Download - RAILHEAD System Concept Definition (SCD) SCD NOL-J Gap ...

UNCLASSIFIED//FOUO (U-FOUO) NG NOL-J Gap Analysis 6-18-2008.doc

i

RAILHEAD System Concept Definition (SCD) SCD NOL-J Gap Analysis Final Version 1.0 Submitted: 18 June 2008

SRI Project: P17985 SRI Proposal No. EXU 07-134 Contract Number: 1098524-006 Approved by: Earl D. Lybarger Joseph P. Strigle Railhead SCD Program Manager Program Director Engineering & Systems Division Engineering & Systems Division

333 Ravenswood Avenue • Menlo Park, California 94025-3493 • 650.859.2000 • www.sri.com

UNCLASSIFIED//FOUO

http://www.sri.com/


ii

Submitted to: RAILHEAD Program Office Prepared for: Janet V. Golden, Contracting Officer 571.280.5823 [email protected] Delivered to: Liberty Crossing

Attn: Janet V. Golden, 1W158 Gate 5 1000 Colonial Farm Rd McLean, VA 22101 Contract Number: 1098524-006 Prepared by: John Gatewood, Senior Consultant, BearingPoint Adam Kutcher, Senior Consultant, BearingPoint The following individuals are authorized points of contact for information regarding this report: Technical Matters: John D. Fryer, SCD Technical Director SRI International 814-441-0656 (cell) 814-278-6049 (unclass) [email protected] Program Matters: Earl D. Lybarger, Railhead SCD Program Manager SRI International 814-933-6982 (cell) 814.278-6060 (unclassified) [email protected] Contractual Matters: Stellare L. Griffin, Contracts Manager SRI International 650.859.5836 (unclass); fax 650.859.3925 [email protected]

UNCLASSIFIED//FOUO

mailto:[email protected]





iii

(U) Table of Contents

1.0 (U) Executive Summary ......................................................................................... 1 2.0 (U) Introduction ...................................................................................................... 2 3.0 (U) Background ...................................................................................................... 2 4.0 (U) Methodology .................................................................................................... 2

4.1 (U) Sources ............................................................................................................. 2 4.2 (U) Assumptions ..................................................................................................... 4

5.0 (U) Gap Analysis Results........................................................................................ 4 5.1 (U) User Functionality ............................................................................................ 4 5.2 (U) System Interfaces and Workflow ..................................................................... 7

6.0 (U) Content Migration ............................................................................................ 8 6.1 (U) Assumptions ..................................................................................................... 8 6.2 (U) Content Migration Gap Analysis...................................................................... 9

7.0 (U) Conclusion...................................................................................................... 10 APPENDIX A (U//FOUO) Next Generation NOL-J Functionality Gaps .................................... 12 APPENDIX B (U//FOUO) Master Requirements Schema .......................................................... 24 APPENDIX C (U//FOUO) Verified List of External Links......................................................... 25

UNCLASSIFIED//FOUO


1

1.0 (U) Executive Summary (U//FOUO) The National Counterterrorism Center (NCTC) hosts NCTC Online (NOL), a system that enables authorized counterterrorism stakeholders to post, manage, and access finished intelligence products, cables, and relevant counterterrorism Community of Interest (COI) information. At present, there are three instances of NOL, one each on the JWICS (NOL-J), SIPRNet (NOL-S), and Unclassified (NOL-U) networks. The Railhead Program Office (RPO) is in the process of developing Next Generation NOL-J with the intent to “sunset” the existing NOL-J by the end of calendar year 2008. This document describes anticipated differences between NOL-J and the re-baselined Next Generation NOL-J system.

(U//FOUO) Analysis of NOL-J documentation and the Next Generation NOL-J development work shows that much of the existing functionality will be included in the re-baselined system. Several important components may not be in place at the end of this development cycle, however, or may not be provided to the degree that meets the operational and system requirements needed. Additional input is required from development subject matter experts to examine to what extent development work satisfies functionality identified in areas designated as gaps. Input from the user community will also help to disposition these gaps. These must be addressed to continue supporting the information sharing mission of NCTC and successfully retire NOL-J.

(U//FOUO) Gaps between the two systems arise in the areas of user functionality, system interfaces and workflow, and content. Significant differences are found with NOL-J email, external system interfaces, role-based access, metrics and reporting functionality, record auditing and abuse functions, content creation editing tools, and certain workflow functions. Furthermore, without a full-scale data migration effort, Next Generation NOL-J will not contain any of the content of the current system.

(U//FOUO) RPO has requested that SCD provide a Next Generation NOL-J mini-IDP by mid-August 2008 to outline technical design and implementation solutions and close the gap between NOL-J and Next Generation NOL-J. Although additional work remains to solidify the gaps, this analysis is the starting point for that IDP.

UNCLASSIFIED//FOUO


2

2.0 (U) Introduction (U//FOUO) This document analyzes gaps between the current NOL-J and the Next Generation NOL-J application currently in development. Gaps discovered in this analysis describe what it would take to fully duplicate the functionality in the current system. The recommendations embedded in the analysis seek to provide an opinion on whether or not the team believes that replacing the current functionality is needed prior to launching the new system. This gap analysis effort was not conceived as a Verification and Validation exercise for either the current system or the system in development, but rather to determine whether the new application’s functionality sufficiently replaces the current system’s functionality and allows for the current system to be retired. Discussions about upgrading the functionality of the system are beyond the scope of this analysis, but are a valuable part of any conversation relating to launching the Next Generation NOL-J system.

3.0 (U) Background (U//FOUO) The Railhead approach to replacing NCTC IT systems and providing new IT capabilities to NCTC is based on enterprise architecture. In this model, systems are constructed to re-use shared components and services in order to simplify maintenance and create standardization throughout the enterprise. NOL-J is the first application that the Railhead enterprise architecture will replace.

(U//FOUO) Development relating to Next Generation NOL-J is being built in two sets of development activities, “2007A” and “Bermuda,” according to the respective Increment Development Plans (IDPs). 2007A is building reusable enterprise components, some of which Next Generation NOL-J will utilize, while Bermuda is specifically focused on building functionality that will help replace NOL-J. Replacing NOL-J is contingent upon the delivery and integration of elements from both 2007A and Bermuda.

