcplo ment
.:U.l R I uon h p to cher mtnl
portin
- ·-· .2.1 d
IOUS
wor in
.l .......
. 2.l. en
enc)'. pro o fice. nd
3. . . • 1 0
Pohc1cs. p c urc • nd t nd
1ruc1ure) with human
.2 .••
ep.
re
. .J.J ..l pcc1fic tion 1 ludin :
m • ill\ computer
b
c. input/oucp t an re n fonn c
prog:r development test ti my.
.l.J.J.5
.2. .J.
G 0 AF er. I.
1 n. Oc'clop~nt. nd Dcplo nl 12
J.2 .3.7 lib of rodu ion quality apphc Hon oft arc h
pl cc r uon ontrol •
. .J .
3.2• .J. Train in d
IRH
elf·p
.l .10 tr allon plan inc:ludin conve ion from the lei 'i en ronment
to t c re I c e I sy tcm.
.l.J.. 11 Tclccommuni tion net ·ork man cment plan, 11 ppli blc.
..) .J.1 deployment plan inc:Juding itc s r'\'e s, tte
in1 all t1on sc ulc. u er cpunce.
J.2.3 .t
....J .I rcr re o ery
.2.. J.1 Pe orman e tfi I lin 10 u en' o nio
.lJ. I Rt p n I ., td nT t
.2 . ~d rin
l.
.2.3.4.• u m.
m
.•.J ..a or e to cot nd ulc
nts th m re uirc
G 0 SAF r. 1.1 l- 0c I n. pl •mt I
J. . .4
.l . .5 Re .. te nd o ) sfcm requ 1re ts .
•%.J.4•
•2 •.a.1 pprovc c re
.1..; .4. a1i io o
.J.4. Re ·1c s of the sys em.
J.2 .. ao nuretht rin en iro nt as n
pl e or
.l .. 1
J. J. I fo ite
3.2 .... u
.2 .4. 4
....a.ts CVIC d
.l.J. tr R pon lbi ltJ D
plo ent G 0 ~r. I.
.2.J.~.2 Pan1 1p tc 1 hd t1 n o ·s cm un uon .
3.1. ·-· re u er put1c1p uon unn
~.l.
d
3.l •.•. 5
.2. t resul
.2 . II t 1tion
. 2.
r
n~ rec nt.
.. .s. P rt1 1p tc r in cpt n e c tin of ny computer r
rclc ommun1c uon c u1pmcn1 1h l will be ins lied in u er
..... J .. I SI l m colic tm mform lion on S)' em co l
mcurr nd re hz d
IR~ R pon lbilitl hi e ment
J.l .. 6.l o c clop the
.l . .6. comput r
commumc uon
.2. . Develop t c a pit t1on o "'are i e., cod , umt ten. unit and
ub > cm le ·cl mtc uon)
G. 0 F vcr. I. I 125 De i n. 0e.. elop 1 nt, Deplo nt
Tc the ro ram module 1ndi, 1dually nd in o 1n c me
t
rcsol m m ny compu er pro m lo 1c. 1 fimt1on
rcprc cnl uon. n compu1er pro m 1ntcrf c pro lem
posstble .
. .3. De'clop •he tc t n on ers1on
ln 11 > rem oft
. . .6.7 pcc1fic uon • c
'unn e re 11n of
..J .. e y u in
ram pec1fi ion •
.6. lnfonn nd
r cdulc.
reuuhz.auo · r
.2•.• 1
·"· .6.12 in • and
nl th t 1muJ te
,_ G 0 F er. l I
>' tem cnficauon
.2 .. l pen en1 te m
. . .6.l el pmc11t (i.e , de le
tcm men1a11 n)
.2 . . l fort stem
ny ben tits
this Lime.
·'-
.2 ..22 De inc the re t 111 be ~ u1rc ions
m anu:na.n c o
.7 dt bj LI
..7.1
udit ror l
0 t en u auuon
G. 0 er. Lt I:? ~ i n. De el pment nd De lo nr
.2 .• If ropn tc e ·alu e lhe qu•hty of the solici uon ocumenr.
. .J.. stem e 1rn d ument•
tern. rem. module, omputer proaram. or
1 1c ion • 1f required .
.....,
1l I I
J... .1 ce ilh the tc t pl
.. 3.. !1
1 n. e cl pmcnt, n Deployment 12 G AF .. c . I.I
cosu d
u of tool •
echmque ).
. .J.. l
.lS
.2 .1 Obt ·n copy of OU te t
.l .. J7 of
..3 .
.2 .8. 9
E II IC pl
GAO . F er. I I nc. nd Dept
.2 ..ll
acm. so focu on c
J . .J•. 22
J.
apers ~umrr c c aluation r.e&m' ysi of:
c pro 0 proj pl
t c revised cconom.i ule csti
.9 any supporon
.2.3.9.
3.2.J.9.S of the s.oftw sc de elo men qu ity su
nt. d in pen nt ·cnfi
•.? - est
.l mon d cuto er p
..J. . en deployment plans d
. .3•• t e dequacy of m ons.
[)c In. Deplo t 130 G 0 SAf \Cf. u
Content of the Operation and Maint n nee Ph
Content f he Ope lion nd M imcn nee Ph c .. , . . . . . . . . . . . . • . . . . . . . . . . t J
.i 0 The ) ttm 0 tion lllld • tain1en:in c Ph . . . . . . . . . . . . . . . . . . . . . . . . . . I3
.i. 1
131
.I I 139
139
l
140
I
141
I I
I 2
I
144
.i.1 .. 14
I 5
I S
4. 1 . 145
-'. 1.... A nt . . . . . . 1"'6
4.1 .s 146
4 L • .6 cnt •.....•...... I
. I. . 147
I 7
I
-'·- ; 1cm ~t 1n1cnan e •• .. ...•.•.•..•......•.•.•.•••...•...•.•.•••
4.. I 151
151
52
152
152
I 2
153
I
t
}
G 0 F \'Cr. 1.1 I I Ope tio d 1: incenancc
lS7
IS7
157
IS7
ts
158
158
159
159
160
Ope uon nd . f mtcn n e 132 GAO SAF 'er 1.1
4.0 The Sy em Oper
Phases of the System Ufe Cycle
Phase 1 Ph s 2 Phase 3 Ph .s 4
System
System
Design,
Oper lion
Planning _______, Cone pt - - D velopm nt,
and
and
alntenance
Deploy nt
System Operations and aintenance Pha e
Segm nt 1
fl ur . The ~ 1cm Oper t1 c Ph e
G 0 F r. I l intc11 e
ti on
ed.
n m incen n e of the computer telecommunicatio equ1pmen
m "ntrn ific tfon of pph . on software.
d benefi :
&h post lo Ill
sy tem h e.d the e d or i
cq ipmenL
Ope uon d ntcn n e G 0 \et. 1.l
Pce\CQl1\e. fa1mcngocc - 1h1 ctw11 cu -...hen ch n e 10 the soft
ne I.Jed to 1mpro'c m tnt in b1ht • reh b1lny, or 10 p 1de lter
i:h..in emcnt .
Thee nhin the conrc t of > tem configu uon man cment n
> tcm m 1 1 pl ced on the opcr tion, m intcnaoce. a11d modi 1c uon of
tw re
GA ·er. I ..I 0 ration and ;f mtcn rn:c
p
0 0 SAF \'Cf. .t
.1 Sys e Operation
cont in lhe folio in t o se nts:
• the gen y mus1 man et folio in
m nl
G 0 F e I I 13 0 nu1ons d . 1 1n co n e
I o ensure h l l1 ese ly
I ly communtc te
Pcrfonn1n s.e ment in th ration e" .. 1ro" ment c follo in
\Ulne
med pe onncl:
unreJ..11 CJC opemjn schedul nd
tncfftcU\! [ llba.c:k procedures for ope U aJ di rupuons n used y
m JOr d1 tcrs;
incfftctiv sicaJ. ministratJ e, or echmc..t cess conuols to e s stem:
tern pcrl'onnancc hortfall su h u ( 1 exec i e do ntunc (.. ) lo
time. and (3) Jon s seem res tion pcnods.
atoc Profi
on the en y pro ile or infonn tion reg in 1 ion
t . pol 1e n procedure . P t re"ie s. udits s 'e ma da~t the u u
n
c:un to c 1 1cn 1es rel red to s em ratio . S ttm profiles a igbt 1nro e
um t IR.! 1 en 1ronmcnl.
Opcr t1on 13 GOS 1tcr. I.I
.1.1 .l nc bj~ctl e for Thi ti t t
.a .Lt. .I 1mplcmented effecth•cly d
)'·te>-d y pcntion • 1n ludln
.a.1.1. I. En urc th l poli ic nd r edurc for input n output be in
unplemenrc
.J.l.1 • fan ge 1hty ope 1ioru in cenl in
ccntc • 1n ludin. man ment of c I
cnten. d custo er u po.n ente
.1.1.lA t o updare or repl e
~source com ii n (i.e. computer equipment. tern
uip no,. n require .
·1.1.1 . l.5 0 e man c clcc mmunic uon re ourcc .
~ .l.1. .
G 0 s. F er. I I I 9 Ope~oons d I ntenlfl e
4.l.1.l. 7 d implement sceunty po icies md p edu
.i.1. 1.1. Pro 1 c f 1 1ent t ming for ope uo person I.
... 1.1.2 Rel &Ion hip to Other m
In d11 menl. ch
ID
.a.1.1 nd D um Deliver Durln T m I
4.1.t . I ~ p<bted n urren ope d roe Ure
.a.1. 1.J.l lyses.
.i.1.1. Periodic pent on.a.I perfonn
..... 1.3..& Pen IC c indi
.&.l. ...
.a.J. l. .I Ensure that uf 1c1en1 resource the s · tern.
4. 1. ......
. ... ·"'· awillttf~~ ~ pro m
ned in matte
ope
~I
ion I
tin to
... 1.1 .•4 n ure t in e I control folio
.u.1. to u of
ucu.
.1. t. he lit! un ·, i
·'-1 .1.4.
0 rauo GAO f er. I.
J.. I •• 4 eu tc
edutt .
J..1.1 .. En re r le
. l.1 .J..,
...... .s r e- pon
..... l .. l
.&. 1. I. .l
.a.1.1.s. Uuhu re ourtc < rd re. of
cffec 1 c. tconomt
bJC II C.
4.l .t ..a t sup coc 's mis ion,
-4.t .t ••
.a . 1.1 ..... ubmat input he ulc :rn
c ( bh htd 0 ~
.a.1.1 •. 7 enfy 1 re u of proce~ in
4.1 . l. . n ~·10.U C d re n
min str.ior•
.&. l . l.
.u.1.. 1
.u .1 .•
G er I 1 I I
.1.1.6. inform uon produc d erv1c to
es.
·U.1.6.4 n re ol ·e en ironment 11ro lerru e ., humu:hty. ir
on monin • S)<>\liCr) Lh t ffect operallo and communicate ~ c to
t.1.6 Control th medi libruy n 1 e mo ement du e of tor gc
edt .
... . 1.6. a1labilu • ~hlb1hty. re pon iven , et . lso. c
lions to ensure conunuuy of r tion .
.1.l. .7 be plied t
i t m naacmcnl 1n i
4.1. J. udll 0 j ct ' Durio Thi am nt
1.l.7.1 De ermine
4.1• .1.1.
any
... t.J. .
... 1.1. ud11 T for Thi tat
.... 1. .1
uon an en c G 0 ~er. I1
ecc:.
J .1.1. .J
.i.1.1. . c ii m ould bccter
4. 1.1 ..S
.I.I .
.a.1.1 .•
control.
.u.i. . nun uy of pl p-l~te
I 11)'
te ed .
.l.l . u tel • mamu.in 'JI le el for
.a.I.I. .I an
G 0 F er I I 143 Ope 1on d • inten ce
.1.t.1. . udit rodu nd \ or P per \'tlopt<I In hi mtnl
.1.1.1. .t ro 1d more ct ls th n the on m I
~ . l . 1.9.l zin the ope tion is e 1denuficd by t c
Operation nd ~ tn{en nee G 0 1.t • I. I
.1.2 Sy ment
11 y tcm pcrfonnan c from er I
II y tem re pon 1 enc s 10 the en
• l.2. l nc bj lhe ror 1m I
.i . . 2.1.l
4.1. • . 1.2 that qu tit ti~ely u es user
-4. l. . I. n#ure 1h t there 1 rocc th l penod1 II me lU~ y tcm co 1
e e u enc s.
4. L!.1._. En ure th I ency r onnel a.re ifi 10
pcnodic lly mea urc nd monatot
J . J. • . .? Rel lion hip to Other t1m n
Our n tht re .in e • u 1e ho\ll effe<:u cly. c 1c1ently, and
nn 10 iupport th users needs n the ency' nu ion.
, , l.2.3 nc Produc nd ocumu 0 lhurd Durtns Th mmt
.u.2.. 1 pec1 l monitorin repo
produ c for users ffilUll emcnt, and
limited to:
b
c. computer and communr uon equipment till 1ion t1ust1cs:
r. c p tty plannin updlles.
G 0 F Hr I 1 Oper uon c
4. 1.2..I cment
J .J ..... I n gc m nt n nci or
11t1d oncuonm
.a.1.2..i.z En ure lh t en
me ure )' tcm pc onn
~ . l.l. J
.u ... o nwi cmcnt. co\•aron ent • and
n e ccu1ed.
.I ..
an
.1.1.. 6 an
.l. U u R pon bUit
f\'I c requirement bein
.a.1 ....... 1th IR.: t t ff t plan nd e te le o system o trols
d.
.• 2.'". personnel to pcnod1cally
em ope 1ng en iroruncn
• p wcr lo )
.a .••6 1me t
.J.l . . 1 emunc he h r user infonnat on md f\'ice
met 0 n feed from rs on required
G OS ·er. l.1
J .J.?.6.
