0 Members and 1 Guest are viewing this topic.
Juniper Networks Circuit-to-Packet Solutions Receive U.S. Defense Department CertificationJuniper Networks “Everything over IP” Solutions Help Government Agencies Migrate to High-Performance IP NetworksJuniper Networks, Inc. the leader in high-performance networking, is pleased to note that its Circuit-to-Packet (CTP) solutions have been tested and certified by the U.S. Defense Information Systems Agency (DISA) Joint Interoperability Test Command (JITC) and are now on the Defense Switched Network (DSN) approved products list. Juniper Networks CTP solutions were the first on the market to successfully complete this rigorous testing and certification process in 2007, and remain among the industry’s very few CTP offerings to be certified by JITC for both interoperability and information assurance.Circuit-to-packet solutions enable government agencies to migrate legacy circuit-based network applications (e.g., multiplexing transport networks, PBX systems) to higher-performance, packet-based Internet Protocol (IP) networks. The convergence of voice, data, video, web traffic and file sharing applications from circuit to IP networks is increasingly desired by government agencies as a means of concurrently managing explosive growth in network volume while improving network performance, security and cost efficiency.Juniper Networks CTP solutions bridge the gap faced by government agencies in migrating to the efficiency and cost-savings enabled by these converged “Everything over IP” (EoIP) networks. Largely left out of the government’s evolution to EoIP is the large, installed base of circuit-based applications, such as time division multiplexing (TDM) and Private Branch Exchange (PBX) networks, serial encryption connections, and analog and digital radio systems networking. The synchronous transport requirements of these legacy systems cannot be addressed by packet-based networks.Juniper Networks CTP products allow government agencies to quickly, reliably, and securely transport large, circuit-based applications across next-generation IP networks. The rigorous JITC certification of the interoperability and information assurance capabilities of Juniper Networks CTP solutions reflects their ability to deliver secure, field-proven flexibility, performance and reliability that federal government applications require.JITC interoperability testing and certification are required by the U.S. Department of Defense (DOD) for all IT equipment that attaches to U.S. defense voice networks. As part of JITC certification, the Defense Security Accreditation Working Group (DSAWG) grants the U.S. military services’ approval for connecting networking technologies to the DoD Global Information Grid (GIG), a series of interconnected computer networks used to securely transmit information by packet switching over TCP/IP protocols.[/color]The Juniper Networks CTP products receiving JITC certification include the CTP1000 Series and CTP2000 Series, with Software Release 4.3R2 and CTPView Version 2.2, a graphical user interface providing detailed performance reports of real-time and historic network performance. Juniper Networks CTP solutions offer a range of size, port capacity, and redundancy options and are IPv6 compliant.
Products on this list have received Joint Interoperability Certification (JIC) and Information Assurance Accreditation (IA) in accordance with the Department of Defense Instruction DoDI 8100.3.http://jitc.fhu.disa.mil/tssi/doddocs/dodi_8100_3.pdfDOD UC REQUIREMENT, PROCESS AND TEST DOCUMENTSDOD UC APL End of Life DOD UC Policy Documents DOD UC Joint Interoperability Certification and Information Assurance Accreditation Testing Schedule DOD UCCO Test Submittal Form DSN RTS IA Test Plan DSN RTS IO Test Plans DSN APL IO Test Plans DSN IA APL Test Plans