4.0 (U) Methodology

4.1 (U) Sources (U//FOUO) The NOL-J gap analysis methodology can be summarized as simply “A-B = C.” In this equation, the “A” variable equals all functionality currently available in the NOL-J system, while the “B” variable represents Lead System Integrator (LSI) development specifications for Next Generation NOL-J. Working through the methodology, the subtraction operation involved mapping development specifications to current functionality requirements, thus delivering the “C” variable, or the gap.

(U//FOUO) The NOL-J gap analysis team utilized the NOL-J Software Requirements Specification (SRS), Draft Version 0.1 prepared by the NOL Requirements Team in April 2006 as a baseline for current functionality requirements. The team was unable to locate either a final version of the document or a validation report. Therefore, the team worked with Operations Baseline Management (OBM) personnel to verify which SRS items are available in the current system and eliminate nonfunctional items.

UNCLASSIFIED//FOUO


3

(U//FOUO) Furthermore, the gap analysis team recognized that functionality outlined in the SRS has been modified since 2006 through OBM’s process for instituting user Change Requests (CR). The team gathered CRs completed since 2005 and mapped them to baseline SRS items to express how those requirements have been altered. Finally, the gap analysis team incorporated several requirements from the Draft NCTC Records Control Schedule and the System Security Plan (SSP), Draft Version 1.3 from April 2007. Recognizing the possibility of superfluous NOL-J functionality, the team sought to assess the value of system capabilities by soliciting user input and analyzing user behavior. Participants of the May 21 focus group, however, were unable to reach a consensus on existing functionality that can be excluded from Next Generation NOL-J. Additionally, the team sought to analyze NOL-J web server logs to measure user behavior, but was unable to obtain this detailed information from OBM by the date of this report. The output of these baselining activities was aggregated in the Master Requirements Schema, which is contained in Appendix B of this document

(U//FOUO) After the Master Requirements Schema was assembled, the gap analysis team collected LSI development specifications for the Next Generation NOL-J system by reviewing two key sets of the documents, the Statement of Work (SOW) and Hewlett-Packard Quality Center (HPQC) reports for both the 2007A and Bermuda Increment Development Plans (IDP). The development specifications were then mapped to items in the Master Requirements Schema in order to determine the gap.

• 2006 Software Requirements Specification

• Completed Change Requests

• Draft Records Control Schedule

• 2007 System Security Plan

• User Input

Documentation

• Bermuda SOW

• Rally report

• HPQC reports: 2007A Incrmts2-6; Bermuda

Documentation

Gap

NOL Functionality

Next Gen NOL Functionality

Gap- =





• User Input

Documentation

• Bermuda SOW

• Rally report


Documentation

Gap

NOL Functionality


Gap- =





• User Input

Documentation

• Bermuda SOW

• Rally report


Documentation

Gap

NOL Functionality


Gap- =

(U//FOUO) Figure 1: NOL-J Gap Analysis Methodology

(U) After determining the gap, our analysis was presented to LSI for their analysis and to provide direct input as to the degree development work met functional requirements. Their comments are reflected in this report. Additionally, significant gaps were identified and presented in the remainder of this document.

(U) Items in the Master Requirements Schema, Appendix B, are arranged in a categorical hierarchy and cataloged by either the SRS or CR number. This method was maintained to ensure

UNCLASSIFIED//FOUO


4

traceability throughout the gap analysis activities; however it does not have any analytical significance itself.

4.2 (U) Assumptions (U//FOUO) Several critical assumptions guided the analysis and recommendations contained within this report. Assumptions include:

LSI will incorporate all contracted development specifications, as expressed in the development SOW, into Next Generation NOL-J, including 2007A and Bermuda capabilities.

LSI will pass verification testing at 100% as recorded by HPQC.

Master Requirements Schema fully described the NOL-J system at IOC.

5.0 (U) Gap Analysis Results (U//FOUO) The gap analysis results are broken into two groups: user functionality gaps and system interface and workflow gaps. Data migration and data schema limitations are addressed in Section 6.0. The user functionality gaps describe the differences between current NOL-J system behavior and Next Generation NOL-J system behavior. The system interfaces and workflow gaps describe the difference between how the current system and the Next Generation NOL-J system interact with other applications and how they process and house data.

5.1 (U) User Functionality (U//FOUO) The gap in user functionality is summarized in Table 1 below, “Categorized Gaps in the Next Generation NOL User Functionality.” Appendix A contains an annotated mapping of these gaps to the SRS. The items deemed most critical are identified with a “Yes” in the “Immediate Action Recommended” column. Without these major functions, the system will not fulfill its information sharing mission for the counterterrorism community. The items marked as “To be determined” (TBD) are those functions requiring further analysis of how 2007A foundational capabilities will be integrated with Next Generation NOL-J, or whether the capabilities inherent to the Documentum suite in included in Bermuda development sufficiently addresses the functions.

(U//FOUO) Categorized Gaps in Next Generation NOL-J User Functionality

Category Next Generation NOL-J User Functionality Gap

Immediate Action Recommended

Subscriptions and Profiles Yes Forum Functionality Details Chat Functionality Details TBD Collaboration Functionality Details

Collaboration

Exercises Template Yes Email NOL Email Functionality TBD Help Help Yes

UNCLASSIFIED//FOUO


5

(U//FOUO) Categorized Gaps in Next Generation NOL-J User Functionality

Next Generation NOL-J User Immediate Action Category Functionality Gap Recommended

Role Role-based Access TBD Search Functionality Details Advanced Search Functionality Yes Refine a Search Functionality Email Search Discussion Search Attachment Search Search Results Behavior Community of Interest Search

Search

Searchable Archives System Administration Auto-Inactivate User Rule

Editing Tools Yes Home Page Functionality Yes Specific Content Portlets Yes Interactive Map Threat Level Management

User Interface

User Personalization Options

(U//FOUO) Table 1: Next Generation NOL-J User Functionality Gap

(U//FOUO) Gaps in user functionality include the following categories:

(U//FOUO) Collaboration – These are user-requested functions to share and receive information from other users on an individual or group basis. Subcategories include:

Subscriptions and Profiles: The application will not contain the capability of the existing system to display message traffic to the user based on one or multiple saved profiles/queries. This function in the current system allows users to have constant searches running in the background and enables them to focus their attention on only the reporting deemed pertinent to their mission.