" · 1. ... 6• d rc h 1lity
.... .2.6.4 1in 10
.a .• •6.5 Tc t d1
.1. Perform qu iry n e o en un: th 1 inf rm u n produ ts n
crv1ce . el vered are of high ual1t .
.1.1.1 udll bj ell
-1.t.l.7. l E cmtnts tween u nd llU t
... 1.2•• 2 erif th 1 perfonn n e t 'C bcin met.
.l ..7 Venfy th t co Lrol im lcmcntc 10 nd
rnfonn t1on resourc am l un thon • r.IU
"' ·1e, and abu c.
......7.4 enf the operauon s b1h of lh Lem by c Ju trn s 1cm
a.al bility, rclt b1hty, etc.
... 1.2. Audit for Tb s~ m nt
.U.2.. I JRl up n
·U.2. . of ys cm re pon 1vc
d comptcce.
4.l.l..3 e fy l.h l. the re ults of a ency tes for on inuny of o 11ons
u te n complete.
G 0 AF vcr. I . I 147 0 11ons nd 1 ·n1cn n e
~ .I. ..
m1 m n gcmcnt
.l.? . ctcmiinc ther an dfecli\e ccuri1
rJ ion I d th t en y pe onnel a.re p ners
relating to ecuricy .
.J.1•.8.6 'tb
.&.1.Z.9 ud c Produc d
.l.?.9. The follo in produ t hould be coll ed from the a ncy:
nt utihz.auon ti lies:
c.
( .
.u ..9 •.:
l..S G 0 \er. I.I
4.2
o oc ur. they
maria emcnt.
needed to m af
sy tern.
G F er I 1 149 Ope oon 111d inten cc
nt
The n m:1n gcmcnt pl:1n hould iden lify ob1ecu ·c d u11e its th t c be u d to
m1mm12c the n k of r ilurc durin the m men nee proce s. fore ample, e or
m intcn nee ould be n 1mpon nt objecti c ror ystc:m th 1 i e pected co re<:e1 c .. lot of
h n c O\~ tr ii rel u cly hort period of time. ~ys1em h 1 must ruct co th ngcs m the t x
I. could be n c mple of th1 1tua1ion.
There hould e
use o
L r development o loc J pplic 1ion.s should not occur ilh t lhe no led e n ppruval
of m n cmeni. er chan 10 tandard plications and COTS soft iate should be
i OU Cd.
nc_ Prom ,
1s p relies on the ency profile for infonn lion
an 1ndards. policic~. nd procedure . P t revfc s.
tc4m to c 1 1encic rel cd to y em ma.tntcn n e. S
u·rrcnt I~ I en ·1ronmeru..
Ope uon n M 1nten nee ISO 0 0 ver I.
.2.1
G. 0 F 'er. I . I ISi 0 ration d Mun1en c
...l. l.l th er men
,., thl l SI f fC Cl C • cl 1fic • e lu tcs, and
ptl
....... I .J nc Produc tn Del vued Durln m nt
.... I .t trouble reporu . y
enc te ue L
rcqucs from ope 0 r rs.
b. Sy tern chan ~quest log that compiles 1fic the
requests.
c. Re cmcnt commuruc tin the st tus of
... 2..4 pon bllltl In Tb
.l.l..4.1
... 2.1 .... 1 Re,·1cw nd pp ts uni thi u1hon1y h
n ~1 ted to
.i.t..a. nont1e to en ure th t e. ar-e ton istent
... 2.1. 0 f 1lit IC r tn ol ·cmcnt d
ntic .
... 2.1. 0 lyze nd enirmce ah ffo of
...2.l er p 'bill tit DI char1 d In nt
.$.2 •.• 1 enc unre in u in1 he ystem IC.,
4.2.1. .• ire r requ1 fu HO l or
• lem ( 1 e.• tern en n e re ue ts) .
0 r t1on nd • 1am1en n c IS. G 0 F er. I
.-.2.1 • .J mcul 1c the ur y o ccq ted or re u1~ •stem
.a.l. I. ·-' e marn1cn:in e and ope 10 ~ i in
.a.2. t.6 IR. IR pon 'biUU Dlsdutr lo Thi mrnr
4.. 1.• I on a
e S)Slem
"· .us tem chm c: reque ~c · ed fro e~nt. r
d y lcm opeuo .
..... l.6 ~ n ain chan e rcque t log.
... l.J . ... y em ch e requcsu o u en.
S) tem o
J .l.I. . is for t.
4.2.1.6.
\udh Obje th Dunn This m nt
4.l.l.7.1 en nc td policles emchm e
ontrol e
.&.l.1. .l In pphcd to
for cons1s1' cy
.• 1.7 d
.a.2 1.7 . E · u te lh integri
.a.2.1. E Ju te the nority· uin p cs or rcdi le d coa -i tc t
resu l .
G.\O S er. 1.1 153 0 lions :in M~n en
.cu .. E lu te he en 1\cn o ommumc ion ~tween us.c •
m n cmcm. nd t m nten n c ff.
.. l. ud t for Thl ne
. . I. . 1
th ch n e co trol
"'· . I. . intern ly co s1 ent
.2.1
•• •1. 5
• for co p etc ,t i lC of
ue~
.i . •1. .
"'· .1..
.! l . " E of nonti .
.2.1. y ti ficd 1th
ere ue
I
.. I. .10
tonal e my.
..a .... I. d't Prod nd d
c 1e 0 IC p un: .
e IS G OS er. l . l
.i .• • l. ...
4.2.1. . l t
G L
G 0 I I
.2.2
.a••.z..t nc 0 J«tl ror
.i.2.2.1.1 ilh the
.-.1.2.2 R I tJon h p to th r
hangc needed to m ify or enh n c the
on ucm, nd -.sc c sy tem
nc Pr nd m D I r~ Ourln Thi
.a.2.1.•. of u c
4 2. .l u td
.l of (1 .e .•
G 0 F er I I Oper uo
• .. - • ·-·. • ";~- .• :('!_~.,. -~ -
4.2.2 .. 6 pd te s.cr umen1 Hon 1n lu 1ng r cdurc
.a.2.l ... m nt
.J.2.l.4. J ne c s ry rt ource 10 up
elo mcnt. n deplo meot o
4.2.2.-&.2
4.2.2.4 obj cu ·c .
4.2.2.. 4
. ... 1 • u· R pon I lltl ar ed In Thi m nl
.....l.5.1
...J.2. JR~t R pon lblllt DI ch d in
.i.? •. . J De clop test ta.. test I. nd ocumcnt
cc 1in requued.
4.l.2•.l
......6.J
r to
4 . . . .4 n ure th t ch confi ration or
communic tion u hly t led pno to full
lo mcnt.
4.2..• Docu
h re .
0 non llJld . 1 nten n 15 G 0 er. . I
.-.: . .6.6 u n ppropnate nd en ure ah t •stem
followed.
"· ..6. th may c use del y in
...l ..?••
in c
.l .2.7 Aud l u D rln hi eame t
Detennme hether the ency:
.L .7.1 com leced the dct~I d sign;
.a.1.2.1.1 1mplcm nted n
.$.l.2. 7.
.a.1.2.1. y tem and sof are t:n i eeting tic includan techm
nd tools in the sy tem modifi ion:
.a.1 . •7. used pru em mAJla cment p uus to rrumm1z.e s stem mam1cn e.
.a.2. . d lt mt
... .l . . 1 di 111 n of 1he
Detemune the role
4.2,1 .l cm n oftw en1inttnn
ppro ed h.anae .
.i.2.1.8 n d
lion manaacmcnt tool .
l man c nt an y tem
e quality of e y tern
G 0 S er l . l 159 e
4.~. . ... Re 1c the u r docu~n uon procedures. manu.tl • on-hnc help.
etc ) o ctcnnine \>. ether th1 document on lcarly urately
retlcc1 e c n c rcque -t•
.a.l .- .5 cnfy th h
4.l.l •.
4.l.2.9 udlt Produc and or · Papu oped I
4.1..... l 0
c i n.
4. ·-·9· used in
4.2.2.9 essment or lhe modiliution c.o 1 and sch le -
ed.
0 r uon e 160 G 0 SAF er. I.I
Appendix A - Profll
~U loa
, To un rst d
e its
o ledge of lhe
G 0 SAf \Cr . 1.1 ·l 1le
le 1 lwon.
on
1d
Info ton t 0 incd
Cop1c pcntncn1 bill • ts title • or I perumin to t
ry 1h t 1 nccc aJY to c pl ·n ho th en 1 to
h1 h the gen y h tcd ndlor rnterpn:lc ITU I n,
re on en y p ram . d
pu p mp le . letters, etc.
C pies of he proposed bud cl, the urrcn1 Ud Cl, nJ th fr the I I ) )'C
fo r m JO pro nm n auto 1ed y terns that up rt the
. pie o pl nnin the suatc ic IR..\.1 pl rcn th
de clopment. nd JOr a en inform uon stems.
tic ... G 0 S ,·er. 1.1
. en
lin e
Inform uon
c
hsc
er. .3 P file
Once org ninuon clemcn ntificd.. the au itor hould re ac pertinent rin1... in!M"1\rc. th t
e~ribc cti itie . utho ·ti pons1b11i • of IRM s
In~ rm uon to
t\ op) of posrllo dcscnption for tc 1n1n e no led c.
nee ed o «>mph llL\.1 ll\ sti (c g .• S)<items clop nt).
p file (po IU filled
' ptio .
I ndard
St tutory Computer S«uri1 Broo s ct r 196 • P perw R ct1on ct.
cc.
Profile GOS er. I.I
Office of M gcimn1 an Bud et Circul . G 0 St nd rd for
lntem Control . Fe c I In orm t1on c ourc
Re ulation. et .
lion Sccunty
Tel ommun · uon
Discret1onary ~
In orm 1ion 10 be Obc ined
Copic of peninent 1an th t ffect the ency's m J r ro ms d utom cc
1cm.
Copic of pcnincn1 polici ffec in chc 1 ency' m ~or pro and utom ted
cems.
CopiCJ of pertinent pr edu · ffectin the gen y' maJor pro d u1om ted
LCJ1\S.
0 0 F \'Cr. I.I P file
[nl It , nd tudl
for c <litor. Th y pro 1
pplic blc: to t current udit.
h1f rm uon r 0 1n
p1 of incema l u it!ii complett
rin the I l 3 )C ith inf nn u n or
1n rm t1on re urce mana emen1 problem .
e hn ilh inform r'o or
inf rm uon re
I C
Co 1e of conu1mor rudi of the in~ rm ion re- ourc or
in onn uon re rce emen ti m .
Cop1e or on re ionaJ te tim ny o repon ion he hich th
en nfonn tion re ourc m nagemcnt u ui e been e
f>ro 1le GOSFerll
1 m Profil
II I n n·m 1or s 1em
ers1on o( 0 ifB
y umen nd n · etc ly
• it 1 \cry import nt nuf in t o A1S th t
nt 1gn1fic;m1 enc
In onn tton 1 be Ob inc
Cop1c o info 1Jon m n cmcnt pl
for h
arc
List or COnl no led e in identifi
U rclc nt pplica110n le in ludin tcrf 10 r
1 t nd de ll relc
cc t t e en of th1 p~ndi for m or
lun
G F r. I I .; Pro Jlc
Pr tile: G O \Cf. I. I
Sy t•m Profile Work h••l
s,.,.,,, ~
•
CAltto'Y (u!f'~I ..
c~- '."'!:.'?.-~~·
M· .11• 0•01 s "u - ::- !lllO<ll, •• .• _ "" ·- ·-- -•· ;- u;ldt1t
:Q ' 1:1$ "" SlllCllU I , IRV., "'=..·-. --
s •• hl'l(I Blllol'!tll Vol I ICIOflH~ O't ltJitm
81.1• ~H Dl'l)(HHI lt1<1td try·~·
81t '"31'11Jl'd I 11111"!1 H 110't';
,· ·~ " ~ ·~
nc; I 'f",10,....A
. Pait Cllcbl..,.1 , ••• t
S11e
"""'°""
l'J• C)Cie
t>""'jl f.,,iaced --- ·-
I wltl'I , <L - ·~- • •tMOOtl , -
IOll'U
I
-· -~-· -
- ~ "-•io«'t
"""'°'w - • COlfl
I
I
"·~··""
Pei.tr.t i
------
. . ,.
·~ --
~
---·--...-,.....
I
'
•«r..v,· c~ t ...c.r l'l&l'I"• '. 11. , - -- -~ · ·-....
.....,..
.,.~~ ,.-:,_~.;_--:.~ . ... . :• - -
~~- --- -
r . - - 'SJ~' llh
'.'..~- ~··-· ~ C!'!lt ::..~ ·~
·- -.. -.-- -..~ - .
~
11 •
Ll l~
r ~· !
\;~ = j
-·- ··---~
~
11C;;,t:a ; ~
....
.._~
---- --:~.;.
... ~---
-~
I
I!
~· iff~~· -
,..._
.
___
-~ ...
- - ·-
~
,, ~
. ..,....,
.......
~ ... , 1!!;!s ~·
-~
~
·- - ...,.~
- _,.-~
.....,.
~ ,.....,.
I
p~
- -
~··--"'
~
.. - -~
-
..,_.....,..,........,,....,...i
"~
$ I I
• · ~~·"'
"'~
._.___ __
C- -
:il«V- ot Gt\
~·
-- ...
Stan Cl.al• °' -
-
Ena 411• ltould Ht.fll•ltl
0 - ~ - . inld
· COfllllOl •CIOn of Cit~~- IU ""
0 t _tloprlleN pariC)f'ln(ll
PfOOll'M\~ •··;- -.9;.(1) ed
CMM HH lrMf'lt-ol d -- O"DllC>
0 F tr I. I Pro 1lc
p I • 10 G 0
odologie
10 (GAOi W
l.