DOD POLICY DOCUMENTS UCR 2008 http://www.disa.mil/dsn/policies.htmlCJCSI 6215.01C http://jitc.fhu.disa.mil/jitc_dri/pdfs/6215_01c.pdfDoDI 8100.3 Clarifications http://jitc.fhu.disa.mil/tssi/doddocs/dodi_8100_3_clarifications.pdf2-Wire Analog APL Approval http://jitc.fhu.disa.mil/tssi/doddocs/dod_apl_app_memo_2wat.pdfDoDI 8100.3 http://jitc.fhu.disa.mil/tssi/doddocs/dodi_8100_3.pdfCertification Statute http://jitc.fhu.disa.mil/tssi/doddocs/certstatute.pdfJITC Testing Policy http://jitc.fhu.disa.mil/policy.htmInteroperability Policy Documents http://jitc.fhu.disa.mil/jitc_dri/jitc.htmlCall Forwarding MFR http://jitc.fhu.disa.mil/tssi/docs/callforwardingmfr_signed.pdfIPv6 Policy http://jitc.fhu.disa.mil/tssi/docs/1_7ipv6_approved6089r6104.pdfDOD 8500.1 http://jitc.fhu.disa.mil/tssi/docs/d85001p.pdfDODI 8500.2 http://jitc.fhu.disa.mil/tssi/docs/85002.pdfJoint Staff Memo to DoD http://jitc.fhu.disa.mil/tssi/docs/pm_memo_joint_io_test_cert_of_comm_devices_and_switches.pdfVendor Memorandum http://jitc.fhu.disa.mil/tssi/docs/vendormemo.pdfDSN Read/Write Access Policy http://jitc.fhu.disa.mil/tssi/docs/dsn_rw_memo_w_WP.pdf
19 Aug 09 UCCO Schedule Final.xls DOD Unified Capabilities Information Assurance and Interoperability Testing ScheduleVendor Type Test Description Tracking # Sponsor AO3 10 17 24 31 7 14 21 28 5 12 19 26 2 9 16 23 30 7 14 21 28 4 11 18 25 1 8 15 22 1 8 15 22 29ActionPacked NM Networks LiveAction V1.7 0921001 PACOM EMAlcatel-Lucent PBX1 IP Call Server Rel. 2.0 0906401 DISA JRCisco PBX1 Unified Communication Manager 7.1 (2) 0901201 Air Force EMEdge Access PBX2 VW2400-SRV-S R5-09151 0906901 Army ABExtreme Core BlackDiamond 20808 v12.3.1 0904101 Army EMExtreme Core BlackDiamond 8810 v12.3.1 0904201 Army EMExtreme Distro BlackDiamond 8806 v12.3.1 0904202 Army EMExtreme Access Summit X650 v12.3.1 0904203 Army EMExtreme Access Summit X450e v12.3.1 0904204 Army EMExtreme Access Summit X250e v12.3.1 0904205 Army EMExtreme Access Summit X150 v12.3.1 0904206 Army EMExtreme Access Summit X350 v12.3.1 0904207 Army EMExtreme Distro BlackDiamond 12804 v12.3.1 0904209 Army EMFujitsu TNE FW9500 R3.1 0915502 Army DC/BDFujitsu TNE FW7500 R6.1 0915503 Army DC/BDGeneral Dynamics DSCD PSTN vIPer Phone Rel. 2.11 0920202 Army ABInteractive Intelligence PBX1 CIC Rel. 3.0 0918002 DCMA OWJuniper TNE CTP 1000/2000 Rel. CTPOS 5.4 0910501 Air Force EMJuniper Access EX 3200 JUNOS 9.3 0922201 Army JRJuniper Access EX 4200 JUNOS 9.3 0922202 Army JRJuniper A,C,D MX 960/480/240 JUNOS 9.3 0922203 Army JRLifesize VTC Video Systems Family Rel. 1 0915501 DISA BB/BFLifesize VTC Video Systems Family Networker V.1 0920501 DISA BB/BFMicrosoft PBX2 Unified Communications, Rel. v3.0.6362 0913302 Army EMMicrosoft UC & C Office Communicator Client Rel. v3.0.6362 0918003 Army EMNEC PBX2 Univerge NEAX 2000 IPS R14 P1 4.03 0909201 Army ABNEC PBX1 Sphericall v7.0 0912501 Army ABPCR NM COMIT Rel. 5.0 0901401 DISA ABPlant Equipment CPE Vesta SL-100 Rel. 2.3 Feature Pa 0912001 Air Force CHPolycom VTC RMX 2000 Rel. 4.5 0909601 Air Force BB/BFRaytheon DSCD CEU 01-01848-001 Rel. 2.01 w/ Logitel MR-1060 0819701 DISA AB V VRaytheon DSCD CEU 01-01848-001 Rel 2.01.08 0818202 DISA AB V VTadiran PBX 1 Coral PBx Rel. 14.67 0908201 DISA ABTekelec NM Eagle STP IAS Rel. 4.0.1 0900801 DISA JR V VTellabs TNE (Opti) 7100 OTS Rel. 5.1.1 0914901 Army SP/BDTellabs TNE (Opti) 7100 Nano OTS Rel. 5.1.1 0914902 Army SP/BDTellabs TNE (Opti) 5500NGX Rel 22.214.171.124 0914903 Army SP/BDTellabs TNE (Opti) 1150 MSAP Rel. 25.3.1 0914904 Army SP/BDTellabs TNE (Opti) 1134 MSAP Rel. 25.3.1 0914905 Army SP/BDTellabs TNE (Opti) 1000 VGW Rel. 13.4 0914906 Army SP/BDUnique NM CAIRS Rel 4.0 0901601 Navy JRVERAMARK NM VeraSmart Rel. 8.1 0910401 Navy ABAvaya LSC S8720 Rel. CM4.0 732.5 (Pre-Production) 0920201 ARMY JRCisco EBC 3845 Rel. IOS 12.4(22)YB1(Pre-Production) 0922204 DISA EMCisco LSC Unified Communications Manager w/IOS 12.4(22)T2 Rel. 7.1(2) (Pre-Pro0d9u15c5ti0o5n) Air Force EMNortel LSC AS 5300 Rel. 2.1 (Pre-Production) 0911801 UCMC OWNortel MFSS CS2100 XA-Core SE09.1 w/AS 5300 (Prototype) 0903501 DISA OWJIC Testing IA and IO IA Testing AFIOC TIC JITC IH 3 10 17 24 31 7 14 21 28 5 12 19 26 2 9 16 23 30 7 14 21 28 4 11 18 25 1 8 15 22 1 8 15 22 29No Testing SETUP JITC FH Aug-09Sep-09 Dec-09Dec-09 Jan-10Nov-09As of 19 Aug 09 Nov-094. Action Officers: Bill Barber, Anita Bickler, Barbara Davis, Brad Friedman, Cary Hogan, Rodney Hom, Edward Mellon, Son Pham, Joe Roby, Maj Tolbert, and Capt Oskar Widecki.Oct-09Sep-09 Oct-09Aug-09 Jan-10 Mar-10RTS Assessment TestingMar-10* Note - There is no testing performed during Federally observed holidays.The Applicant is required to complete the