Forum Functionality Details: The application will have the ability to set up forums or blogs, but will lack previously implemented functionality dealing with the default classification of the shared space as well as the ability to create an archival forum for read-only use.

Chat Functionality Details: Next Generation NOL-J will contain a chat capability. However, more details concerning the specific capabilities of the chat application are necessary to determine whether or not it will fulfill the full functionality of the current system.

Collaboration Functionality Details: The application will contain several collaboration capabilities, but will lack the specific ability of the existing application to provide online meeting descriptions and to attach files to online meeting spaces.

UNCLASSIFIED//FOUO


6

Exercises Templates: The application will contain the ability to set up Communities of Interest, but will not have the ability to set up a template of an exercise page to provide exercise-related FININTEL, Message Traffic, and exercise-specific messages to a selected group of exercise participants.

(U//FOUO) Email – Email capability will be provided with 2007A, however it will not be possible to determine specific capabilities of the email application until Release 2/3 integrate email functionality with Next Generation NOL-J. Therefore, it is not possible to make an accurate comparison between NOL-J and Next Generation NOL-J at this time. In the current application, users are able to send and receive email messages from anywhere within the system containing compartmented or ORCON information with attachments of up to 10 Megabytes per message. The current email application complies with PKI standards and records management standards, and it can encrypt and digitally sign all outgoing email.

(U//FOUO) Help – The system will not contain help features to assist the user with setting up profiles and queries to filter message traffic. It also will not include search help, document posting help, or account management help.

(U//FOUO) Role-based Access – The system will allow for role-based access, but the specific roles from NOL-J to be preserved are not specified in Next Generation NOL-J, and the rights attributed to each role are not enumerated. Additionally, the integration of the Identity Manager (IdM) with the content management system in Next Generation NOL-J may pose extra challenges if the roles established in each system are not analogous. The following roles exist in NOL-J, but more information is necessary to determine whether or not they will be accounted for in Next Generation NOL-J:

System Administrator: In the current system, the system administrator is responsible for activating and inactivating user accounts, managing error logs, and managing the threat level. The system administrator also has full document posting capabilities, is responsible for managing the product types and the producer list for documents, and has the right to manage metadata category items. System administrators create special interest pages and forums, control access to special interest pages and forums, have the right to add documents to portlets of special interest pages, and have the right to add topics to forums.

Content Manager: Content Managers have the right to add and remove content from specified pages. The content may come from any organization; content managers do not have to belong to the organization that produced the content in order to post it.

Document Manager: Document Managers have similar rights as content managers, but document managers may only post content produced by their own organizations.

Forum (Blog) Author: Forum authors have access to specified forums. They are able to edit and delete their own entries and have the ability to add topics to a forum.

User: The user role in NOL-J is the default role for new users and provides access to the home page and all portlets available from the home page, and it provides the user with the ability to view all unrestricted pages and communities of interest.

UNCLASSIFIED//FOUO


7

(U//FOUO) Search – The system will have general search capabilities, however, the search functionality will not be as flexible as it is in the current system. The ability to search e-mails and discussion threads, and the ability to search for images and attachments will be absent. Advanced search capabilities such as selecting a timeframe for FININTEL searches and allowing Boolean keyword searches of results will also be absent.

(U//FOUO) System Administration – The system will not have the ability to auto-inactivate users. NOL-J automatically inactivates users after 90 days of inactivity and accounts for the status change in the audit trail.

(U//FOUO) User Interface – The system will not have a number of features currently included in NOL-J. Namely, editing tools such as grammar check and spell check, the interactive map which allows users to navigate to content via a map interface, and user specific options such as the address book and chat list are missing. Additionally, the ability to add a portlet to a standard page will be absent and the threat level indicator will be missing from the home page. The deficiencies in content migration will also impose limitations on user interface functionality. Specifically, users will no longer have access to data that will not be migrated, such as pocket litter and border summaries. The gaps in content migration are addressed in further detail in Section 5.0 of this document.

5.2 (U) System Interfaces and Workflow

(U//FOUO) The gap in system interfaces and workflow functionality is summarized in Table 2 below, “Categorized Gaps in the Next Generation NOL Functionality.” Appendix A contains an annotated mapping of these gaps to the SRS. The items deemed most critical are identified with a “Yes” in the “Immediate Action Recommended” column. Without these major system functions, the system will not fulfill its information sharing mission for the counterterrorism community. The workflow marked “TBD” requires further analysis before a recommendation can be made.

(U//FOUO) Categorized Gaps in Next Generation NOL-J Functionality

Category Next Generation NOL Functionality Gap Immediate

Action Recommended

Content Management Document Repository Details External Interfaces External Interfaces Yes

Ingest Cable Ingest Error Processing Yes Records Records Control and Archiving Standards Reports Metrics and Reporting Functionality Yes

Record Auditing Specifications Yes Intrusion and Abuse Detection Yes Security / Audit System Classification Marking Standards Yes ORCON Processing Details TBD Tearline Dissemination Details Workflow Human Reviewer Queue Process

(U//FOUO) Table 2: Next Generation NOL-J Functionality Gap

UNCLASSIFIED//FOUO


8

(U//FOUO) Gaps in system interface and workflow requirements include the following categories:

(U//FOUO) Content Management System – The system will not permit users to preview or edit documents or to post documents to Special Interest pages. Furthermore, the system will not permit linking supporting intelligence products (e.g., images, movies, sound files) and supporting documents to the FININTEL main product. Lastly, the system will not store all of the image types and data currently stored in NOL-J.

(U//FOUO) External Interfaces – Currently, NOL-J has access to cable message traffic, Intelligence Community websites, and data sources. A list of the links identified as part of NOL-J is located in Appendix C, “Verified List of External Links.” Other than the receipt of cables, the new system will not provide connectivity to any Intelligence Community websites or data sources.