0 8-1
Rel led • let olo 1C -2 G 0 et. l I
App d1x C - A
c
)( x x x x
x x )(
x
x x
x x
)( x x x
x
)( x
x x
x x
x x
x )(
)( x
x x
G 0 er. l.l C-1 pph le Cn en
••
c
x
F P IOt
x
"PS101
x x x
x x x x x
x x
x x
x x
x
x x
x
x
x x
x x
x
c en C·- G O er. I.I
x x
x )(
x )(
x x
)( x
)( x
x x x
)( x
x
x
)( x x
)( x x
x )( x
)( x
x )(
)( x
x x
G OS er. l. I pph le Cnten
x x )(
x x
x x x
x x
x x x x x
x x
x
x
pph blc Cmen 0 OS er. I.I
x x x x
x
x x
x x x x
x x x )(
x. x
G 0 er. l.l C-5 Cn n
p lie blc Cntcri G 0
A Quick eference
to eci 1c S p and its se men . On c h p
11
srcm hfe cl 1 me nd lhe en y's
GAO S F er. I.I 0.1 Quick Refc~ncc
I· er I I .l Rec nc.:
GA A· r. I.I I. Pr •r m· v I Pl n in Qui Ii. Rctcrcn
.
G A er. I.I 2.1 lion R fc:rcocc
GAO A · er. U . I Jc Ii C igo• De I ymcn1 u1c R er c
G ver. I.I . I Sy lcm R ·i rcncc
A /\F er. I.I 42 )'Im mtrn cM ulc Qui ·l. R ·I ·r nee
Appendix E • Submitting Comments
Feedba on thi m nu i encouraged. Pie use the following fonns or their equ1 llent.
S F h ngc Rcque.st - for specific changes.
F Comment Form - for general com.menu
Po t-A ignme nl Survey - (0 describe ho SAF u cd durio :m ss1 mcnt
G 0 DC u er will be le 10 cdir electronic c ions of the~ form •
Wriuen: ommcn hou ld be sent ·to 1he following re :
.S. Gene I ccountin Offkc
ccountin itnd Information .fan cmcni Di is1on
Room JSlO
.WI G St
\ h1n ton. D.C. OS
un: P ul ii crman, Project Manager
Comment m y lso be sent by cm ii co the following drcs :
11 cnn np. imd @ o. ov
G 0 S F "'er. LI Comments
SAF Chang.
Delt:
Ye
Ch g1 Otsc: •P ion (• sptc1
ers on u btr. d t, nd sourc.a)
. 0 tt:
Comment £. GAO SAF \Cf. 1.1
SAF Comment
• 1
Yn
I ,.._...__..
Acc:u
Eu o use·
Ot r
ca
GAO S F \·er. I.I Comment
··:i·~'.~
nt Survey
Oa e:
Job Cod
use tuI?
$AF? 0 Too ltchnic.4.1 0 About
Action· 0•
ommcn E-4 0 0 SAF ver. I.I
G ossa ry
fonn l e\• Ju rion pcrfonned by customer ro ' 'crify th t
the m nuf crwer h met lhe gm:d·upon pecifications an
th t de ice 1s fun tionmg intended.
The bility a.nd the m ans nec:~sa.ry to appro h, input~ or
rctrie c d r or software, nd/or communica~e ith. or m c
u of ny resource of an utom tcd infonnation y tc
\ Ct onlro Ensurina th I the re ourc.c of an AIS can be accessed only
by uchoriz.e u crs in uthoriz.ed way .
, cce ontro H dwuc or software features opentina procedures,
(ech nl m m cment rooedurts, nd various combinations of these
designed to dctccc and pre cnt un ulborlz.ed and to
pcnrut authorized acccs to an utomatcd ~t.a pn>cc$ ing
system.
cce Metho The technique used to cccs data on physical file de ice.
T pcs of c:cess methods include ucntill, in it sequential
hie hical stru ture, nctwo tl'\I turc. n relational
Sl!UC:ture.
CCC' ~f tthod A method or nsferring dat bet een computer's main
s10 ge a.nd n 1n utlourput de ice.
ccounl biUt The bilicy to hold indi .iduals r pons1blc for their actions.
er dil lion The managcriLll uthori tion a.nd approval. granted 10 an
AJS sys tem or network, to proccs ~nsitive d
operat on al en ironmcnt, m e on lhe b i of tnific ·Lion
by ign ted tcchnic.a1 · rsonncl of the e ~nt to hicb
i mplemcn tion or th ystc.m meet pre-specified
tcchnic requirements i hie in1 dequ c data securi ly .
an aemenl can accredit sy tcm. t hig rllo er c el
th.an lh ccrtifi lion. If man.a emen1 ace diu th sy tern
t a tiighcT le cl than it is certified. management is acce tins
the re.sidual risk (difference between the le els of
ccreditation and c rufication).
\c un Information that is free of cJTOr. [Sm acc~p ble em> in
AIS can · till be con idercd c.curate.) Synonymous ilh
integrity.
G 0 S F \'Cr. l.I G- Glos
cqu icion The ob1aining. b cont t w1lh ppropria.ced fun . o(
supphc or el'\'1cc mcludm con truction) by c
u c of the fed r I o cmment through purch or Jc e.
thcr the upplie or services :ire aJready ·n e i tc or
must be er~ led.. developed. demonstrated. and evaluate
Acquisition m t the point n ency needs
established nd in ludes the description of requifcmcn to
s tisfy ency nee . soli itation and selection of so l'C •
ward or con :cts. cont fin cin -, con l perf<>nnan e,
cont ct dmim t tion. and those technical d man
function dfrectJy related Lo the p o fulfiUi
needs b)' :ontracL
c ui lllon PJ nol The proc: s by hicb the efforts of n personnel tuponsible
for n cqu1$ilfon coordiruted and intc throuab
omp~hensi e plan for fulfill 'n the g need in a timeJy
manner d al reasonable cost. ll includes eloping the
o crall strttcS)' for man ing the quisicion.
dm nf tr ti •e Pro ~ur process ble operating instructioru
required to ccomplis specific proceu within sub-
sys1em. · dminmrat ve procedures detail manu tcp
a.loo ith e planatioru an e amples. Procedu used for
'uch things perfonnin rouune or c crical as ignme.nts.
m in decisions. rcpon distribution. input p p Lion. or
~ r usin wo ice utomallon related equipment.
dm n Ir Un rcu t
( ontl'"ol }
DP bbre iation for tutom tcd process n
en rocurtment re u t by fede I gen y i the Genera.I Services
Rtqu t R gcncy to cquire infomu.t on pmcessfo resources or
dclcg te 1 ulhority to 1LCquin: th resources.
. I bbrevi Lion for utom ted info ysicm
Th compo enu o! an Al
d • and people.
I or t m A rescnbe set of well fined rules for the olu ·on of
problem in a anue number of SLep . Genenlly, a comple
forrnul fi r ol ing _ pccific m th m ti problc
e of be )' tems life eye!~ synon us uh
G-- G 0 SAF er. I.I
pplic tlon computer pro m e 1gned 10 help pco le perform
ccnain type or ork. Dcpcndln on the ork or ~hich it
w designc . an pplic rion c n mampul re tc i. num
phics. or a combinauon of these clements.
ppllc tlon ntrol Methods i ne for c ch p lie tion
oftwuc) co ensure the uthon1y or
ppllc tion oft re Compu1:er programs th l ptrfonn d t proc:cssin funcuons
her th n control Functions.
ppllc tlon oft re Then: two type of software: ap lie hons of1w
terns softw . Both a.re wrincn in computer I ngu g
and c be c Jled pro :rams. Applicauons soft are 1
so(c ch t d so cthing for the user. nybody who
the computer is called user.
r hltecturt descriptio-n of all function l tivnics 10 pcrfo ro
chic c th desired mission, the sys1em elements nee cd to
perform the fu tions, d the de i&n 1ion of performance
te (!f of tho sy tern clements. An lfthitccrurc J
in lud.cs infonnation on I.he technolo 1c , interf c • n
toe t1on of functlon1 and is co idered n e ol ing
description of appro h 10 chi vin desired mission.
rllncl l [ntetll tnct ( I The
. udlt Tr ll The chronolo 'cal set of reco th t pro.vi s e td nee of
system 1 vity. Th c records c~ be used to reconstruct.
re iew, and e amine trans tions from inception to tH 1.11 of
fin · results. The ttto can also be use to > tern
u~ e d dccect and identify inuude .
udit [ ecvdty-rel ted To record indepcn ntly n later ex mine (selcctc sccunty
use or term) rclc an1) sy tcm la acy.
G 0 S F \'Cr. I.I G·3 Glossary
udit bllll Relate to the production n retention, by an AIS, of
record of ignifica.tu proccs in c cnts I.hat feet ecurity
on ith the ability to loca c nd reconstruct ho e e •en
udit b1lity I o cncomp scs the sy tcm of internal eornrols
Lh t ensure the mte .·ry of process in an the protection of
the udit records.
uthentic tion I. enfi.cation of the identity of u er or the u ts
eligibility to ccs AIS.
Verification that a me sa e h not been llered or
corrupted.
uthorlz don c ri ht ~Ced to indi iduaJ to use th s stem d the
d ta torcd. on 1
uthorlz 11on 1. A user's ri ht 10 comm nic te with or m e use of
com 1.uec s stem.
2. n CCC S right..
3. process of gnntina au either complete or
restricted cc to an AlS resource or function.
tlon n utom 1c · ystem for the or aniud ctlll ti
pr c sing, m intcnance. transmission, d di min tfon of
1nfonruuion 1n ordance 1th defined roccdurcs.
Infonn. t1on proce so used to refer to
com uter rcsoutecs.
ADP equipment is equipment u . in uppon of
Proce In o ani tion's inform lion cnvironm nt. co istin o
' OPE computer nd 1elecommuni tio s hud their ttl tcd
components.
\ ii bll t um.in onsi ration for pccifyina nd n is
collected from anous outt: ilhin an cnt.crp ·
A\I 11 bahcy ans~ers c question, ·1 t 1a there hen 1
need 11 M o L is .rn de v I b c · funcuon of input
G 0 SAF er. U
rtn T..-alnin fan cory penodic rrninina uircd b the Computer
Securi1y Ac1 ·O 1987 for 11 cmplo ees o invol cd
uh the m n emcnt. u or o ration of fcderal com. u1cr
ystems. arenes train.in creates a ensiti iry 10 hrc ts
nd lnerab1liti nd the recognition or the need to protea
d ~ infon:n lion. n lhe means of proceuin them.
B ckup dupJic. te ·Copy of pro tam, disk, 0 d t m either for
an:hiving purposes or for afcguardin lu le file from
loss should th c1ive copy be damaged or tro ed.
B c: up Proc. _dur 1. The provision nude in contin en y pl n for the
recovery of d L d for re:s:rart or rcpl cement of
computer hardw and .s.oft are after stem f: ii
or dis.asttt.
Copying of cb1 o mcd·um from
h" the
WI be re.no d if c origin J d II is
destroyed
co .p-romised. Full upi opy all d in the
sy tem. f ncremcntaJ b kups copy only du lh t'
been ch.n cd since the I t fulJ kup. ouo
b p pl invol es kecpin bac p medi off.site
:d de eloping procedu.ra for repl ·n s tem
components, if uy, aft.er a sy tem flilu~ .
B ellne specification or roduct th t h been fonnalty re ·c
nd upon th t thcruftu SU\'es c b - is for fu
dc..,clop nt and th t c n be chan onl lhrou b formal
c control procedures.
B line rcblt tun starting
ro ss.
Ben mar · co
Benchmark Test th t u a represent.au c tof programs d <la
cs1gncd to cvalu te the perform c of compucer h 1o1o
nd oft are in 1 en confi u tJon.
G 0 F er. I I Gia s
B t a nd 11111 Offer tn 1 opponumry for offerers in the compct1t1 c r ngc ro
re tSe propo al .
Blu rprintin The process of producin on 1 tent er o cod blc,
phy k l I n for construction.
Boll om.u p ro r mmln pro mming techn ique in hi h lo cr·lc ·cl fu n uons
c eloped nd te ted fim; higher-le cl funcuons e 1 en
built u 1ng the lower-level function d so on.
Bottom·l:p Orsi n Formm n fa ering of innruc11on \equcncc
~hrh od together. sta.rt1n - t m c 1ne instrucuon le cl n
workin up to a com lete solutton.
Bru k E t n P Int point in 1ime here co ts 1ng m tch um ul tc
clo cnt expense .
trco mmunic lion
~f tlho<I (BT M
Budg tin a nd Co tt na
pricin tratc in which
in ludes ll produc u hMd • s rv icc , tninm
etc .. in inglc pnce.
Glo ry G-6 G OS er. 1.1
Bu lne n ai tion pl n th t l c enterpri e
follow on
111
and/or long.term b is. t spcc·fi the c tc ic n t c,tic I
ob·:cti e,s or the compi.11 over pcnod or time. The pl
therefore. i time depcn cnt: it will chan e ith the
enterprise. Allhough · lllinecs.s plan i usually ncten in
ryle unique o specific enterprise. it hould con i el
descnbe h t i pl nn • why it i:s pl ed. wh n it ill
implcmcnte • by ho, . nd how it ill be augtd. The
hitects 0£ the pl n UC typi Jly lhc pri i I of I e
entc~.
u In~ Pron R • of the fun lion performed in
n inre in (8PR carryin out an org i tion' mi ion, win d anoed
lll enabler. The i tac le lcms in
· y's in proce ses: {l too muc.b time mo y
spent coordin.ating and communicatin and 100 little time
doin wo that bcnefi customers d 2} boundaries
bctwce.n dtp,an.mcn repre n1ln buriers to ch
Of M Compurer· i ed Desi n/Computer· i Manur tunn .
wron -h ed sumption bout so ubject.
p blllC Ud lion The t.cchni erific tion or e dity of roposed s stem
ccnfiguntiort, rep! cement com ncnt. r the re turcs ot
functions of its soft ve. to usfy fu ion&I requirements.