following items listed below. Neither Interoperability nor Information Assurance testing will be conducted on the submitted solution without completion of the following items.1. Vendor/Sponsor responsible for coordinating payment of lab testing fees/CRADA agreements with the Action Officer that will contact applicant upon acceptance of completed test submittal.2. Provide Technical Documentation for the product to include diagrams (as intended for test), security white papers, architecture documents, vendor guidelines and or a list of all system components, the underlying operating system, all applicable solution version numbers.3. Apply applicable Security Technical Implementation Guide (STIGS) for the submitted product prior to the scheduled IA and IO testing. Compliance to all applicable STIGs will be verified during lab setup. (UCCO 520-538-3234/533-9246)Feb-10Feb-10APL Certification TestingPage 1
E-7.3 Functionality Test Procedures. The first step in conducting avulnerability test is to perform a functionality check. Testing the SUT’s functionalityensures that the product operates as intended in a fielded environment. Perform thefunctionality test at the beginning of Phase II testing to ensure that all services andapplications are functioning and communicating correctly. Functionality testing variesfrom system to system and targets the basic operational functions. It is not meant to bea substitute for an interoperability test.Some products, such as CPE, rely on external systems to exercise theircapabilities. For example, a secure modem solution is inactive until an external switchinitiates a call. In this case, the external switch is outside the scope of the IA test.However, the tester and vendor must ensure the external switch is operational toperform IPV testing on the secure modem solution. Functionality tests are performedbefore Phase II testing begins, and then again at the conclusion of Phase II testing.Monitor IP traffic during the functionality test and save the results for further evaluation,if necessary. The objective is to ensure that the SUT is functionally operational beforePhase II IPV testing commences.The IPV testing should be performed from the external or outside perspectiveand from the internal or inside perspective. An inside perspective is analogous to whata “trusted insider” or an employee has, or the same as an attacker would have onceperimeter defenses (firewalls) are breached. An outside perspective is analogous to thesame perspective someone would have on the Internet, looking in at the system. Theattacker would have the perspective of an “untrusted outsider” and would be looking inat the product. The following DoDI 8500.2 IA Controls apply to all the IPV testingprocedures: DCPP-1, ECVI-1, ECTM-2, VIVM-1, and ECMT-1.E-7.4 Internet Protocol Interface Identification. Verify operational and identifyall IP interfaces.E-7.5 Lines. If the SUT supports lines, the following manual calls areattempted: Analog to Analog, IP to IP, Analog to IP, and IP to Analog. Verify that alltest calls can be completed successfully.E-7.6 Trunks. If the SUT supports trunks, the following manual calls areattempted: Analog over trunk and IP over trunk. Verify that all test calls can becompleted successfully.E-7.7 Internet Protocol Handsets. All IP handsets are identified and theprotocols used identified (e.g., Session Initiation Protocol (SIP) and Simple ClientControl Protocol (SCCP)).E-8 SUT TEST PROCEDURESE-8.1 Test Perspectives. The IPV and PA testing are performed from anexternal and internal perspective. An external perspective is what someone on theInternet, DISA Network, or Unclassified-But-Sensitive Internet Protocol Router Network(NIPRNet) would see from outside the network (i.e., an attacker looking in at thenetwork’s outer perimeter defenses, such as a firewall and/or router with an ACL). Aninternal perspective is what someone would see from inside the system (i.e., a trustedemployee, a client user, or an attacker who has breached the firewalls). This method oftesting can be found in section 3 of the NIST Special Publication 800-42, Guideline onNetwork Security Testing. The following DoDI 8500.2 IA Controls apply to all of the IPVtesting procedures: DCPP-1, ECVI-1, ECTM-2, VIVM-1, and