(U//FOUO) Ingest – The system will have the capability to receive and process cables, however the system will not allow full administration of handling errors which may occur during ingest.

(U//FOUO) Records – The system will not adhere to the NCTC Records Control Schedule, which identifies NCTC’s permanent records and procedures for retention review and archival treatment.

(U//FOUO) Reports – The system will not provide the capability to generate ad hoc and/or scheduled utilization reports. These reports are used in operational monitoring of the system.

(U//FOUO) Security/Audit – The system will not meet all security and auditing requirements. It will not have the capability to produce audit logs, which can be utilized for near-real-time intrusion detection. The application will not conform to ODNI classification standards for posted documents and webpages.

(U//FOUO) Workflows – These functions facilitate analysis and dissemination by automating business processes. Subcategories include:

Human Reviewer: The application will not allow designated NCTC users to manually approve dissemination in the case of ORCON documents, document transfer to NOL-S, and tearline extraction service errors. Additionally, it will not allow for manual elimination of FININTEL from restricted products lists.

ORCON Processing: The application will not allow proper documentation and sourcing when versioning ORCON documents. ORCON processing is designated as part of 2007A. The project team is unable to verify this functionality.

Tearline Dissemination: This system will not follow established business rules for special handling, accessibility, and unique classification markings of tearline information.

6.0 (U) Content Migration

6.1 (U) Assumptions (U//FOUO) The content migration analysis employed the following assumptions:

Customer expects not to lose any existing functionality.

UNCLASSIFIED//FOUO


9

Classification of existing documents is correct “as-is”; re-verification (e.g., dirty word search) of existing document classifications is not necessary.

Quality of existing data is acceptable “as-is”; data quality checking and automatic corrections (or flagging for further review) are not necessary.

Existing user authorizations are correct “as-is”; re-verification of existing user authorizations is not necessary.

6.2 (U) Content Migration Gap Analysis (U//FOUO) While NCTC has expressed its goal to retire the current NOL-J system, migration of the existing data from the current system to the replacement system is not currently covered by a SOW. Additionally, Next Generation NOL-J will not account for hosting a number of areas of content (and their corresponding functionality) which exist in NOL-J. This section will identify and describe those gaps.

(U//FOUO) In terms of structure, the existing NOL-J system was developed using custom code and the managed documents (e.g. FININTEL) are kept in the servers’ file system. Document metadata is kept in a custom-designed Oracle database with bfile pointers to the documents themselves. The replacement system, on the other hand, makes extensive use of Documentum to store and manage documents. In the replacement system, metadata is kept in Documentum’s metadata repository, which is an Oracle database. While different, the system in development is capable of being configured to manage both the documents and the associated metadata.

(U//FOUO) The existing NOL-J system houses twenty-six areas of content. Table 3 below describes the gap in data coverage between existing NOL-J and Next Generation NOL-J.

(U//FOUO) Next Generation NOL-J: Data Schema Gaps

Areas of Content NOL-JNext Gen

NOL-JGap? Immediate Action

Recommended?

Documents X X Document Metadata X Partial Yes Cables X X Cable Metadata X Partial Yes User & Group Authorizations X X User Preferences X Yes Yes Access Control Lists X X Audit Trails X Yes Yes Dissemination Lists X Yes Yes Saved Queries X X Subscriptions X Yes Yes COIs X Yes Yes CT Link X Yes Yes Email & Collaboration X Yes Yes Border Summaries X Yes Incidents X Yes Pocket Litter X Yes

UNCLASSIFIED//FOUO


10

(U//FOUO) Next Generation NOL-J: Data Schema Gaps

Areas of Content NOL-JNext Gen Immediate Action Gap? Recommended? NOL-J

Expired Visas X Yes Organizations X X Collection Support X Yes Feedback X Yes Surveys X Yes Training Requests X Yes Lookup Tables X Yes System Lifecycle Documents X Yes Listing Objects X Yes

(U//FOUO) Table 3: Next Generation NOL-J: Data Schema Gap

(U//FOUO) Several of these content gaps have been discussed in earlier sections of this document as functionality gaps; however this limitation in the data model potentially restricts which types of content could, at any point in time, be migrated from the existing NOL-J system to the new system.

(U//FOUO) In February 2007, NOL-J contained approximately 8 million documents (cables or FININTEL). Assuming growth of 25% in the past 18 months, the team estimates that there are 10-12 million documents currently residing in NOL-J. Each document is accompanied by an estimated 1000 bytes of metadata. Additionally, there is an undetermined amount of non-document data in the other 20 areas of content1.

(U//FOUO) Based on an initial examination of the complexities involving schema and metadata, completion of data migration by the end of 2008 may pose a challenge to Railhead. Collaboration with the OneTeam on data migration issues continues, but it is recommended that data migration be handled in a separate IDP. This action will facilitate early completion of the IDP to accelerate the schedule for data migration, as permitted by future funding. More information on the data schema and content migration schedules should be provided in the future IDP.

7.0 (U) Conclusion (U//FOUO) This document provides an analysis of the differences between the existing NOL-J and the Next Generation NOL-J application currently in development. The team discovered gaps in the areas of user functionality, system interfaces and workflow, and content, with significant gaps in:

Data Migration

1 Initial bulk migration the document data would, according to the average ingest rate of 10 documents per second achieved in the prototype in February 2007, take approximately 15 days. This does not count the time spent devising MOUs, ETL procedures, detailed source-to-target mappings for the metadata, or performing sample migrations to verify and refine said procedures.

UNCLASSIFIED//FOUO


11

NOL-J Email Functionality

Role-based Access

External Interfaces

Metrics and Reporting Functionality

Record Auditing Specifications

Intrusion and Abuse Detection

Editing Tools

ORCON Processing Details

(U//FOUO) These results should be understood within the context of the effort to retire NOL-J: Are we satisfied that functionality provided in development efforts fully meets the needs of Next Generation NOL-J? Which of these gaps are meaningful to today’s users? Which of these gaps can be closed given the funds on hand? This analysis was not able to reach conclusion on all of the gaps of functionality which needed to be addressed. It did, however, successfully indicate areas that may only be addressed by development at a surface-level. Failure to fully examine these could have lead to performance short-comings late in the successive development phase.