Th intent is ·o en.sure th t the propo~ re ource can
pro 'de the required functions.
p cit h.ed d~ ·ice
p cit M na em nt
C p dt . fan emmt Ind
~I ILi nd
comparison to
compriehcnsi e I ~I f
ompute.rs in all ph of computer
F er l.t G·
ded Autom ted tool th t pro ide upport for soft
en inccrin t1 ities. They ould not be confu ed as ools
or y tc En inccnng; lhe1r pcrspce:ti c is on oft are
cngi ccring only.
tools Computer- idcd Soft En incering (C SE tools.
trt!fk lion I. wnucn u, tee th t sy tcm or compon nt
complies ith its s ificd requircmcn d is
cc ble ror o cional use. For eumple.
written aulhoriution lh t a computet system is secure
and is pcrmiuc to ope te in a fined en ironmcn
f ormaJ cmonstntion th t yttcm or compo mt
complies ith its specified requiremcn nd is
cce table for opcraoonal use.
Th proces of con 1rmin1 th a system or
component complies with its specific requircm(n
nd i cccp le for opera1i u .
trtinc lion nd e techn'cal e alu tion pcrl'ormed as part of, din upport
ccr~ltatlon the red1t tion p css th esubli extent to
hich panicul computers em or nefW desi d
mple entation mccc 1 prespccificd set of security
requue cnts.
h tf lnrorm lion mcer An c ccuth•e-lc el offi er ho rep ts chief
c 10 infomuuon bro er/ h1l«llstrategi to . compuy. Th
CIO repo to the Chief Executi\'e Officer (CEO and
m2inu.ms lat rn rel · ship ith Ch'cf
Opcraun Officer (COO) d Chief Financial Officer (CFO).
lien trvtr rcbit lure An unn
oC ·d1stn
to td rchltecture escnbe any compule:r d ho
s not freely v 'I ble.
Glos G· G OS er. l.l
lo d hop The oper3tion of computer r 11ity here pro mmi
ervke lo the u er i the re pons1b1liry of group of
peci lis . lhertby e (cci'vely eparating the ph . of t
ormul 1ion rom th t of computer implemcni uon. The
pro m~ not allo ed in (he computer room to run or
o c~ the runnin o their progranu. Cont ed with Open
Shop.
C BOL Common Bu inc Oriented L ngu gc. · t proces in
I ngu e for computtr programmin lh t m e use of
En lish I ngu ge 1 tcments. ll 1 c pecially adapce to
usiness md commerci I problems.
de ystcm of ymbols nd rules for e in reprc cnting
infomu1ion.
od . on\' Ion The con ersion of t from one code to other.
odln Crc tina: the softw re used by lhe computer from progmn
no h
oht ion The me ure of the inner tten th or rel tcdnes of the
'ous elemcnu of am ule. Fun 1ional modules h e the
higl'tcst coh ion.
otd It n altem ti e (computer or communications 1lity wilh
1he equipment necenary to uppon lhc in wla.tion nd
ope . don of a computer center in the c ent of dilmsttr u h
nood oc fire. sully docs n inc.tu e y com uter
equipment.) Con t with hot site.
omm nd. ontrol, od CCC i a tenn used prim _rily in the defense indusuy to
ommunlc: tlons ( CC represtnt n infom11tfon system.
ommerce Bu lne Daily daily public don th t Ii tS the g<>vemmcnt's procurement
in it tioiu,. contraC"t 1.w , subcontrtctin I ds. e .
surptu propcny, and foreign u inus opponunities.
ommunlc tlon rotocol of rules lhat o cm commun ·c. ti ns among com tcr
y cems. Standard prot ol • wt.en implemented. llo
different manuf turers' computer sy terns 10 communi te.
ommunkallon The U'allsmi ion of dat or inform tion from one pl o
piece or c uipment- com uter, for e ample-to nothcr.
omp r<m nt non-hie hie.al si :n 1ion applied to sensiti e
inform tion in one or more cate -orie.s to denote peci .
h ndling d cccss control restrkt1ons.
G 0 F vcr. 1.1 G-9 Go ary
omp tihllit) rocc 1n equipment by 1,,1•, hic
c haractc:nstic of d 1
one m hme m y lcccpt and roces di prep d by
n thcr m hinc 11hou con ers ion or od~ modific tion.
omp tib1l l • Im ltd A t te enl of re uirermnt e res c in cnns that requi
R u remtnl 1t ms to comp uble withe 1stin inform uon p in
mp tithe c group o o ero ftcr t«hnic 1 d c
C\'alu 1ion. to whom contract is reason ble
po s1bilicy.
mp1 ten h«k Uf"\'CY 10 de ermine th l all requirtd in ·record i
pre rn.
'ompo nl
com ncnas.
omproml he sccunty s tern uch th. t n un•uthorized
d1 closure, m Hie: Lion. or de true i n of sen.sui ·e
rnfonn ti n m y h ve occuncd or th l dcni or rv1cc
cond11ion h n induced.
omputer
omputer to i1t in th
DI
o mputer, l td computer in wb1ch the sequ nee or in tructioru are
Pro r penn ncndy tore or ired in perf'onn autom 11 _ally
nd n subj t to h nge c1 er by e c.omputer the
pro mmer e cept b rcwirin or ch n 'na th to ge
in , Ul.
Glo ary 0-10 0 0 SAF er. I.I
omput r fr ud com uter cnmc th l an olves deli cc rnisrepn: nL tion
or lttnu.ion of d t and/or sofr an: in order to o t in
omcllung of aJue, usu lly for moncwy g an.
omputu Pro r m
omputet ('Uri
omputer oft . rt , 1 chine process blc in tro tion !or ope tin a specific
computer. Thc1e t o pects to computer software:
wh cb is e<>n ed 'lh the b ic open-
t' on o uued to o rate computer h (i.e.,
operar1n sy t(nu, communk ti utilitic • pcrfonnance
monitors, edito • compliers. etc.). an ·plication sof are,
hich is con enled ith ha ing 'the c:o tcr rform
pcci Uzod ks to 'sr users 1n their effon.
Computer, lored computer dut under control of its own instru tions.
Pro rm can s nt esize. alter. .mnd core i uuction thou h y
c~ da: d can sub cquently e ccute th n
iru auctions.
oncurrenc ·~ t o or more actions or d ta
umc.
Concurrmt term. applied to a omputer o ration in bi h l o or
mo p sses {proaruns> h e to the
mic.ropro esso s lime and are erefi carried out more
les.s th- same ume.
ConOdtntl llty Th rty infornuu i n m
drsclo~d to un thorized iodiY1du.als. enuti scs..
G 0 S F er. l.I 0-11 Gloss.uy
onn - 1Jon A roup or m dun s th t ilfC intC1'Connc ted
ro mrnc to ope tc il s ste
onn uralion ontrol
onn ur t on lt~m
1ting of all
onflcura1lon
Mn em nt
Co i t~nc: ey to etermine lh t Jtems of data
• bounds. d other p terS
con
Con ruct on
Cont null of OperatJo
ontractJn1 mcer (CO) d/or
tcrmin te con enrunations
fi din .
Glo ry SAF er. 1.1
on tra l n m er'
T chnl I Repr n ri ues.
0 Rl
onlrol ObJectl e The intern J control go I or I gets 1h m n
h1e1te or nea tJ\'C e fee t th 1 miln gemcnt
for c h t pe of cran
on trol P ro ram
·ng pnontie •
isor.
ontrollln Controltina c n considered the function desi cd to clo
the m&n erncru loo • • f y control.s d 1gned to:
I. provide umely ~ back on how ·en o g nintmn.
I n in eJtecurcd;
2. 1dermfy roblc:ms. th ir si nific ce, and c ; and
i e mana cmcnt b is i r establishing pnoritie to
correct problem th t ope 1ion.s p ti e,
run econom1caJly. cfficien ly, nd effectively. nd
upport organiz ional mis io • oals. nd obJectaves.
on r on I. The proce s of chan in infonn ton r one fonn
of n: res.entat1on 10 et, such as from the
t ngua e of one rype o m chine to th of ¬hcr or
from m ct1c Lape to the printed a c. Synonymoui
1lh con~crs1on.
2. of h 1n from one dat proces an
meth n ther, or from one cypc of oqu~ pmenr 10
another: e g., coer ion from n h ca.td equipment
to m nctic t pc equip ent
o t/B nel l n nal s1 of th cost or eitpcnses in um:d by project 1n
c mpari on co the bcne its nvcd from tmplemcnting th
proje . Thi an lysi i lso u cd to nnfoe the alue of
i nfonna.ti on.
G 0 SAF \er I.I -13 Glossary
ost-Re mbur ment
ontract ats
ntr I Pro in nit The he
p
ri ic t P th to
A
r tJc llt The irnpo of the mfonn on to en e an ency to
C(:Omplisb i mmion. lnclu th imporu.nc or the
mis io itself.
r plo rapby The princ1pl , mean . and cthods for c tin plaintext
nd decry tin ciphme
re to
u tomer n&ineer ) c of com t.er
ustom r-pro Id~ pplie to equipment o ed by e customer or le
quip tilt PE ) en ors omcr than the te!cpho e compan •
·b rn tk
ical
yde
D represc:nl tion 0 f COhCC , OT 'nnruction,s n
form iicd manner sutt&ble f r co nmunic ·on. intcrprewi n,
or processinr, any represenwion, as chanc 10
h1cl't meanin m y be assi n
c« rr n ement e ice th t provi s direct elec:tn a.I co eeuon or
cuslomero ncd n mamt · eqwp nt 10 the
wit hed elecommuni lions nc •ork.
Glos ry G-l G 0 s \U. u
cqui itlon thcr urcc. l pie II)
n lo h) 1 I rcprc cnt uon of inform 11on such th t Lhe
represent rion be n c t rel t1on hip o the on in
inform lion. The clecrncal s1 n Is on u:lcphonc h nncl
re Jo data rep en a ion of he on in I 01cc.
Data Ban
t dmln t tlon The u uon ilhin dAta mana emcnt th t i used co de •Jll.
maint in and implc nl the cnterpri c physical <bt b e
mode l and pphcac10 phy 1cal d t b e m 1.
Oat B t n io erln
en inurin
0 b• t \1 n• emtnl oftware used to store and retrie"e data based on
) ttm 8~1 tru tu~ ormaHy, the oft are i limuc in
u c 10 irect css de 1c s. DB S p k s usu ly
employ either hicf'WChical structure, network suucrurc, r
relation ture.
D l la flcation To identify nd c1te1onte ta cording 10 their degree or
le cl of cnslli 1ty 111d criticality.
G 0 \.Cr. !.I G-1.S Glo ry
oil ctlon The t of brin in data from on<: or more poin 10 central
point. y be in-pl na or out-pl t.
alll ommu nicatlon Th movement of e coded inform ·on by an eleccricaJ
trnrunussion system. The ml'S lOn of ~ from one
point to not.her.
ID Abbre i tlon or the design. e elopment. d deploymenr
phase
, at Dlctlo ry lrtttory
rDD
a El mt t
lement D finltlon
nanativc
at Element. ie:ld
ecord, U ·
ncrypt on ndat e key encryption I onlhm
G 0 F er. I .I
Oto$ G-16
D ta nl The process of inp ung new da into computer memory,
typ1c ly from ke board.
Oat Ent nit unit th tnu1smns d ta into a computer. For c mple.
tcnrun or key-1o-disc uniL
Oat Flo DI 1r m i 'i tam th ls o ch line repre~nlin d ta element
(. ou rdo or roup of d clcmetlts and each circle represenung the
processing of da
D•ta fusion The in1e ion of t.a.
D ta Int rlt l. The St tc lh t c ·s hen enteml in the AlS
the s me as th r in source docurncn 1te h led
intended. m not exposed to acx·dent ' or
m Ii 1ou moclificat1on. dutruction. or d1 los re.
The prcsttV tion of d1 !or eit intended we.
3.
4. In . dat1 b
upd&te ere t ·o eoocurrcf'ltJy c CCU 'ng rnnoc::H''
each correc in us.elf. may mte:rfere r so
to produce 1ncO!'l'CCt ttsults.
See system inte ·ry d sofr integnty.
D•t• ;\f n emeot The o rty d directed control of data from uis1t1on and
input throu processin . output. and stcn
D . tanipulaUon
D ta . ltdium c phy ial m teriaJ on h1ch from com 1cr i
cored.
O Proc fn DP) The c:rcecution of s stem t"c cquen of opcranons
pctfo upon data. Synonymous ith infonnlllon
•ta le ·es ta.
D•La tductJon The da anro more omp t,
more strucru.rc 1 mo useful form by scaJ in •
moolhin • o er editin p edu~ .
G 0 SAF ·er. l.I Glo
0 la "
h rln The use of 1n le d file by more lhan one person or
computer. D t h ·ng c rn be one by physic lly
tr n fe m n 1lc from ne computer or indMdua.I to anathcr.
or it can be done clectron1 ly by en lin two or more
compu1crs 10 communic tc ith e h other or with rc:mo e
computer on hich file to d.
ur The origin 1or of computer d
tructur The loai al relationship m na t uni and d np on or
uributc or fe turc of piece of (e.a .. type, I ngth.
Cle.)
tructut 01 m 1rucrun: dj gnm i cntifie: the rel lions.hip
t m cfinin rcpe tin or Item ti groups or
0 truccund design p CS in hich the SUU rurc or the S)' tcm
proces rrurro the strucrure of he data on which 11 o
r n ml Ion e scnd1n of d t from one p of a sy tern to other
p rt. See also D t Communi tion.
D p
Distri u cd 0 t Proces in .
Debug ith oft nd correct lo 1c I or
in C>omputer ro . With hardw , 10
detect. locate. d colTCCt m fun lion or to fix
inopentble y tern. The term 1roubltsltoo1 is m commonly
used in h ue conte
Dec ntrallnd Proc: In The di tribution or computer-processing f ac11itie5
o tions in mo th on loc tion.
ttlslon An ntcm ompu1cr operauon o p d proccdu
th t comp t o p1tees or inform uon or vetifi
of sin le piece of in orm tion d then t es a
action.
ed ion/ ontrol sttm ystem Lh r est blish feedb 1c C>Ontrol for th function
flow.