ECMT-1.E-8.2 Host Discovery. Detecting all possible hosts in use by the SUT and theircorresponding IP address information is the first step in the technical evaluation.Although the product vendor provides the IP address information, the test team ensuresthat there are no other undocumented IP-routable addresses. In addition to physicalhost network adapters, an IP address can be discovered from a variety of sources.Such sources include virtual Ethernet adapters, virtual machine addresses, and hostbasednetwork addresses, which could all create possible vulnerabilities in the SUT.The following are general techniques that are used to discover available hosts, an IPaddress, or any other IP-routable end-points.E-8.3 Ping Sweep. A general Packet Internet Groper (Ping) sweep determineswhat hosts are available via the Internet Control Message Protocol (ICMP) message.This is generally an ICMP echo request (type to elicit an ICMP echo reply (type 0)from a host.Table E-18 shows the Ping sweep test procedures, which use the followingtesting components: a laptop with a port scanning application installed, a laptopassigned with an IP address compliant with the test environment, and an Ethernet hub.Table E-18. Ping Sweep Test ProceduresProcedure ResultsConfigure IP vulnerability testing laptop.Ethernet connection:An Ethernet port on the SUT, with its associated IP address,should be available for test purposes. The port location should besuch that access to the largest number of IP addresses within thesolution is possible. Use of an Ethernet hub is the preferredmethod of connection.The IP test laptop and the IP interfaces under test arecabled to the Ethernet hub.Assign IP address:An IP address and Subnet mask will be assigned to the laptop NICthat is within the range being used by the SUT.The IP test laptop is configured with an IP address thatis included within the Subnet range of the SUT. Theuse of the “Ping” command verifies that the test laptopcan communicate with the SUT.Host Discovery:A general ICMP (Ping) sweep of the entire subnet will beconducted to discover any devices within the SUT that respond toan ICMP.The following is an example of a ping sweep of a standard class CIP address range using NMAP:#NMAP –sP –n 192.168.1.1-254The results returned by the ICMP Ping sweep willinclude all available hosts within the subnet.Eliminate “out of bounds” components:Items such as gateways, network elements, or end-points that areoutside the IA test boundary will be removed from the discoveryfindings and a list of discovered hosts will be established.An evaluation of the returned results will eliminate allcomponents that are considered “out of the testboundary” for the SUT.LEGEND:IA Information AssuranceICMP Internet Control Message ProtocolIP Internet ProtocolNIC Network Interface CardNMAP Networked Messaging Application ProtocolPing Packet Internet GroperSUT System Under TestE-8.4 Transmission Control Protocol (TCP) Sweep. A TCP sweep providesinsight into available hosts when the ICMP is disabled. A TCP sweep attempts to makeTCP connections to a host range on a specified port list. In the process of the TCPsweep, a “three-way handshake” happens. The originator sends an initial packet calleda “synchronize” to establish communication and “synchronize” sequence numbers incounting bytes of data that will be exchanged. The destination then sends a“SYN/ACK,” which again “synchronizes” his byte count with the originator andacknowledges the initial packet. The originator then returns an “ACK,” whichacknowledges the packet the destination just sent to him. The connection is now“OPEN,” and ongoing communication between the originator and the destination arepermitted until one of them issues a FINish (FIN) packet or a Reset (RST) packet, or theconnection times out. The “three-way handshake” establishes the communication.By providing a list of possible ports that might be available within a system orproduct, the TCP connections are able to determine which hosts are up and available.Common ports used in TCP sweeps include, but are not limited to, 21, 22, 23, 25, 54,80, 137, 139, 443, and 445. Table E-19 shows the TCP sweep test procedures, whichuse the following components: a laptop with a port scanning application