(U//FOUO) Our recommendation is to continue refining the analysis presented here in the areas identified as being partially addressed or which need further review. The OneTeam should assemble subject matter experts to focus on the depth of functionality in development in order to provide conclusive answers as to whether the needs of Next Generation NOL-J are being met. Input from users may also assist RPO in deciding which of the known or potential functional gaps are of significance to the users.

(U//FOUO) The team also recommends standing up an IDP organizational framework to close the significant gaps mentioned above. The schedule for delivering the Next Generation NOL-J IDP can be revised once the scope is established by the government, but resources should be committed to refine the gaps, transform and store known gaps in the SCD Backlog, monitor progress on the 2007A-Bermuda integration, investigate transition planning as well as security and policy issues, and coordinate with Product Owner Proxies and CRMG to determine user preferences on the look and feel of the system. Additionally, data migration efforts would be better served by initiating a separate IDP to accelerate the timeline as much as possible.

UNCLASSIFIED//FOUO


12

APPENDIX A (U//FOUO) Next Generation NOL-J Functionality Gaps

Category Next Generation NOL

Functionality Gap SRS# or

CR# Text

User Functionality Gaps 3.2.1.4.2 There shall be a Subscription Queue Portlet 3.2.3.4 Saved Portlet settings 3.2.3.5 Saved Queries 3.2.3.7 Subscriptions 3.2.3.8 Rware Profiles 3.2.3.8.1 Rware Queries 3.2.3.8.1.13 The system shall allow users to apply a profile

against Today’s Disseminated Reports and Today’s FBIS Reports.

3.2.3.8.2 Preserve RWare Indexes

Subscriptions and Profiles

3.2.11.3 My Subscriptions - Subscriptions are equivalent to profiles found in the Real Time Profile Queries section of Message Traffic Search Libraries tab. Subscriptions display “profiles” created from the Message Traffic Search feature.

CR-08-01686

SR-Add IRAN blog to NOL-J

3.2.8.2.1 The system shall set the forum classification to system high.

Forum Functionality Details

3.2.8.2.24 The system shall provide the capability for users to use an archival forum for historical, read-only use.

Chat Functionality Details 3.2.8.3.1 The system shall provide the capability to launch Chat from anywhere in the system.

3.2.8.3.36 The system shall provide the capability to allow the user to attach a file for the meeting.

Collaboration Functionality Details

3.2.8.3.37 The system shall provide the capability to allow the user to provide free-text description not to exceed 500 characters of the meeting.

Collaboration

Exercises Template 3.2.1.3.3.17 Within the Special Interest menu, the system shall provide support for community exercises, by providing a template for Exercise pages that specifically serve exercise-related FININTEL, Message Traffic, and exercise-specific messages.

3.2.1.4.4 There shall be an Email SmartBar 3.2.8 Collaboration Tools RIT-05-00294

Improve NOL email.

Email NOL Email Functionality

3.2.8.1.1 The system shall provide the capability to view email from anywhere in the system.

UNCLASSIFIED//FOUO


13


Functionality Gap SRS# or Text

CR# 3.2.8.1.65 TBD – attachment size limit 3.2.8.1.69 The email application system shall allow up to a

maximum of 10 Megabytes (MB) per message. 3.2.8.1.70 The email application system shall allow a

message to attach up to a maximum of 12 individual attachments.

3.2.8.1.71 The email application system shall support and retain attachment names up to 60.3 characters (60 character file name and three-character file extension

3.2.8.1.72 The system shall provide the capability to spell-check an email.

3.2.8.1.77 The system shall allow all individual members of the U.S. Intelligence Community, when authorized by their parent organization, to easily and reliably exchange electronic messages with attachments between U.S. individuals on a SI/TK/G/HCS closed network regardless of their organizational affiliations or locations.

3.2.8.1.78 The email application system shall ensure that the CIA’s CAPCO Marking Standard is implemented.

3.2.8.1.80 The system shall allow the email application to contain compartmented information within the email message or email attachment(s) when specifically authorized by a written permission statement issued by compartment data owners.

3.2.8.1.81 The system shall use the IC email standard (that is based on commercial Simple Mail Transfer Protocol (SMTP) standards and the DIA-managed JWICS TOP SECRET/SCI network).

3.2.8.1.83 The email application system shall ensure that SI/TK/G/HCS Compartmented information and other information marked with restricted handling or ORCON controls, shall comply with the implementation of the IC PKI policy.

3.2.8.1.85 The email application system shall allow up to a maximum of 10 Megabytes (MB) per message.

3.2.8.1.86 The email application system shall allow a message to attach up to a maximum of 12 individual attachments.

3.2.8.1.87 The email application system shall support and retain attachment names up to 60.3 characters (60 character file name and three-character file extension).

UNCLASSIFIED//FOUO


14



CR# 3.2.8.1.88 The email application system shall adhere to all

applicable federal laws and component policies regarding records management for all email messages received and transmitted.

3.2.8.1.89 The email application system shall ensure all messages shall be encrypted and digitally signed.

3.2.8.1.109 The email application shall allow system administrators and privileged users the ability to create and modify address entries.

3.2.8.1.129 The system shall provide the capability to indicate from anywhere in the system when a user has received new email.

Help Help 3.2.3.8.3 RWare Help Guide 3.2.2.1.3 NOL Software shall provide System

Administrators the capability to manage metadata category items

3.2.2.2 Roles - The following are the roles and the rights that each role has.

3.2.2.2.1 User Accounts (Add, Inactivate) 3.2.2.2.1.1 The system shall provide the capability to

assign one or more users with a System Administrator role.

3.2.2.2.1.2 The system shall provide a System Administrator the right to manage accounts.

3.2.2.2.1.3 The system shall provide a System Administrator the right to inactivate an account.

3.2.2.2.1.4 The system shall provide a System Administrator the right to activate an account.

3.2.2.2.2.2 The system shall provide a System Administrator the right to manage Cables-Mec.

3.2.2.2.3.1 The system shall provide a System Administrator the right to manage Threat Level.

3.2.2.3 Manage Pages 3.2.2.3.1 Manage the Document Management Fields

(Autopost) 3.2.2.3.1.1 The system shall provide a System

Administrator the right to manage the producer list for documents.