Olo G 0 AF ~er. I.I
Deel on u pporr . tern et of rel te rograms and the d t required to help v.1 h
4()
n l)'si :ind eci ion m king ithin m or i tion . . OS
1 imi la.r lo m na emen1 inform 1ion s s1em ( US) but
pro i e I.he ~r nh m help in formur ting u1em ti e
d cis ton d choosin the mosl vproprial course.
0 gr d 1lon
u onty to ,eq in: infonn 11on proc in rtsources up ·o
nl uthor t pc:c1 ied hmtt. t ucd by the Ge11ml Se ic
d ini tn.rion in respon t0 an agency procurement rtqu t
D I n major ph of th sy te life cycl . It indu the
lo ic nd physical Jc 1gn of the system. producin
detai led y terns bl rint.
0' n• O· 0 t me1h to -.;cntrol cost inert by muin1
o cost o Is important as hie in perform
chedule o Is. The pnnc1p .e$ call for continuous an J
of n e-offs among cosu. schedule • perform oe
1.urcments and app pn e dee. ions to k p th ro ram
rom e cccd1n preset cost 10 .
ktop omput r A compu er th t fi conv icntly on the urfac of a
bu mes des •
D~ktop Publl In The use or computer md specialize · ofNfare to com inc
ce nd 1raph1cs to ere t a document th l can be pnnted on
c ilh~ I r pnn ter or a typcscmn m hi .
De le The untr or p of m hine th translates da as input co
or ourput from a computer, ·.e.. stora device, anl
re der (input), or a pnnter output).
c t 11 nan isolation of malfunction or mi in a
ommu 1c tions device. netwc>tk, or ystem.
01 It I om putu diguaJ c puter i ·One in whkh lio
r o or mon: di ere t 1es. Binary dj i al com utcrs are
based on o tatcs - to ·eat on doff - am.n emenu of
h1 h u cd 10 rep~ nt all type of info lion.
0 it I SI n turt En rypted dau. appen
en bles reclp1ent 10 p vc lhc ldtntiry of d
rcce1\'er nd re ol e y aulhenfcation issu
en r .
GAO F er. I.I G-19 Glos
D,{ t r r«on pla.11 See Conungcncy plan. cold sue. hoc: . ue.
Dilcrtt onary cce m or restriclin ce to files. ireccories. or de ices.
control t ) cces controls arc a ~ ion.ary in the ense th t user 1th
panicul . ces right c n p s th I .ri h1 to ny
other user. Con t 1th m rory oeu control.
DI
DI ton e)
DI Operalin tt , fo t microcompute u disk operaf n1 system (DOS).
ahbou it may not be alled DOS. e DOS · respom1b c:
for re d n d ritin d ca from and to the di : it tells th
re dJ rite . ro mo e to propri te tracWsector and
reports any crro th t m y occur unn es ·.
i pla The representation of in is1b1 f onn: i. .• ca ray
rube. ll ts. or in 'c rors on the co ole of computer
• rioted report,
I tributfll D D in lh t i performed by connected co pwer
roe l1t ~ than o locatao
Olstribl.U d atab in hic:h the
·ous nodes
D tri uted Proc Inc ~ of information p in in which orlt is
pcrfonncd by sep compute th tare linked lhrouJh a
conununicado
G 0 S vcr.
nt tJon The roup of techniques c 541")' ro the orderfy pre n-
l ion. o n1i non. d commumc tion or record d
pcci Ji cd kno led e in order to maintain complete reco
of re ons for chan es in ble .
m In
P. I c mg ifana · em nt soci ti .
dit htc category of controls built into an AJS 10 detect
un ep hie dat v Jues.
Produc:ins d rcsul ere efficiency is
with ho k is performed, cffecti cmcs.s
e nc t Jity of e wk itself. Effectrvcncss ns c
question. Are 'IAie doin th ri ht things?·
Emel enc. Producin ired result ilhout waste. Efficiency is
concerned with how well t..sk is performed. EffectJ cncs
de ts with the necessity of the k itself. Efficicn y s ers
the que ri • "Are e oin thin riaht?
The a. 11ity to transfer inform ti S1Kh d
in oice , from one compu er to another o er
communk Lions net ork,
Thi is an a.ll·in lwive tcnn n is liberally interpre1e 10
mean the o e ll cien e of converting ta by clectroni
means to any :Sired fonn. S nonymous ith automatic
data proc ing.
Tr fer DeKnbe:s various eomputerized electron c communic. uon
systems th t tnnskT finecia1 information from one point 10
ot: er. Computer technolol)' is used to expedite the
trarufer of money ithout soci led p per p ymcot
instruments.
ltctronlc l ndu trl Se indUslC}' tand uch interlaces u in d t
· so lation EIA communicalions.
Et CriJnic • I I' The tran mis ion of e over comm nicarioru
ne rt.. Elce:cron'c mail. or E· aiJ, is comp ter-to-
compuc~r ( r tcmunaJ-lo-tcnninaJ) ersion of interoffice m al
o post rvi
0 0 er. l.l G-21 Glos ry
mul ton A tcch.n1que 10 permit a computm y tcm 10 c ecute
programs ten or o her y 1em.. This form of 1m1 tio
1 primanly l"nC vi hard . Emul :tion i enenlly used
to minimize the imp t or c con c ion or programs from
one compu er sy tern to no er.
ncr)pllon The process or transfonmn d l into n unintelligib c form
i such y th the ori mal cit . r c nnot be o oed
or can t>e Uli~ only by wmg . d~puon process.
End ' er T itionally. rec 'pient of computer output; uh
microcomputen. acrm use an refcrence to the people v. ho
use ( oppo 10 1gn or ro ) computers d
ompu.ter ppli
· nttrprlu En lnttrin
[nterpri lnformat·on plan to sausfy the inform tion needs of an cntcrpri The
tr It El ) pl li ts the obj ti es d projects, in prionty n.nk.Jng. th t
arc required o tisry e b in s plan of the enterpnse.
An EJS i 1i in o tan lye ol in d
y1ng in
Enterpr e . lanacement
d ph SIC
net
Endt la nm chan c sho s thm
tranSaetJons th 1 occur
an O't'Ctall co Cpt of
r onomics
Gto uy G·-- GAO SAF er. 1.1
!"ror ny d1 rtp n y bcl~ccn ompule ured
nttl)' tbe true, speciahzcd. or
a.Jue or cond111on.
Error onlrol
rror o rr~ctlo n
rror le
lu t on
· ecu e o perform \pec1fied ope · n Ii t d in ro ram or lo
run the ent1~ pro ram•
. p rt cem
e lbllil tud
The rttul uon th 1 codifie uniform qui Ilion poltc1e an
p e re fore uti e a encie O"Vemment c.
ommunlc tio
)
nd p cdurc
ourc ~1 n cemtnt .............,.... u ed lO
ul t on I MR
•Prl e o tne:t e, or in ap ropn cc
JU unents.
G G· ..
lt I lllt ffort requi.Rd to mod1f nope tiontl pro m.
R • FORmula TR slauon L n u ge. common Jan e
rimanly w.c to e p~ss computer ro ms by anlhmctic
formul . h i . t ly d pied to m u t ienufic.
and en i rin problems.
tner tlon enn ipplied to langu:a e i inte un Hh the
proamnmcr. Su h I ngu step up from standard
hagh-Jc\icl r mmin I n u h c. Pasci.J,
COBOL
ront· nd Prat'. r cdic ed communic tions compu r 11 front end of
host computer. It m y perform line control. m c
ha.ndJ n code c'On enion, enor conuol, and ppli lions
function ucb the control and ope ion of special·
purpo tmrunals.
Full c It Ot\tlopment th t m lu clop1n • cnginceria , i nc 1n ,
for stem up rt.
unction 1mplc mappin or set of mpu onto an outpuL
function odt t pec1fi m chin functions (e.g.•
unc:t on I n The pec1fi uon of the rel ion hap bct\lteen orkin pans
of compulcr stem. in ludan det ·1s of lo ·c
components ~d thew y hey ork to er.
unction I Flo tcp in the requirements de ini ion ph that inclu
c t bli hing the main lin in tcnns of 1nfomwion flow wing
sembty lin di 2 -·""'~
Funct n I R qulrtment requirement th t specific function lh t yst.em ot
system compone.~t must be able to pcrfonn.
function a p dOcatlon desaip ion of lhe scope. obJeetives. and t o
opcnli tG con i ere in tbe el mcnt o
inform ·on·hlllldJing y tcm.
unct on I trln or Code eri of softw modules that pcrfonns p 'culu
function.
uuy Loi
Glo ry G· 4 GOS er. . I
me hfll m them 1 J process of lectin an opumum trtleey in
the c c of an opponent ho al 0 h cgy. e r e
of n ture might be th '"opponent· in 1 planned sp c sh
The cra1egy to overcome e m1 ht be '"play ~on
computer 10 c . 'n an opumum l.IW\Ch d
rn ral ontrol The controls t apply too enll com uter proccssm
carried out t f. 1lity., bu:t these arc n n:l ed 10 control
o er specific applicatiom.
ne I urpo A comp ter th t perfonn y computation k: ilh
omputer so To ch nae e ma<:h1nc' tas different soft a.re i
run.
Ctntratlon
the ncx
rap bl
Hand -On: nctic~ ex.puien 10
Kud art hani nd eleccronic equipment com m d "''1th
software (programs. insttuetions. etc.) o te clcc me
mfonnation proc sin y cm.
H url tk De elopmHt . bihty to 0.
Hltnfi lcal b rt
IHl 0
tlltrarch c.I Datlb
G 0 S F \Cf. t.I G-25 Gl uy
Input : Hiel'lrChicaJ
IPO PO des1 n
Hf r rchl I lruc lu re Rcfcn to how i tructure in strucum:.
lie i organized into hierarchy of re ords uh
upcrior/subordin tc rd don hips. h level h only one
"p nt• but h e multiple "ctnldren ...
HI rarch The rel tionship between set. it
lru tured hie hy requires lh
the clements of any I vel must be cquencc.
repetition, re.cursio11. or concurrency.
Ho t Com puter e primary or controllio computer in a multiple comput t
net ork ope uon. Thi computer n lly provi high-
tc el services, uch omp talion. d 1 b e cc s, or
spec·al pro1ramj or pro mmin& I RU e for other
computers in I.he ncl o • computer u ed to pre a.re
pro nu for use on nolher computer or on another d t
roe sin& sy tcm: for e ample computer U$Cd compile,
link. edit. ot 1c t programs to be use on Other sy cm.
Hot lt . fully equipped computer ccm(er lh t pro · tern ti\·e
computing cap biliry for we n the ,e cnt of dis ter, such
o fire. Con t ith cold site.
Hou. kee pln Operations or routine that do n t contribute directly 10
solution of th pro lem but do contnbul directly t the
open.t"on of th computer.
c de i&ning or machine 10 SUll
Hum n n lnetrln
the needs of human .
Ht.men fe-t. Freedom from tho e conditions th t c n c use death or
injury, or m ge o or lo of d t h . are. or oft arc.
Q. 6 G 0 S vcr. 1.1
Glo ry
Hum n·. chine ln tufac The bo ndary t which. people make contact with and u c
m cnines, more yp1 ally nOIAr'TI the U5Cr tnterf c hen
pphc to programs. and ope ting y •ems.
0 lnput/outpu
r n in tfo The procc s of celling ys1em the i · iy of a us.er or
:molhcr y rem. ually p f lhe login p s. See also
~uthcnttc::iuon.
lmpl mcnl tion A m ~or phase of the system life c;ycle. It invol cs puttin
c:on tructcd sy tem into erfect in a piltticul phy iw
en ironmcnL
Inform n t mcnt S ttm and
tern BT ro allo the remote
tcmunal ystem.
Jn· ut 1r m scd to d mcm flo fro standpoint..
lncrcmcn To mere lbe value of number. usually by o •
Jndtp ndtnl \'rrlnt tlon Vcnfic tion d vali tion pcrf tion th c
nd \' lid on (l ) i lechnic.iJly, mu aeri ly. and fin pen nt of
th de elopm nt or aniulion.
Jnrorm tton I. The me riina th t is currcntJy i to dtiu by
m of the conventions applied to that
users.
In ormatlon o The costs incu~ in quirin and/ producin1 inform uon.
This Lnclu the co lo the n:sow:oes used to e
inform uon and olher rel led c incurred in ias
roduction. sto e. dmem1n
This producuon of infomation. from an aa:ountin
n poirH. is similar to the prod won (m uf cturc) of
c:ommodiry. Both in ol e convcrtin omethlng ra
(unfini ed) to finished product y 1pplyin1 rcsoortces such
d.uttt I r people , equ1 pment. _ o erh
C form Uon lnurin n mce led el of formal techriiqu for pla.nn,in • analysi •
esign. d construction of inform1uon systems from a
e11terpn • 1dc perspective.
G 0 er. l.I G- 7 Glo sary
Inform lion Flo e qucnce. Limin • d d1recuon of how info 1ion
ttds rough n o n1Z, ion.
lnronn tlon ift cit De cnbes the st c of inform tion proo sing beginnin
with ere rjon o collection nd proc.« mg through finaJ
d1spos tion.
lnfonoa1lon • lana ement control of inform tion..
d
lions.
Inform tlon Proc In fhc u1s-1uon, sto e, m nipul Lion. n di play of da
pankul y by clcc:ttoni meaiu. ·
Jnform Uon equirement user need ~ spec 'fi<: infonn lion an order to perfonn
duLies and respons1bihti .