installed, alaptop assigned with an IP address compliant with the test environment, and anEthernet hub.Table E-19. TCP Sweep Test ProceduresProcedure ResultsHost Discovery:A TCP sweep of the IP address space will be conducted to discoverdevices that are not responding to ICMP or might be using hostbasedfirewalls or IDSs.The following is an example of a TCP ping sweep (System Ping) of astandard class C IP address range using NMAP:# NMAP –PS 21,22,23,25,53,80,137,139,443,445, and 2049192.168.1.1-254The results returned by the TCP sweep willinclude all available hosts within the subnet thatdid not respond to the ping sweep.Eliminate “out of bounds” components:The list of hosts that responds to this sweep will be compared to thelist of hosts defined in the ICMP sweep and any newly discoveredhost will be added to the list of known hosts.An evaluation of the returned results will eliminateall components that are considered “out ofbounds” for this test.Additional Hosts:At this point, if the test team is satisfied that all the hosts arediscovered, they could move to traffic analysis or they could use ACKscans, ARP scans, or alternate ICMP scans using different ICMPtypes.Any additional hosts discovered should beconfirmed to be part of the SUT.LEGEND:ACK AcknowledgeARP Address Resolution ProtocolICMP Internet Control Message ProtocolIDS Intrusion Detection SystemIP Internet ProtocolNMAP Networked Messaging Application ProtocolSUT System Under TestTCP Transmission Control ProtocolE-8.5 Traffic Analysis. Traffic analysis allows the test team to determine all thehosts that the SUT uses in an operational environment. Accessing the network traffic intransit provides an in-depth look at how information flows within the application and canalso be helpful in revealing hosts that are part of the communications process. Thisprocess may require placing a network hub within the environment, network traffic flow,or possibly in the configuration of a mirror port on an existing network element. TableE-20 shows the traffic analysis test procedures, which use the following testingcomponents: a laptop with a port scanning application installed, a laptop assigned withan IP address compliant with the test environment, and an Ethernet hub.Table E-20. Traffic Analysis Test ProceduresProcedure ResultsInitialize Traffic Sniffer:A network analyzer such as WireShark (Ethereal) or tcpdump would beenabled to view all the network traffic and ensure that data was not traveling todevices that were not detected by the scanning and sweeping methods.Confirm that all network traffic beinggenerated and passed is betweencomponents of the System Under Testonly.Additional Hosts:If any new hosts are discovered during the traffic analysis phase of testing, theywill be added to the list of auditable end-points, generally in a text file for thePhase II evaluation.Any additional hosts discoveredshould be confirmed to be part of theSystem Under Test.E-8.6 Port Enumeration. Port enumeration provides a list of services orapplications running on the host and gives the tester a good indication of what operatingsystem might be present on the end-point. When all the hosts in use by the SUT aredetermined, testers begin the initial evaluation of individual hosts. Each host isindividually inspected for all available information, such as running services, operatingsystem versions, and other applications. Information provided by investigating eachdevice in depth helps determine how susceptible an individual component of the SUTmight be to a potential attack.Enumeration, provided by port scanning of each host, provides a detailed list ofwhich ports are open, closed, or filtered on a specified host. Port scans are conductedin a multitude of varieties using many different protocols, packet flags, and techniques.These various scans can yield different results in different situations, depending on theconfigurations and protections of each host. Additional Open Source Security TestingMethodology Manual (OSSTMM) strategies are in Appendices B and E.Table E-21 shows the port enumeration test procedures, which use the followingtesting components: a laptop with a port scanning application installed, an assigned IPaddress compliant with the test environment, and an Ethernet hub.