3.2.2.3.1.2 The system shall provide a System Administrator the right to add a producer to the producer list for documents.

3.2.2.3.1.3 The system shall provide a System Administrator the right to remove a producer from the producer list for documents.

Role System Administrator Role

3.2.2.3.1.4 The system shall provide a System Administrator the right to edit a producer in the producer list for documents.

UNCLASSIFIED//FOUO


15



CR# 3.2.2.3.1.5 The system shall provide a System

Administrator the right to manage product types. 3.2.2.4 Post Documents 3.2.2.5 View Document Post Information 3.2.2.5.1 The system shall provide a System

Administrator the right to view the name and organization of the poster.

3.2.2.5.2 The system shall provide a System Administrator the right to view the time the document was posted.

CR-08-01507

SR - Link on Special Interest Page NLE 2-08 (CR-07-01103) to Tide Exer Database

CR-08-01518

SR - Add a new link on Pakistan COI

3.2.2.13 NOL User Account Setup 3.2.2.14 Manage Accounts 3.2.2.14.1 Create/Edit/Delete or Retire Accounts 3.2.2.14.1.7 The system shall provide the capability to

assign one or more Roles to a user account. 3.2.2.14.1.12 The system shall allow a System Administrator

to assign groups and/or individual users to a specific document or product types.

3.2.2.14.2 Security Officer Info 3.2.2.14.3 SCIF Info (JWICS only) 3.2.2.14.4 User Info 3.2.2.14.5 Manual Delete/Inactivate/Retire 3.2.2.18 Threat Level Management 3.9.1.2.6 NOL Software shall allow a System

Administrator to assign groups and/or individual users to a specific document or product type

3.2.2.9 Content Manager - Source: RFC-01438-2005 (TAP) Note: The Content Manager does not have to belong to the organization that produced the document. These are the people (TAP) who have the right to add or remove products from specific pages like “Today’s Highlights.”

RIT-06-00458

Provide the IICT team with DocPost capability for IICT products

CR-06-00714

Provide Super DocPost Access & Training for DSOP Personnel

3.2.2.9.1 The system shall provide the capability to assign one or more users a Content Manager role.

Content Manager Role

3.2.2.9.3 The system shall provide a Content Manager the right to remove documents from specified pages.

UNCLASSIFIED//FOUO


16



CR# 3.2.6.1.19 For those with the Content Manager role, the

system shall provide the capability to indicate that a document being posted should be displayed in the Current Highlights portlet.

3.9.1.2.5 NOL Software shall allow a Poster to assign groups to a specific document or product type

3.2.2.10

Document Manager (Autoposter) - Note: A Document Manager can only manage documents produced by that user’s organization.

Document Manager Role

3.2.2.10.1 The system shall provide the capability to assign one or more users a Document Manager role.

3.2.2.11.10 The system shall provide the capability to assign one or more users a Forum Author role.

3.2.2.11.11 The system shall provide a Forum Author the right to add topics to a forum.

3.2.2.11.13 The system shall provide Forum Authors the right to edit their own entries.

Forum Author Role

3.2.2.11.14 The system shall provide Forum Authors the right to delete their own entries.

3.2.2.11.22 The system shall provide the capability to assign one or more users a User role.

User Role

3.2.2.11.23 The system shall default a new user to the User role.

3.2.10.1.10 The system shall allow stemming (this is in finding variations in word endings).

3.2.10.3.5 The system shall allow the following values when selecting a timeframe for a FININTEL Search: Last 30 Days, Anytime, Today, Last 3 Days, Last 5 Days, Last 7 Days, Last 14 Days, 2003, 2004, 2005.

Search Functionality Details

3.2.10.3.9 The system shall default the search timeframe to 30 days.

3.2.10.1.6 The system shall provide the capability to conduct a pattern search. Note: A pattern search finds documents that contain the query words as well as similarly spelled words. This is particularly helpful if the document was scanned, because optical character recognition (OCR) is not always accurate. Pattern mode is also useful when you are not sure about the correct spelling of a word. For example, if you type “farmasutical,” RetrievalWare will do a pattern expansion and find pharmaceutical

Search

Advanced Search Functionality

3.2.10.1.13 The system shall provide the capability to conduct precedence/nested Boolean searches. (word1 | word2) & word3.

UNCLASSIFIED//FOUO


17



CR# 3.2.10.1.15 The system shall provide the capability to

conduct proximity searches. (within, between, adjacent)

3.2.10.3.13 The system shall provide the capability to define the keyword search using the variant section: None, Fuzzy, Soundex, Proximity.

3.2.10.3.65 The system shall provide the capability to define the keyword search using the variant section: None, Fuzzy, Soundex, Proximity.

3.2.10.1.17 The system shall provide the capability to search within a results set. (This is called ‘refining the search’ [nested search]). [A nested search will return results that are more granular versus adding the additional search parameters to the original query, which will result in different results than the nested search.]

3.2.10.3.12 The system shall provide the capability to allow keyword searches of the results displayed.

Refine a Search Functionality

3.2.10.3.64 The system shall provide the capability to allow Boolean keyword searches of the results displayed.

Email Search 3.2.10.5.1 The system shall provide the capability to search e-mail.

Discussion Search 3.2.10.6.1 The system shall provide the capability to search discussion threads.

Attachment Search 3.2.10.8.1 The system shall provide the capability to search attachments.

3.2.10.9 Search Results 3.2.10.9.4 The system shall boldly display the term(s)

searched for in the search results. [red and bold].

3.2.10.10 Results Set 3.2.11 Queries

Search Results Behavior

3.2.11.2 Search Results Portlet - The system shall provide the capability to display a Search Results portlet.

3.2.8.2.27 The system shall provide the capability to search a forum.

CR-07-00915

SR - Refined Queries for Hizbollah Web Page

CR-07-01369

SR - Pakistan COI Search

3.2.13.1.1 The system shall provide the capability to display special interest pages.

Community of Interest Search

3.2.13.3.14 The system shall provide the capability to dynamically display the results of the query/profile for cables on a Community Page. (wording)

UNCLASSIFIED//FOUO


18



CR# 3.2.13.3.17 The system shall provide the capability to

display the results of the query/profile for documents dynamically on a Community Page.