Inform Lion RHOurc
~Ian tmrnt (IRM)
to
information
Inform Lion RtUi The proce of findin ~ orpruz.ang, cli pl ying
informioon p icul ly by elcc.cron 'c me
Inform don clence The tudy of uon as col ected. or amud.
handl d co munic
Information tcu.rJt Gene ly onsidered to e o crall m · a cmcnc.
roc~rcs conuols ncccss ry to ens re con 1dcnu i ,
intt 'ry, and continu'ry or ope tion. for inform lion
y tcm.
Information tt tion hfe cyde th 1
ti • procc in .
set.
Gto ry G- GOS Fvcr. 1.1
Inform t n · tern
n inu ring
Inform lion tchnology
I ) ideo in
lnltl ti.on , Proj ct e proces of inhi tin project whe.n work ~quest h
been ppro
Input • ttri entered into . d or word procel 1n y &em for
proccssin . I o. the t nsfer of da co processed from
cyboa.rd or an e Lem I st c ice to internal sco c
dC'll lCC.
Inpu t/ utput De ke piec.c of h d uc ·th is used for both providina
inform tion ro lhe computer and rcccivin infonn tion from
I(.
Input· utput II , general term for the equipment u to cornmunic tc ith
om . tcr an the cb in'llolved in t.hc communic.atiol\S.
Input· roce · Output chart lh show th input n output to each func11on
h rt l HIP :md the proo sc c h funcnon Pfrf'omu with those mpu
:ind outputs.
Int ltd of'tw rt tegory of applieujon pro ram th t con tinues c enJ
computer t s, such a.s word proces. in1. t base
d prcai hec • in . ingle pack e.
lnte r t on The sharing of d t o information among subsy terns a.nd
y tcms.
lntegrlt The complercm ss d accu y of d torcd in compuler,
icul y after it h been manipul in some w 'I·
f nt t lll ent ermin•I 1ermin.al ith i o n memory, p~ or. and finn are
th t c.an ptrform cen i.n fun tions indepen en t of iu. ho t
proce sor.
0 er. 1.1 Q. 9
Int r ti Oper tm in b - nd-forth, o ten on ers non l m ncr.
\ ~hen a user en ers que . t1on or comm nd nd the y em
1mmed1 ely rcspon .
Int rconn t it Th btl 11y to link equ ipment electronic ly. c. , to n b 10
net"'Of end an recei e ta.
lnlerf c
lhe computer.
Int rm lt nl rr r i\n err r that urs t unprcdic blc ti
ntro
I nterop r bility of s terns to wort together. to cod ud intctprel
ha.re data. Ct •
lnltro r~b11ity
from other re ourcc .
lnltrop r te crv1 e to or cept service from other
ems. or compo cnu d to u e e change
re ti\cl y.
In II lion for The sohc1t tion ocumenl us en cone c1in by ealed
bid m.
orm of da.ta u ed m c pen y terns th t conuuns the
ccumu l red body f no ledge of hum n pecialists in
p nicul 1cl .
G-30 G 0 S F ·er. I . I
Glo
l r& c ft omputu e-sc le compute pro ide complex and powerful
pro ramm ble logic to c comple problem h1 h
~uirc hi hly ccntrahzcd compuran po r. mpJe
ioclude, CDC 600. CRAY. fDAHL 70. ILUAC JV, an
others. So e operate at pccds of 100 minion 'n uucr1oll
pcr ond
Jte •dt See synems life cycle.
lfe cl The cost lo d .sign. evelop, deploy. 1e, and m mtain
system throughout i dts1 n · cd life.
f·ne line of inform tion m computer pro
Lin or ode in3le computer pro m command. Ian on. or
ion. Program siu i often measured in lin or code.
iquid led Dam Compens tion 10 the 01o:emment for conU11etor' r ilure to
perform in timely manner.
Ustln report prin ou
o al rea , et or communication tem esr nc for intrl-buddin cl.ua
ommunic tiot1 .
rt , et ork
Jin th l en ble any de
nerwo .
0 ic e sy cm lie scheme. hich d fines int ions of
1,gn in th de 1 n of a pro • s stem, etc.
o r hart ap n. First used as ctin tool to 1d in the do ent of
hart tructured programs.
o le DI eram schematic th 1 hows conneetion.s be n compucer
to c c1rcui pccif an thee pccted outpu from specific
set o inpu: .
Lo le 'I Bans Hes ( Lo ·ca1 file of en1itiC'~ rel u ships. cycles hown 'th
their ropri te d.at clcmen . The minimal data
require nts.
tructure logic' I d1. hie en ·ed from e lo cal ou t
tructure (LOS of an oui ut. less y comput , rcduncwu.
ml Ii C'n.J d elemcnu. sometimes ilh suucrural
infoma(on d
G 0 ver. Lt G-31 Glos
Lo le l Dec ion n dccmon th t c n h ve one of two OtJt ome (truclfalsc.
}evno, d so on).
utpuc tructure All e d ta elements for 1 pJ.JticuJ
onto LL . hierarcht 1 tru re.
roe rructure The lo ical hierarchy of a proce
Lo k I et ion or d proc~ e same number of umes
c condition or l the same pl ce.
ttm D nnl lon The pl nin of an tomated information to its
deunl d cngineerin desi This ould inclu e the
synthesis of a nct-..o of Jo ic.al elcmcn pcrfonn
pccific function .
Lo cal Too Tools tlu.t ~ indepen ent of cor ,pu nd computer
I gua
o ·lt~tl L n ua1e
1 . rge sc le ante ration.
.I C re · tion for
l. me-ssm e authentication cod and
man tory cc control.
M chine for equipment t 4l an sto nd proo
lphabctic infomutio
~1 chine- lndtptndeut proaram or piece of h lh can used o more
thm one computu ilh little or no modificanon.
~bchi t L ngu c The iruenul bin 1 n ua e into hich m ed
programming Janau must be con c ed before
c p ss omputer program.
. !achlnt R d bl ion presented in a ro th t computer can interptcl
due inpuL
Glos ary G-3.. GAO SAF er. I.I
.M ichl n~·Dt pen dtn t n djecztivc escribm. ro or pi e lh~t
is hn ed to p nicut computer because it m use of
spec1 tc or unique feature o the equipment th t cannot
c ily, if 1 11. be u ed uh nothcr computer.
~I cro ~ ~
If
• f lnr m computer.
I. The central processor of th comp ter ) stt'm. It
contains the nwn 10 g , arithme 'c nit. pcci
re isrer aroups. Someti c led central roeeuina
unit (CP ).
2. II that ponfon of computer e cl i"e or the iop t.
output. perip eraJ. and. in some instanc 1ora.
units.
: J inf me Compurer hi
. f ln1 In 1111 nu: e ·th hich m imcnance of ~ nctional unit can. be
puformed in co e ith cribed requtre~a .
M inttn nc
~I na em nt Inrorm lion
stem
G0 \.Cf I. I O· Ofossuy
. t ppin
ou pu1 through
of m ppin ~= one
m ny tom y.
~I r I Uf"'t
~1 r Fl file of inform tion used en omputer
It pro i infonn tio 10 be used by the
cd d m intained to n: t
~btrl n y o quantiti in a prcscn
'.\I di collteu c otd for the phy ·a.1 ch asp per.
dis d pc used for stonn c i nfonnat1on.
'.\ledium The material on · lli h
c • ma etic pe. etc.).
\lkrocomputtr
It •S SO....,...,"',. D
differen
~ti roproc or
microcomputer is m inte ted
1rcuit to microproccuor.
. In comput r cG'l"llmn1•ble ral-purpose computer cyp1eally
appli tio s. in"compu er often n:fers
proces 1n nit. Usually, H L panJJel
tth 8-. 12-. 6-. 4-, or 36- n en th
etic co
\ll ron m !or millions of i trocuons per nd.
measure of p essor s
Glos ;iry GOS er 1 I
em n Inform on cmcnt Jnform tion S) rem, a processing stem
II > d 1 ncd furnish m n cment nd uperv1so
per onnel ""tth current 1nfonn uon to d in the performance
of m na cm nt funcnon . D l 1s recorded and roce d
~ r opcr t1on I purpo CJ • blems re tsol ed nd referrc
1 upper man gemena for d is1on-makmg. and infonnauon 1s
fc:d to rcOc t pro re s m a hie in lllAjo objecti es.
~lod
in bin mode. lphameric mod •
~1odel n b 1 ction from real situation h t nu.kc predictions in
rl possible .
• lo em
:'\ odinc fol\/ The ti i1 require 10 chanae or cnh ce an ex.1stin
Imp o m nt (. 10011. f P) produ t. For mo t IRJ 1 or anizauons. tJu will rcprcsenr 85
rcenl 10 90 percent o their work effon.
fodular Pro r m ro rha c n ch tenud
I. 1mptemcn1in angle indepen nt function.
perform in single logic t k.
ha mg ingle entry 111d e it point. nd
~. being scp tcly tes blc.
-"lodul r ar Sof"' that i in elf-<:on ined. logical sceiion or
modules. ~·h1ch cury ou1 ""ell fined processing ·ons.
:'\fodul n m ercha.n e ble plug-in unit o comp uble add-on umt.
G. 0 F \Cr. l I G-35 Glossary
. I -DO , P • 1. '. IX,
ppte 0
:\tultlle el e urlty
computers hooked to. ether to mplish
ms, di or infonn tion.
~lullJpr or d lo «: uni for
. Suhlpro r mminc 1c hnique (or htndlin num ti or progranu
simul neously by means o an interwc ving proc
. f lllt mode of opcratio offi red by operai ng system in
h1ch omputcr wo on more th&n o e w t t1
. 'atlon1 lnrorm tloo
lnfr tructure (.. II
network. cnv ·s1oncd
, government
. ' rtd-to·kno
ion..
. ·e or senes of ints int.ercon ted by communic tion
ch nne s. The switched. telephone t ork co sis of public
telephone tines nonnally used i dial :telep ne calls.
priva enc o is a confi ti or
communic 'on
channels reserved r us of
. rt ork rchllectun The un crl in uucture of a comp tcr net
h , functi aJ I yen. intcrl'ac and
u ed 10 establish commun · Lion and en u .
rnnsfer or infonn uo .
Clo a. G-36 G 0 SAF er. l.l
•• t or urit echn1quc
I. hm1t rt
unauth ud
mu hi pie
. ' ur I • tt ork
oos s~ cm n
in br in esses.
, and tcmcmbers.
• od ny ra1ion, tcnnin in t 11 uon. communic tion compu~•
or communic 1ion com u er inst II tion of computer
network.
.'od yncm {or wor t tion) conn ted o n t or .
bj ct Pro r m m chine langu c pro m re dy for e ecucion .. u u lly th
OUF Ul or ·Coding y tem. Contrasle llh sou e projnm .
rr-1.h~ htU gc e crm c..n refer to h rd are r
ffict UIOm tJon
1cllly
n- · nt
G O I I
p n r hit clure c ign
p n Shop
pen ' t m
cl-
per in tem 0
ountin .
p ration ( ompuUr) The clcc roni ction r ultm from n instruction. ln
cncral. at 1 a computer mmmpul tion requm:d to ecure
re ult .
per tlon I Inform lion The type f an omu 1on required to conduct the fun mental
bu inc f the cnm·pn~.
ptlmlut on
00
n n. m for Tru tcd Compucing Sy tern E..,aJu tion Cntcri .
G OS \'C(. 1.1
Glo ~ G-'
Or nlzin Or anitin
rl ht Equipme t
;\ anuf clurer ( £. f f rum. F.re.quently.
are inte rated into
u1puc Information ltln1fcrrcd from the computer to the outS
ortd. a.n dcc•i •e, pcnaining «> c de ices b.ich
brin ini rm tion out of c comp1.!ter.
utput Ori nt th 1 swu ilh the oui-put b mi
P ck d of't A softw program ol throu h retail distnb tor
op to custom soft
Pac In The prous of groupins lo ieal and action uucture.s
into machine or human proc ble units.
method of proce run only on a type of
com ter conwnin l o or mo~ proc sors Nnnin
imultan ly.
P nll~I Run Runnin of ne ly de cl ystem in da PfOCCSsin
are in conjunction ilh lhe conhnued opera ·on of the
current sy tern.
G 0 S F 'er. IJ Gf o
p th A route from one poin o ario r. tn communi lions.
p th is r n c ween t o n in a ne o . ln a
da: sc. a path i s.clcclton of b nd nodes lO be
·ersed 1n tree struerure in o. er to progress from the root
n c o th~ tree to any other node. In prosrarmnin • 1 path
1s the seq encc of insuuctio computer carries out in
exec in routine. ln file s10 e. path is th route
follo c by operalina sy tcm in andin st0rin d
retrievin, files on 1 dis
P out P:t)OUt (or P yoCO Period. The timt it for an
investment (c. , in ne m hine) to p y for 1 If.
P~u Re\'lt qu Jicy urance method in wruch peers re e
pro rammel's w for y Ind for consistency ith the
ocher p&rt.s of system.
Pnform nu M n tmcnt Th proc of nalyzlo
ystem co detennine how are currently uuli~ d
how ch utiliza can be improv C.pacity plannin1
ists in forte tin computer rtSOUtce irements to
ensure th c p lry exists en needed.
Perform nee V lid tlon The 1ec nical verifi of lhe ilicy of a propos.ed system
con .1guratioo or repl "Cment c.omponent lO h le agct\C •
klo d olumes present d ex·pected) within
ermined perfonn time constrain .
Ph nomally per·
lit.. 0 co more
__ •.,_by hid1
Ph ID i D dding ph sical co tmnts restric:ti • and vol mes to
logi al sys ems e ign.
Ph iul «Urity Security m l'C$ taken to protect auto
sys m and related buddin
olher n1cural den iron.men
mttUSion, delibe te ltx • ty
h1evcd through the use o locks. ards, es. fcnoes.
dmioi i ·e control . (FlPS 41 Sec. 1.3 and 3)
Glo
GAO SAF er. LI
Projtct Pl n
Plannin A maJor pha c o c idcntifkation
f ro lcms to y tem.