EXECUTIVE SUMMARYThe Department of Defense (DoD) Directive 8500.1 “Information Assurance (IA),”24 October 2002, established the DoD policies for IA and directed that all informationtechnology be IA tested and certified before connection to the Defense InformationSystem Network (DISN). The DoD Instruction 8100.3, “Department of Defense VoiceNetworks,” 16 January 2004, establishes the IA policy for DoD Voice Networks,including the Defense Switched Network (DSN). The DSN Single Systems Manager(SSM) is responsible for providing DSN IA test results to the DISN DesignatedApproving Authorities in order to be granted IA certification and accreditation. The DSNSSM has designated the Joint Interoperability Test Command (JITC) as the responsibleorganization for DSN IA testing.The JITC DSN IA Test Team (IATT) supports IA testing by determiningcompliance with the Security Technical Implementation Guidelines, IA VulnerabilityManagement announcements (e.g., alerts, bulletins, and technical guidance), andadditional IA requirements. In addition, the IATT scans for Internet ProtocolVulnerabilities to determine residual risks and threat levels of the existing securityimplementations and any security deficiencies on the network.Upon completion of the IA assessment, the IATT analyzes data collected andpresents the test findings in an “IA Assessment Findings and Mitigations Report.” Thereport contains security vulnerabilities found on the system during the test. The reportis emailed to the vendor so they may input their mitigation strategies for the securityvulnerabilities found. The assessment report, including the vendor’s mitigationstrategies is submitted to the Unified Capabilities Connection Office and the DefenseInformation Systems Agency (DISA) Field Security Office (FSO) for comment. The FSOwill write a Certification and Accreditation letter to the DISN Security AccreditationWorking Group (DSAWG). The final assessment report is briefed to the DSAWG in theform of a PowerPoint presentation. The DSAWG will decide whether to place thevendor’s solution on the DSN Approved Products List, based on the findings andmitigations.
CHAIRMAN OF THE JOINTCHIEFS OF STAFFINSTRUCTIONJ-6 CJCSI 6215.01CDISTRIBUTION: A, B, C, J, and S 9 November 2007POLICY FOR DEPARTMENT OF DEFENSE (DOD) VOICE NETWORKS WITHREAL TIME SERVICES (RTS)Reference(s): See Enclosure F.1. Purpose. This instruction establishes policy consistent with DODI 8100.3(reference oo) and prescribes responsibilities for use and operation of the DODvoice networks, to include but not be limited to the Defense Switched Network(DSN), the Defense RED Switch Network (DRSN), Defense Video Services (DVS)and all Defense Information Systems Networks (DISN) that provide RTS.2. Cancellation. CJCSI 6215.01B, 23 September 2001, is canceled.3. Applicability. This instruction applies to Office of the Secretary of Defense,the Military Services, Chairman of the Joint Chiefs of Staff, combatantcommands, the Office of the Inspector General of the Department of Defense,the Defense agencies, the DOD Field Activities and all other organizationalentities in the Department of Defense (referred to hereafter collectively as “theDOD components”) in peacetime, crisis situations, and wartime. Thisinstruction also identifies policy and responsibilities concerning non-DODgovernmental, foreign government, and civilian organizational requests forDSN, DRSN and DISN Assured RTS support (DARTS). Requests for waiversthis instruction will be forwarded through the DOD component chain ofcommand to the Joint Staff, stating the reason compliance is not possible.This instruction is applicable to:a. All telecommunications switches leased, procured (whether systems orservices), or operated by any DOD component of the Department of Defense.b. The hardware or software for sending and receiving voice, data, or videosignals across a network that provides customer voice, data, or videoCJCSI 6215.01C9 November 20072equipment access to the DSN, DRSN or public switched telephone networks(PSTN).c. End-to-End services (e.g., phone-to-phone, video-to-video units, fax-tofax;secure terminal equipment (STE-to-STE) to include tactical applications.d. All technologies i.e. (circuit switch, voice over Asynchronous TransferMode (ATM), and Voice over Internet Protocol (VoIP)) that use DSN or DRSNphone numbers; or that are otherwise incorporated into the DSN or DRSNnumbering or routing plans via area code, access code, Internet Protocol (IP)addressing scheme, etc. for the origination and reception of voice, dial-upvideo, and dial-up data for routine and precedence subscribers.e. The DOD component's planning, investment, development, operations,and management of telecommunications switches connected to the DSN orDRSN for processing voice, dial-up video and dial-up data.f. All networks that provide DISN RTS.4. Policy. The DISN provides RTS via its router networks (NIPRNET, SIPRNETand the DISN Service Delivery Nodes) and via DSN, DRSN and DVS. DSN