3.2.13.4.9 The system shall provide the capability to search only documents on the Related Cables Crisis Response page.

3.2.13.4.13 The system shall provide the capability to search only documents on the Related FININTEL Crisis Response page.

3.2.13.4.16 The system shall provide the capability to search only documents on the Crisis Response Reports Crisis Response page

3.2.13.5.15 The system shall provide the capability to search only documents on the Related FININTEL special events group page.

3.2.13.5.18 The system shall provide the capability to search only documents on the Special events group Reports special events group page.

Searchable Archives 3.9.6.2 Searchable Archives System

Administration Auto-Inactivate User Rule 3.2.2.14.6 Auto Inactivate

3.2.1.1 Standard Behavior 3.2.1.1.1 Cut & Paste 3.2.1.1.2 Spell Check 3.2.1.1.3 Grammar Check

Editing Tools

3.2.1.1.4 Selection Lists Legacy Web Browser

Support 3.2.1.2 Web Browsers

3.2.1.3.3.2 The system shall provide the capability to add a portlet to a standard page (such as email).

3.2.1.3.3.3 The system shall provide a threat level indicator on the Home page.

3.2.1.3.3.5 The system shall provide the capability for a user with system administrator access to select a threat level: Severe (Red), High (Orange), Elevated (Yellow), Guarded (Blue), Low (Green).

Home Page Functionality

3.2.1.3.3.9 The system shall display announcements on the Home page.

3.1 Required States and Modes 3.2 Capability Requirements 3.2.1 Interface Requirements - Requirement to

display documents in a separate window; when a trainee viewing that document would like to navigate to next/previous document in list.

User Interface

Specific Content Portlets

3.2.1.4.3 There shall be a NCTC Online Products Portlet

UNCLASSIFIED//FOUO


19



CR# CR-07-01110

SR - Rename IICT Product type and Portlet on NOL

3.2.1.4.5 There shall be a Daily Briefings and Reports Portlet

3.2.1.4.8 There shall be a NCTC SITREPS Portlet 3.2.1.4.9 There Shall be an Alerts, Advisories,

Assessments, Warnings Page 3.2.1.4.10 There shall be a Threat Alerts in Force

Portlet 3.2.1.4.11 There shall be a Threat Warnings in Force

Portlet 3.2.1.4.12 There shall be a Threat Assessments Portlet 3.2.1.4.13 There shall be a Community Terrorism RSS

Feeds Page 3.2.1.4.14 Announcements - Portlet 3.2.1.5 Interactive Map - The interactive map will be

used to display documents visually on a graphical map by region, country, or city. (Even though ‘documents’ will be displayed only on certain pages – they will go here according to ACL).

3.2.1.5.9 The system shall provide the capability to select documents that are threats when displaying documents on a map. TBD – Need to validate this with users; a document has to be tagged as a threat – the only way that I know of is through the ‘autopost’ process, unless the users can identify other means of recognizing threats.

Interactive Map

3.2.1.5.10 The system shall provide the capability to select documents that are events when displaying documents on a map. TBD – Need to validate this with users; a document has to be tagged as an event – the only way that I know of is through the ‘autopost’ process, unless the users can identify other means of recognizing events.

Threat Level Management 3.2.2.2.3 Manage Threat Level 3.2.3 User Specific/Personal Options/Features 3.2.3.1 Profile 3.2.3.2 Address Book

User Personalization Options

3.2.3.3 Chat List System Interface and Workflow Gaps

Content Management

Document Repository Details 3.2.5.1.7

NOL shall provide the capability to host connections to Intelligence Community databases.

UNCLASSIFIED//FOUO


20



CR#

3.2.5.2.3

The system shall store the following types of data, in addition to FININTEL, Disseminated Reports, and Tearlines: Administrative-Maintenance data (1056), Image/Video (648), Databases (174), and Reference Data (1073).

3.2.6.1.53

The system shall provide the mandatory capability to preview the document that has been added as the main file.

3.2.6.1.54 The system shall provide the capability to add one or more files related to the main file.

3.2.6.1.55

The system shall provide the mandatory capability to preview each related file when adding it.

3.2.6.1.57

The system shall provide the capability to indicate that a related file is an image file that should not be displayed as an attachment.

3.2.6.1.61

The system shall provide the capability to post documents to a specific page on the system. For example, an NCTC SITREP will be posted to the Crisis Response Page. (Note: Need to talk about dissemination rules when a document is posted within a Special Interest Page or a Forum that is restricted.)

3.2.6.3.1 The system shall provide the capability to edit documents.

External Interfaces External Interfaces

3.3

External Interface Requirements - The system shall support the external interfaces identified below: External Interface NCTC ONLINE SYSTEMS (JWICS SIPRNET PKI SIPRNET Open LIAISON (Future)) Purpose of Interface EMS (Yes No No TBD): Receive disseminated reports traffic for NOL-J DMS (No Yes Yes No): Receive disseminated reports traffic, as supplemental feed to INSCOM, for NOL-S Sanctum (Yes No No TBD): Provide Federated Search the ability to access NOL holdings NOL Collaboration (Yes Yes No TBD): Provide collaboration capability for NOL-J users INSCOM (No Yes Yes TBD): Receive tearlines and disseminated reports traffic for NOL-S FBIS (Yes Yes Yes TBD): Receive FBIS documents TIDE (Yes No No No): Support TIDE application on NOL Back-end system TSC (Yes No No No): Facilitate TSC access to JWICS-accessible, TIDE-supplied data

UNCLASSIFIED//FOUO


UNCLASSIFIED//FO

UO

21


Functionality Gap SRS# or

CR# Text

3.2.2.21.1

Process Cables in MEC: The system shall provide an administrator the capability to manage spilled cables that are missing required fields or contain information that is not releasable on NOL. Ingest Cable Ingest Error

Processing

3.2.2.21.2

Delete Cables: The system shall provide an administrator the capability to delete cables as required.

Extra-SSP-5

The system shall provide for Disaster Recovery in conformance with existing DNI/NCTC requirements.