Pl tfol'm mputcr system.
Pr d lo Th c. tent or det ti used in up in number. Precision
ind1 r d re of 111; accura y indic teS correcm s.
Pre enlh e . I lntcn ancc 10 keep u1 p nl runntn in
fP~f le nin , replemshment of
contnct.
Prl" c le isl 11on th t r quires a cncies to strict the coll t on
nd use of pcrs n l inform hon bout indi vidual U.S.
itiz.tns co offic1 use only n rt uirc afcgu&rd.s 10
rotect I.he inrc n )' o the inform uon.
Proc durt nption o ct of cuons to accomplish t
A procedure m y be implemented ustn either manual 01
Proc:ts D riplloo structured En Ii h n rn.tt ·c e pl 1ning ho the dau is
f\'ourdon) m ipul tcd in c h ubblc m mucrure d •an
mcthodolo .
Pro e in 1 fan1pul tin 1 w11h1n omp cer y tcm.
Proct Ing . f tthod n uprcss1on u~d 10 c n~ the ppro h t en for the
e ccuuon of in onnation system includins: uch methods
intcracu e, an-line re l·ttme. trus tJon. atch, dau and
time dnvcn. The method elected depends upon the d nved
logi proces e 1 b ed upon the an ysis of um.in
n economrcs require 10 eet the inform rion needs.
GAO SAF \Cr. I.I G-4l GICIUtry
Proce or computer cap blc of rece1. 1ng <Ut • m mpul un 1t. and
upplying resul .
Procurfmtnl The ctual proce s of quiring the product or crvices.
Produc:thity Produc1n resul1 • It is measured b effectt enc: c
doing the right thin s·:n and cffi iency C we doin
thin right?'"). produ uvil}' ~ cffecuvcn + efficiency.
Proficifnc Refers o the le cl of kno led e or skill of particul
wo er. lt i u cd to me urea o er' o era.ti proficiency.
re urcc· c\Jrrent job proficiency. a.nd the pecific s dis of
P ogr m Th el of instructions a computer follow to proces illd
dch er 1t answer or infonn tion ~quested.
Pro ram nal •
Pl'O r m D I n Struc1urcd de 1gn th005 includtn1:
~ftthodolo
1. ompo ition
2. t no c.sign.
3. ill structUre ign, and
ptoanmming c culu~.
Proar m 01 r m pro ~ m di lraJl1 prov 'de I method Of defin'n the loaic
W rnitr· rr) of proc;e s.
Pro r m Maintenance The rocc~ . of supponin • dcbu gin • and up ing a
proenm in ttspo~ 10 t b k from individual or co IC
u ers or the marketplace in ene .
Pro ram M n1 u The c ma.n gcment official bo rtpresenu. th program
o. fice in forrnul tin resource rcquiremen and man ing
pre olici cion ti iti . ln o o anizauons. I.he p
m n er or another man gemcnt offic' is design ttd
qumuon m gcr for a pecafic acquisition.
Glo 31) G GOS ·er. I.I
Pro ramm I Desi mn . wntmg. and te ung computer p rams.
Depe ing upon the ph1lo op y of p cular 1n ti uuon.
pro ming n include su t ui.l a.moun of y i.em.s
alys1 •
Pr r mmin L n1u11
Projut A sco of erk eoruistin of on or more ph
project i an pli Jon of the matenal and human rcSOUICU
to specific objective throu h thee ccution o! p bed
sequence of eve ll proj ha\le stru ture that usually
consisu of . gannioa middle. end.
Proj c lu ton SU 1y the I ph 0 project
esum led crsu atnal co u
nd opention.
Proj er ire d
Projttt ~f n• mtnt
ProprltC ry on re A program o n or copyn&tncd by indi id
butinesi and avail ble or se onJy thtou
permissio of own .
Prot A written objection by interested party to l) oli it.a ·on
for propo$Cd eoncnct. ( ) a roposed a.rd. or (3)
a ard of contnct.
Protot p
PubUc·Dom in · ott an program donated for public u e by i o ncr or doper
and freely aii ble for co yang d distnb tl .
G 0 s F \Cf. . I G-43 Glo uy
u lit ' ur nc
ueuln h or d la or
be Ct'n pc 1fi d
Ran '
n importlllt
ppli ion.
R pl rotot pin type of p ot)'pin tn h1ch cmph is 1 pl on
cvelop1ng pro101 ·pe c y in th clopment proccs
pcnmt c ly feedback atid analysi in up n of lhc
Jc,elop cnt procc .
R 0 t D I th h rocc ccL Such d 1 m y or m
R I imt
re ponsc to input 1 ub equcnt mpu
n or u1de the proces control system or computcr-
sststcd 1 lN uon sys cm.
Rt Im Proc Ina Operauon performed on computer
ph)' 1 recess or ta 1l)' su h lhlt
throu h the computer ope tio
C I tl)'.
Realiza tion p 1cular phy i I 1mplcm nt uon of n.
Rtto rd roup of rel tcd f ac or fiel of info
Untl.
Record ·out The or nt uon of 1 fields 1thin reco .
Re o ery The t1on nee.es ary to res1orc y tern d tt d t tics
ter sy tern f&Jlurc or intru ion.
OS ·er. I I
Glo G
Rtcur lo proces or
c mmon.
Rt>dund n Th l portion of the toraJ infonn lion contained m mess ge
th r c elim.in red wnhout the lo of nu J
information, such ch lCrs used only for ch 1ng. l o
used to · cnbe computer or communic tlon.s fac1lh in
hkh there i spare up de ice for h important
component of the sy tcm.
rype o d t or da b mtna,gemenl system that
stores infonn tion in tables-rows nd columns of d.11.1--and
con ucts search by u in data 1n pecified columns of ooe
table to find dditional ck in another ta.bl
ff 1lon truccur Refcn 10 ho d is structu~ i file. Jn thi UUCtUTe
fiJe or btc i n organized by o · d pointers as in the
hiervchical and nelwort tructu~. ut thet data i
org niz.e · into ~.conis o columns ilh primary and foreign
ey th t ate used ro m c up relationship ·cen dA
Rel lion h ip n intermcdi te t that r ol es many-to-many m .ppin •
such as in. oice, r.naru t10 , etc.
Rellab Ucy The extent o hich system or program can bee pected to
perform tts intend function "th required preci ion.
Remote ot in the immedi le icumy. n adject1ve u cd to descnbe
computer or ocher de: ic.c: lex 1ed in another pl c that i
c~e.mble through ome type o c blc or communi rions
lint.
Remot cc cc 10
eque t tor omment n announcement i·n the Co .eru BusiMSI Daily or odter
publlc1tion requestin mduscry commen1 on draft
peci fie lions (or re recs.
The olidtation document used in ncgoti ted prc.xurcmen ro
communicate go,•cmment requiremcnu d to oltc1l
propos .
Rtquir m nt nnltJon: major phase of 1he ysccms de etopment life cycle. It
in ol es the ioenufic tion. of ys1em ourput nd infonna11on
and the functional n lysis of t rcquirem nt.s for the
proposed system.
G 0 SAF 'er. I.I G S Glossary
R ource ttu blc ource of upply to produ c so~lhm . Ex.·
mple in lude human. fin nci l. matcri I, and inform hon
rt ources. To m 1miz.c the efficient effectJ e use of
re ourcc . they mu t be cl sifie in order to s them
chmin tc unw 1ed redundtncy d co uol ed in ord r to
receive. tore and di mbute them properly.
R pone Tlmt The time S ttm Wee to ruc:t lO &ivcn intern.I
between completion of an input me ge . nd receipt o an
outpuc re pon1C. ln eta c..ommunic lions. ponsc time
inclu c tran miu 'on time to the computer. proce:ss'ng rime
t the computer (in uding ' or file records). and
ran m1ss1on time back. 10 the tennina.1.
R poruibiUt Specific cj 1h t must be perfonned to fu lfil fu tion.
funcuon is groupin or r'C$pons bilitic .
Re rn on In stmcn& The ratio of ptoJ«tcd cost in
Rln 'tl ork local
RI k The po1ent1al effect if threat e ploi pa.nicul
vulnerability of a y tern.
RI k n l) s
sment not
Rl k M na emeot . m.m.1 ement ppro h 10 bal cina the costs nd benefits
of lS security 10 ,ensure th t AJS's are rotected by cost·
effective m1 or secuncy fcgu rds and control
commensu te with lh ri to AJS and th mi ion 1t
upports.
RP Request for nee quotation.
GI GOS er. I.I
re u rd S nonym for ecurity control .
(h m
t urlt Pre rv don of the authenticity, inte riry, confi enuality. nd
en urcd crvice of ilnY ensitive r nonsensiti e system·
v lue function ndlor infonn tion cl'c cnt.
curit · onlrol · Any action. d ice, p~durc. technique or other m ure
that ll e es cfftcti c computer ·d lnfonna1ion secunt .
ecurity con1rol ubset of intern I conuol .
urh Go Is The thm: oats of AIS eeuri ty e to chic e n cc ble
~ecti t ) de of
I. d t nd sof1w in1cgrity ( ~u y):
ta confi enli 1i1y: n
3. stem and d t
ur t ~I n ment Mui a cment c;ti tties in . Jud.in plannin • bud cting,
organmn trainin . conlJollin • and project .m n cmcnt th t
re implemented to ensure cos1 effective AIS security.
tcurit Plan cc y tem security plan.
curi t Polle The I s. rul • and p ticts th t regul te ho n
orp.niz.adon mat\a es. protects. and djstribute en iti c
inform tlon.
tcurlt Tt Hoa process u ed to determine th t the
ystcm are implemented des1 ncd n.
ope don.
tn Ill e JnCormation ny information for hlch I.he lo , misu or un uthorize
access to, or modification or. coul 1.d ersely ffect the
nHionAl interest or th conduce of ftdertJ pro rams 01' the
pri y to hich indi idua.ls entitled under the Pri c
c;t. · ut whic:h is not onsidered cl s1fied information.
G 0 S F er. t.I G-47 Glo ary
r rn o~rator c n olc) )' terns v.herc e
t e ord proccs m
re th t is u cd by mo th n one
. lmul f on I.
2. In co puccr progr31Tlmin . the 1echn1que o! scnin up
rouu e for one computer to m e 1t ope
ne rly pos 1ble Ii c omc other omputer.
imul anto Pr In The term 1 encr Jly u ed to refer lo concurrent operauon
in hich more than one l~s 1 proces y di idin
mon thetas •
pcdfk
enterprise.
· II In en or
ort rt c to lit of ro rouunes used lo cend I.he
b1li1tes of computers. such as compilers. scmblers,
n rT to • routrn s, nd sub-routines. Con te 1th
hard~
Glo :a G GOS \•er. 1.1
ort re n lnnrin
oft r HoU- Rc(cn o comp ny th offc so re up: set\lice to
usen. Thi support c n ge from imply supplying
m nuals and other infonn lion to counseling
co pl~le
com uter pan-t]me programming service (jobs op or body
h p).
on 0 r_a. pro is1ancc pro ·ded by end r d
usually at le 1 pan.iaUy modJr. for th user's com uttr
y terns c,onfi uon.
on l'"f Tool Pro ms. utilities. librane . d ocher ids th c c · be used
to de ·elop programs more efficiently.
olicit tlon n offici o cm cnr req,u l for ids/pro
ubliciz.c · i.n the Co~rct Busintss D c
llh re e regulimons.
ourc: ta The original da on which com u1cr pllc on i b d:
for c.i:amplc, employee job pplic tions nd performance
rcpo mi ht be the ree d for company' cmplo ec
t b_ .
ouru Docum~nt ori ini.I record of so aype th t · 10 be con encd into
machine re btc Ci nn.
e O\•cmment of 1ci in ch e or selecting the ource ~
n acquisition. o t often the title is used hen
election p s is fonn and e o · 1ci I is other than
tln officC'r.
ourcc ~~ t on rd om sed or f hnrc • c traC. informatio
E luat on Bo rd t B) resources mana. ers, nd Ol ct cm nt personnel whose
pnm function 1s 10 e alu tc pro aJ rec i cd in
re pon c to requc5l for propos I.
G 0 s F \C(. 1.1 G 9 Glo
ourc' tltction Pl n umcnl lh c nbes the enure process for anhn
cont t··pr pos I e itlu ion criteri c lu rion
mclhodolo • c uator rcspon tbtliu nd final ~lcct1on
procedure .
pad ti. Re(ereoctd n fomi tton Lh t c;in be
lnform lion 1he eanh's surf ce. such cc act
1 c. road. or stand of uees.
pttinc ~1 e and . 1odet
p cmc don
p IOC*tloo
tand· Ion An djectJ e descnb1n
not re uue upport from
tand lone ttm y tem tlw d n s1n1 po er or
central computer.
t nd rd ln computin • set or tailed t hnica.I guideli es used
cans of est blishing urufonruty m an of hard are or
of1 e elo ment.
r r . 'et or com u1cr network 1th penp entl n all c nnec to
one or more compute t c-entrally located ( "lity.
I ltment of\ 'or hn1 descnphon of re recs. prepared for inclus100 lJl
t 0\ soliciution document.
l nin C mmittee
Glo G-50 GAO SAf \tt. 1.1
lr 1 le Pl o
~ ltuclur I nal i A method of 411 I st 1h t ddresses:
l. c -le ..·el,
2. module lc\•el,
3. ort
tructur The 4ITilJ1 em nt or intcrrel 1ion or part.s dominate by th
gene J charact r of the whole.
tructure-d Ors 11 A mer.hod of I n that employ nly 1hc tructure
con tructs.: sc-qucn c, repetition, altem 1ion, hiervchy.
concurrency, nd r'CC'Ursion.
1ruc1ured Pro r mmlna cnml term refemn to prog in that p es
ro ms id de flo • de desi d de ~ o f
modu t . ty or hi h1cal strucru .
ub' t m
u tt
up re- mputer
p
G tr I 1 G G
t n"1 I ppro I of
•) m De' lopm~nt The p cs of ~fimn c 1 mng, c cl pin • le un , an '
1mplcm nun ne S)stem.