andDRSN are worldwide private-line telephone sub-networks of the DISN thatprovide long-haul secure and non-secure telecommunications services to DODcomponent authorized users. They are the integral components of the GlobalInformation Grid (GIG) that provide End-to-End services to critical users at thehighest levels of Government. Connection approval shall follow theinstructions and processes in CJCSI 6211.02B (reference hh). Both DSN andDRSN are under the management control of the Director, Defense InformationSystems Agency (DISA). As the single system manager (SSM) (reference oo), onbehalf of USSTRATCOM, for both networks and the executive agent (EA) of theDRSN, the Director, DISA, will be responsive to the needs and requirements ofthe Chairman of the Joint Chiefs of Staff (CJCS) and DOD components. Thispolicy supersedes CJCS messages dtg 171649Z Dec 2002 Interim Voice over IP(VoIP), dtg 221621Z Oct 2004 Voice over Secure IP (VoSIP) Requirements.Enclosures A, D, and E, provide policy for the DSN. Enclosures B, D, and E,provide policy for the DRSN. Enclosure C, D, and E provide policy for RTS.Specific responsibilities are outlined in Enclosure E.5. Definitionsa. The DSN is an inter-base, non-secure or secure DODtelecommunications system that provides dedicated telephone service, voicebanddata, and dial-up video teleconference (VTC) for End-to-End commanduse and DOD authorized C2 and non-C2 users in accordance with (IAW)national security directives. Non-secure dial-up voice (telephone) service is thesystem's principal service. (See references a and b)CJCSI 6215.01C9 November 20073b. The DRSN is a secure C2 system and is a key component of the DODglobal secure voice services. The DRSN supports secure voice and secureconferencing requirements of the President, Secretary of Defense, Chairman ofthe Joint Chiefs of Staff, DOD components, and select federal agencies inpeacetime, crisis situations, and wartime. It is a separate, secure switchednetwork that is considered part of the DISN. Three sub-services provide thefoundation for the DOD secure voice services: the DRSN, the secure telephoneunit-III/secure terminal equipment (STU-III/STE) and other securecommunications interoperability protocol (SCIP) equipment that provide Endto-End encryption over the DSN, and other secure wireless products. (Seereferences c and d)c. The DISN is an integrated network, centrally managed and configured,to provide telecommunications services for all DOD activities. This informationtransfer service is designed to provide dedicated point-to-point; point-tomultipoint;and switched voice, data, imagery, and VTC services in support ofnational defense C3I decision support requirements (references e and oo). ForGIG, Wide and Metropolitan Area Networking (WAN, MAN), use of the DISN ismandatory unless granted a waiver from the GIG Waiver Panel (reference hh).The DISN provides RTS via its circuit switched and IP router networks. Thesenetworks include, but are not limited to: the DSN, DRSN, DISN, and the DVSinfrastructure, the DISN WAN to include the DISN SDN and access to thoseSDN, Teleport, SIPRNET, and NIPRNET. The DISN’s underlying infrastructureis composed of three major segments or blocks IAW CJCSI 6211.02B (Seereference hh):(1) The sustaining base (i.e., base, post, camp or station andService Enterprise Networks) command, control, communications, computersand intelligence (C4I) infrastructure will interface with the long-haul network tosupport the deployed warfighter. The sustaining base segment is primarily theresponsibility of the Services.(2) The long-haul telecommunications infrastructure, which includesthe communication systems and services between the fixed environment andthe deployed joint task force (JTF) and/or coalition task force (CTF) warfighter.The long-haul telecommunications infrastructure segment is primarilyresponsibility of DISA.(3) The deployed warfighter and associated combatant commandertelecommunications infrastructures supporting the JTF or CTF. The deployedwarfighter and associated combatant command telecommunicationsinfrastructure is primarily the responsibility of Services.CJCSI 6215.01C9 November 20074d. RTSs are a subset of the four categories of services contained in the GIGNet Centric Implementation Document (NCID) v2, Quality of Service (QoS)(T300): Signaling, Inelastic/RTS, Preferred Elastic and Elastic.(1) Signaling includes Network Control for managing the network.(2) Inelastic /RTS provide GIG users with live interactivetelecommunications to include voice and video and the user signaling forsetting up and taking down sessions over the network. They also include rapiddelivery of critical C2 information involving weapons delivery capabilities.Inelastic RTS allows for the equivalent of “Face to Face” interactions in whichboth factual and emotional content of the interaction can be conveyed and theoperation of surveillance and weapons systems that require rapid messagedelivery.