Records Records Control and Archiving Standards

NRC-1

NOL-J shall conform to the NCTC Records Control Plan. (NOTE: For NOL-J, exclude items that do not apply, e.g., NOL-Roundtable.)

3.2.2.15.1

Routine administrative reports shall be generated by the system and selectable from a list.

3.2.2.15.2 The system shall be capable of generating non-routine reports upon request.

CR-07-00931

Request usage metrics for border directory approval

RIT-05-00293

Provide reliability metrics for NOL, including overall uptime

CR-07-01140

NOL JWICS, NOL SIPRNET, Roundtable, and TIDE Metrics

3.9.6.1.10

Access to stored metrics shall be restricted to identified NOL members and NCTC Management

Reports Metrics and Reporting Functionality

3.9.6.1.19

NOL Systems shall maintain system utilization reports online for 30 days (System Activity Reports - SAR) SPEC: NOL Systems shall maintain system utilization reports online for 30 days (System Activity Reports - SAR)

3.9.6.1

Activities Audited - The table below reflects baseline audit requirements for all NOL systems.

3.9.6.1.2

NOL Systems shall provide a 45-year audit trail SPEC: The past five year’s log files shall remain on the production system. While the previous forty years of log files shall be archived to the Archived Data Repository

3.9.6.1.3

NOL Systems shall provide a 5-year online audit trail functionality NOL Systems shall provide a 5-year online audit trail functionality

Security / Audit Record Auditing Specifications

3.9.6.1.4 NOL-SIPRNET shall provide product auditing of all files transferred from the ADN and NOL-JWICS SPEC: The auditing shall capture: file name,


22



CR# system transferred from, date received

3.9.6.1.5 NOL-JWICS shall provide product auditing of all files transferred to other systems

3.9.6.1.24

NOL Systems shall provide reporting of system level changes that might indicate baseline and system intrusion to the degree that is supported by COTS SPEC: NOL Systems shall provide reporting of system level changes that might indicate baseline and system intrusion to the degree that is supported by COTS Intrusion and Abuse

Detection

Extra-SSP-4

The system shall provide audit capability for access or denial of user information requests at multiple levels to include the use of: BSM audit features of Solaris; RetrievalWare; iPlanet Web Server logging capabilities along with Oracle user access and query requests auditing functions

3.2.4

Classification - NOL will follow CAPCO standards for classification. These standards are available on the JWICS network at http//capco.dssc.ic.gov.

3.2.4.1 Marking Standards

3.2.4.1.1 The system shall adhere to CAPCO classification standards.

3.2.6.2 Document Posting Classification/Markings

System Classification Marking Standards

3.9.1.1.9

All web pages developed by NOL and under NOL control shall be appropriately portion marked

ORCON Processing Details

3.2.5.1.3

Duplicate documents (i.e., sourced version) with a dissemination control of "ORCON" shall be created with the ORCON entry(ies), including the ORCON source(s) at the bottom.

3.2.5 Intelligence Products Supported

3.2.5.1 Disseminated Report and Message Processing

RIT-06-00471

Update the Standard Dissemination List in NOL DocPost

3.2.5.2.2 NOL shall permit access to all tearline information by participating NOL users.

3.2.7.2 Tearlines 3.2.7.2.3 No Double Standard 3.2.7.2.4 Special Handling 3.2.7.2.4.3 Compartment marking shall include “LES.” 3.2.7.2.5 Contact Information

Workflow

Tearline Dissemination Details

3.2.7.2.6 Markings

UNCLASSIFIED//FOUO


23



CR# 3.2.7.2.7 Special Handling 3.2.7.2.8 Accessibility RIT-05-00084

NOL Support to ISPO on FBI and State Tearline Products

CR-08-01564

Add description text to Kingfisher Cable display page

3.2.2.16

Document Review (Human Review) - Please also refer to the Section on Human Review Queue. This section refers to the requirements for the process actions identified below: 1. Product Review – Tearline Product Listing – Step 1 – allows Admin to view Tearlines. 2. Product Review – Other Product Listing – Step 2 – allows Admin to view other products. 3. Metadata Review Queue – Step 3 –allows Admin to view metadata and xml standards for Tearlines and other products. 4. Network Transfer Queues – Step 4 – allows Admin to transfer products from one network to another. • JWICS to SIPRNET Open • JWICS to SIPRNET PKI • SIPRNET PKI to JWICS • SIPRNET Open to JWICS • SIPRNET PKI to SIPRNET Open • SIPRNET Open to SIPRNET PKI • RoundTable?

3.2.9 Human Review Queue

3.2.9.1 Functional Capabilities Supporting Human Review

3.2.9.1.6

The system shall copy a newly posted document to the Human Review Queue if the criteria values are both negative, the document is not classified at the TOP SECRET level, and the product is not compartmented.

Human Reviewer Queue Process

3.2.9.1.19

The system shall provide the capability for using the human review classification rule for filtering products to the Human Review Queue. (Note: The human review classification rule requires that NCTC products cannot be compartmented or classified at the TOP SECRET level.)

UNCLASSIFIED//FOUO


24

APPENDIX B (U//FOUO) Master Requirements Schema

This spreadsheet was delivered under a separate cover.

UNCLASSIFIED//FOUO


25

APPENDIX C (U//FOUO) Verified List of External Links

Community Websites Central Ingelligence Agency CIASource Dept. of State - Bureau of Intel & Res DHS Office of Information Analysis Defense Intelligence Agency DIA JTIF-CT Counterterrorism Knowledge Base Federal Bureau of Investigations Interagency Intel Committee on Terrorism Intelink Central Janes Publications National Geospatial-Intelligence Agency National Security Agency NORAD Northcom AF Office of Special Investigations USEUCOM J2 Joint Analysis Center US ARMY National Ground Intelligence Center Naval Criminal Investigative Service USCG Intelligence Coordination Center

Community Resources Global Counterterrorism Conferences IICT Counterterrorism Community Dir IICT General/Warning and Forecast IICT Guidelines for Terrorist Threat Warning IICT Guidelines for IC Program of Analysis

UNCLASSIFIED//FOUO