\ lop nt r stem hfc c cle th t in ol es
lopm t r
dolo
~ ttm ur projection of the time ptriod th t begins
m t I tion of the re ource d ends wh n e
fo I t tt OUr'CC h tcrmiMlC
The three i cnufi le phases of an AIS including initiation,
de ·elopment. and o nuon. See y t .ns vcJ tnl life
cycle.
~s rm Par mrter hose value detennin ch teru1ic:
tern.
' t m urlt. Plan
uon s stem and tltt:
~ ttm R r e up an rel e
rem n
Ir
G Q. • GOS er. 1.1
ste A fun ion that s Ji po ibl
modtficatio . 1mpro ·cmcnt,.
siems 1thin an cnterp · e. h, rr i mu emeot
funcuon. n an dtrun.islnli e fu~tion.
lt i co~emcd with
de cl . ina inJormau n sy tenu th t asfy e uillm\Cnts
of the enterprise.
Refen 10 IB
y ltcmi bjtttJ tS
Pro mmln1
TactJcal P •n
r.chni I lnr ri Thcch in p per output n:5ponsc ~
T hnk I t.Un propo:ul up to the le el of
i c unds of disc:uuion. u h
ultin from the offeror's
c,hn ~ I b
tthnlqu
noto
o enhi.nce
G 0 S f \Cr. U G-53 Glos
elecommunir tion The rccep1ion ndlor t n m1 s1on of inform 11 n of
n ture by 1elephone. 1ele ph. io. or other stems.
oft protocol hich control the trarulcr o( m s e
•f bet'>'cen the phc ion pro ram and lhc remote terminal
nd pro ide the high-le ct me gc ontrol I n e.
TC • m ro tn IN II M c be
pro rams f r controllin mes
t 11ons. or between rcmo c
programs.
I proce In The proce sing of 1 th t 1 recci cd from or nt to
remote loc ti ns by way of telecommunication Ii . Such
system c scnti l to hoo up remote tcmun s r connect
geog phic lly sep tcd computers.
LIP government program th t prcvcn the ompromising o
cle trical elect m gnetic ign&l th . t eman e from
computers an rel . ed equipment from be'n mterc p cd
deciphered.
t program. y tcm. or routin for th purpose of
1 o enng f t1lure r potentiaJ failure or program.
p cdure. or clement nd to temunc iu l uon or
pottnti loc •ion.
c ta A ct of d.at C'<Cloped pecifica.lly 10 t t the ~uacy
com uter run or y cm.
l Plan plan prepared b the government th t d t l the pec1 1c
te l1 n p ed s 10 be followed..
T tab lit Effort required to tc t pro to en urc n perfonn tts
i ntcnded function.
Third·Gener tion ny of the computerS reduced from. the mid-l 960s the
omputer 1970s th were b ed on intc ted ci:rcui I.her th o.n
separately ire t:ransi to •
hre t Any circumst.An , c cnt, or pers n ith c potenu
c.aus.c h rm to · ystcm in th form of uuction. di lo ure,
moditic . tion of data dlor sof ve, or dcni or c cc.
See al so IL k.
hrou hput The totJ me ure o u eful infonn don procc or
communic ted during pe ificd time period.
.lme b r-lna The u of a computer ystcm by more th one individual t
the me time.
lo G- 4 G 0 S : er. l.l
A con crs lion l or ~que tl~ipon e cypc of inte tion
betwttn the y tcm d lhc indiv1du l tennin ls.
o rn umque suu turcd dat obj c::t or m sa e th t circul
contmuously amo g the n s of cokcn nn dd
the current s· ·e of I.he net ork. Btfore any node c n sen a
me ge, it mu t first ain control of the tole.en.
Tool lo ical aids to help in c:: w ting solu ion to problcrn5.
Top· n De n fining
of
op·Do~ D lcn • hlhod omposition of a problem; th t is, uaJ
pro ssion to le els of peai er and ter de il in the
de clopment d ~finement of propam or y ttm.
Top· o o Pro rarnmin& n app cit to pro1 mmina that implemenu pro mn in
to~own fuhion. Typical y. th ' i d,. ne by wntin ma.in
body wnh calls to s.evc major routin (implemc.nted
stubs). Each rout:lne i then coded. c lin lo er-Jc el,
routines (abo one initially nub ).
Topolo The confi rion fonn by the connections between
devices on a local are network.
discre c activity ithin ~mputer )' tem-u.su ly
oc:i t.ed 1th datab man cmen~ order-entry. d other
onlin system . By dcfimtfon. ho e er making deletion o
re tin fa copy on microp or could e aly be
consideted a t:ranUCtion:.
r t trUCture eori 'niog Kro or more node lh tare
hn ed to1ether in hicrarchi fashion. The top-mo l n
i called the root. The roo< is the parent node to its children.
h child can in rum h e 'tro or m cruldrcn of its o
Every node in i free has exact.I)' one nt node an all
n in the uee descen ts of the root n - These
rel tiomhips en.sure th t thete is aJ ys only one
p _th from the root node 10 y Olbct node in th tree.
rusttd Compucu y 1 m standard of the U.s.•Go cmrnent for the evaluation of
alu1tJon Crlte-rl classified compultr s s1cms. ynonymo with 0r.n e
CSEC Book.
GAO SA.F \'er. 1.1 G-SS Glowy
ht h the manuf tu r takes full respon 1b1hly
ystem tgn nd in llll uon nd up lie ll
r'C, o tware. nd ocumetu uon clements.
'nbundltd ot inclu a part of comp ete hard an:J oft are
pc ge.
' nbundl pricin st egy in h1ch the ices. pro _. trumng.
etc .• are ld in ependently of the com utcr hard are by the
computer hard :rem ufac:rurcr.
'nlCorm on lract orm1t Th fonn 1 require by t e F for prep tion of a
olicit ·on.
'n nt Hupli It Po er
uppl tt:P )
' pd e
cunent.
product.
'p - dt As
crsion.
product.
'p1ime The amount or percent e of t computer systc or
oc1 cd h i fun tioning a ail le for e.
t
major p o the system· life cycle. e ys m is put
into service.
y person or proces inte ctin
stem i ' nfonn tion. and/or i
' tt r1t>ndl in& easy to l easy to use .
' r Int rf c . program ilh. hich use.r intenc .
pecific r scr
ts c aJuuc.s ork. and panicip
ti ifC$ . The is normally
a project who assu th~ cos of _project.
S)•nonym for user i client.
r .Prom computcr-b sed rcco mainwned tan thori.1.ed
u er of a multiu.scr computer stem.
G-56 G 0 S vcr. 1.1
Glossary
• r R uir men The func1ion to perform em. dcqu tel ·
de med nd t hnic II fc 1blc u er requirements re
import nt for ucce ful oft de elopment.
'\' lid t on The proc of c alu tin s stem o com neni durin r
t the end of the de elopmenl proccs to detcnnine v.hcthcr
It ti fie specified requirements.
' lldity re 1.ti e m re of in soun · correct.
lidity chec on d t ccrta.ins the de rec of a cu
lldlc htckln The process of analyzing to de1emune '-"hc1her u
con omu co cena.In predefined panmetcrs o( completcne s
d consi ten y.
\ lu dd , et ork comm nic ion nctw
be i communi tion connection
T pe of e rouun •
resoun:e management, illld convenion f 1Jit1es for compute
communic ting t iffcn:nt peed.$ or usrn different codes or
protocol .
\ rtnc lion ( I) The procen of c ant in system or omponcnt to
determine wheth t the producu or gi en de ·clopmenl
phase ti f y the con itions impo cd l the 1 of th t
ph e, d (2) fo proof of p correc ion .
Verir To certain either th t result is comet or th 1 proc ure
or sequen e of operations h been pe:rfonned.
rs Ion c ere in the c olufon of sy tern, ew e ion result
from clu.n in u.scr rcqu · ~mcn .
lrtu I
Vlrtu l
TeJ communications
cce , r tbod T f
G 0 SAF \•er. LI G-57 Glo ry
\'ulntr bili t in secunl
\ ' I hrou h peer group review of produ t or ian. A ·mu red'"
th ugh i lkth u h eon ucted accord.in to
pccific rul .
\\' rnltrl rr Dl r m
\\'urni r · rr A tuerarchicaJ, nru cured sy terns alysi thodolC>IY th
structure di grams. proamn d _ms, in"OUt
nd mbly line d' gmns. The SlNCtW'ed 'an
beams t the end or output and orX.s b - k ard.
communication net o that conncc phk&JI)'
ep ntcd
crvke provi by telephone compani hich perntiu a
u tomer by use of n cccs Ii e. to make calls to or rccci c
c I ls from te lephonc an speci c z on a di b is fi
Oat monthJy ch e.
\ 'Id n l~pbone y crv1cc that permits. amomer to dial
'tic ( \ S) I an s line to specific zone for
thly ch or co recei e coll t call in specified
r n t monthly c:h era than on a ~I
\ ord Proc ( P) The tn.nsiclon of wnuen. ctb . or au rded ord ro
vcrt> l, typewntten, or rintcd fonn through ome fonn f
stora e mcdlum that permi the inlonnation to be
m nipuJ ted con ..1enicotl before it is commined to final
copy.
GI ary G-5 G 0 SAF er. LI
\\'or Lo d c ma o t s ypic lly run on a 1 en compu1cr • s1cm.
. 1 JOr ch n 1cn trc . 1 ludc inpul/ou1 ut requirements.
amoun n . mds of computauon. 3Jld compu1er resou ~
re •.ur~ .
\ 'ourdon method o structured s terns al i d design
fonm1hzcd tn 1978. The fin t product of Yourdon ~ tu tured
n lym. th structured pctific uon, co ' of lhrcc rcla cd
components: d ta flo d1 gnms, p
d.lt dkuonary.
0 0 S \Cf. 1.1 G-S9 Gloss ry
Glo ary 0-60 G 0 SAF ,.er. 1.1
Workshe 't
T e follo 1n p ge cont in mple o th t could. be u ed to 1 th progres of AF
Ju It 1 ~ E h t ble list the gment. along ith column for rief
ummary of the ttsuh thor and column to indic 1c ho the ults
pponcd
11\ t the mplc u cd a tan.in int for lhe develop nt of more pec1. ic
\\Or sheet o do 1hi • o t.iin the elecLrOnic crs on or th e wor shce . Tho audn th t
r no in pcrfonncd c n then be e ily remo e<J from the I .
v r. 1.1 -1
vcr. l.l w.
.·.·.1 ·a,~ •
r. I.I
•
\'er LI w hcct
I
s •
A SA ~ . 1.1
. . 'llf'llliKl
G SA r. I . I W-7
I •
A er. 1.1 W-
fl I ll l419p I
.·""°"
er. LI w.
•• • • " •
tM-r\Al:ilOl'Mn.I
"
r. I. I
I
er. 1.1
. .. •
W-1
s
er. . I w. J
In •
r. . I W- 1
Index
. I 6
l4S. I
I. 2. l 2 • I 9
I proccn 150. U2, IS
t t • 12.5. 14 . Ul·IH. IH. 15 •
124
9),9-4, 104, 12'·127. I 9, 1.57· 15
l. .S, 99. 107. 10 • 124, I t 70. 1.59
69
• •• • 14 «o~mJC • 1, 10 • 1 O. 127.
130
6l. 6S, 96. 119. 120. Ill. cl tro data t 63
cnor 10.S
est.Ima 64, 66, ll 6. 1Sl· l
cwrNun1 l. 16, I 9, 160
c oluuon
, S6, 1, 103, 1 ll. I~
01t
Oll c, umauna 6. 129
)), 47, 63. • 67, . '°'· 115.
cost ciununon 112 .& , ~ 70. , I, 116, I 146. I 9.
I
• 7,
Ullom des1 n 3. 63. • I, 103. 104
ustomer 10. I) . 15.J7. 37. 41-4 , 1)9, 143. 10
G 0 S F \'Cr. 1.1 ln
12
10 .5, 63, 0. I , 6. . IS
. 1~6. ,_ . IJ.i. 7. 10. IU. lt7. 119. 12J. B . I
1• .5. I . f4 • ISi
0. 12 1. 1)0 nt l. 0. lo.I , 146
• 6, B4. ISi
re 66
"' 13
. 141, lilS , I
Olllpul
• l 6.
• 1 I . 1l4, 139
•I . 0 I, 33. • 14S.
• 9.
aJ 60, 1•.
116
II. 6, 101, 109
mM~:r.cmcn_ I 0, 2. , 91. 96, l .1 •
lS9
0
. 99.
l~J QA • .5 . • IOS. 11 , 160
q Jacy I. 2. 2 • 3S. J • ' • • I. 91. JOI . IOS.
n 109. I I ·124, 126, 128. 130. 14.5, I 7, l • l.S
me urc cnt lll . I . I 7. t.is. I 7
me 1arcs o fXTiormll<c I ·17. 37. I
lni.. l-2 G 0 SAf ·er. I.I
q ;ih1 uru e •. • . 35. 36, 5 •
101. 10. 11 • 11 . I .I. I .a. 1:6. I
IH
• 49, • I
, SI , • S •
• 122. I)I.
9. 109. 11 •.
I. • 99-10 1. I , 110, 1 I
• .l ,
6. • 90, 91. I , ll2. II •
U9, 160
• 100, 103, 104. I I. I
I 1
11. S3. 5, 87. 93, 9S. 100,
I • I l , 126.
, 96. 10.. I. 124, U . 121.
2. I I, 12J, I 4
•1
0 0 S F ver. I.I
In I . G 0 SAF er. LI
The System Assessment Framework, Version 1.1: A Guide for Reviewing Information Management and Technology Issues in the Federal Government
Published by the Government Accountability Office on 1997-05-01.
Below is a raw (and likely hideous) rendition of the original report. (PDF)