(3) Preferred Elastic services include services such as instantmessaging, user authentication imagery, video, and audio streaming.(4) Elastic services include services such as, e-mail, web browsing, anddocument transfers.6. Responsibilities. See Enclosure E.7. Administration. The DOD components must develop implementing policiesand procedures for the provisions of this instructions policy. The policies andprocedures must be coordinated with and provided to DISA to ensure that theydo not adversely affect network operation. Combatant commands mustvalidate DOD component policies.8. Summary of Changes. The name of this instruction is changed from "Policyfor Department of Defense Voice Networks" to "Policy for Department ofDefense (DOD) Voice Networks with Real Time Services (RTS)". This includesthe use of (Internet Protocol) IP networks to transmit voice or video serviceswhether wired or wireless, tactical or strategic, Sensitive But Unclassified (SBU)or Classified (reference oo). It also applies the emerging policies of the GIGMission Area Initial Capabilities Document JROCOM 095-04, 14 June 2004,Key Performance Parameters to DISN RTS to support migration to a Net CentricNetOps environment. Additionally, this revision updates DSN and DRSNnetwork performance parameters, cost recovery procedures, usage and securitypolicy, and enhancements to switches and terminal equipment. It updates thedefinition of C2 users. It also incorporates guidance for the use of EnhancedMobile Satellite Service (EMSS) in conjunction with the DSN, as well asnumerous administrative and procedural changes.9. Releasability. This instruction is approved for public release; distribution isunlimited. DOD components, other federal agencies, and the public mayCJCSI 6215.01C9 November 20075obtain copies of this instruction through the Internet from the CJCS DirectivesHome Page -- http://www.dtic.mil/cjcs_directives.10. Effective Date. This Instruction is effective immediately upon receipt.WALTER L. SHARPLieutenant General, USADirector, Joint StaffEnclosure(s):...iGLOSSARYPART I -- ABBREVIATIONS AND ACRONYMSADIMSS Advanced DSN Integrated Management Support SystemA/NM Administration/Network ManagementANDVT Advanced Narrowband Digital-Voice TerminalANI Automatic Number IdentificationAOR Area of ResponsibilityAPC Adaptive Protective CodingAPL Approved Product ListARC American Red CrossARO Authorized Requesting OfficialASA Automatic Security AuthenticationASD(C3I) Assistant Secretary of Defense (Command, Control,Communications and Intelligence)ASD (NII)/DOD CIO Assistant Secretary of Defense for Networks andInformation Integration/Department of Defense Chief Information Officer.ATC Authority to ConnectATO Authority to OperateATM Asynchronous Transfer ModeAUTOVON Automatic Voice NetworkC&A Certification and AccreditationCCB Configuration Control BoardC2 command and controlC3 command, control, and communicationsC3I command, control, communications and intelligenceC4I command, control, communications; computers andintelligenceCCSD command communications service designatorCEU channel encryption unitCIO Corporate Information OfficerCM configuration managementCOCOM Combatant Command (Command Authority)COMSEC communications securityCOMPUSEC computer securityCONEXPLAN contingency and exercise planCONPLAN operation plan in concept formatCONUS continental United StatesCPE customer premises equipmentCTF coalition task forceDAA Designated Approval AuthorityDAM diagnostic acceptability measureDCF DISN Customer ForumiiDDOE DISA Direct Order EntryDFTS Defense Fixed Telecommunications ServiceDIA Defense Intelligence AgencyDISA Defense Information Systems AgencyDISAC Defense Information Systems Agency CircularDISN Defense Information System NetworkDITCO Defense Information Technology Contracting OfficeDMS Defense Messaging ServiceDOD Department of DefenseDPA Dual Phone AdapterDPM digital phone multiplexersDRSN Defense Red Switch NetworkDRT diagnostic rhyme testDSCS Defense Satellite Communications SystemDSN Defense Switched NetworkDTA Dual Trunk AdaptorDVS Defense Video ServicesDVX Deployable Voice SwitchDWCF Defense Working Capital FundEC Echo CancellerEMSS Enhanced Mobile Satellite ServiceEO End OfficeEPC Enhanced Pentagon CapabilityEPP Enhanced Planning ProcessF FlashFCC Federal Communications CommissionFMS foreign military salesFO Flash OverrideFOO Flash Override OverrideFSAL Fixed Security Access LevelFTS Federal Telecommunications SystemGAR Gateway Access RequestGETS Government Emergency Telecommunications ServiceGIG Global Information GridGNC Global NetOps CenterGNOSC Global NetOps and Security CenterGNSC Global NetOps Support CenterGOS Grade of ServiceGPS General Purpose SegmentGSCR Generic Switching Center RequirementsGSR Generic System RequirementHEMP High-Altitude Electromagnetic PulseiiiHF high frequencyHMW health, morale, and welfareI ImmediateIA Information AssuranceIAS Integrated access Switch/SystemIATO interim authority to operateIAW in accordance withIER In Effect ReportIP Internet ProtocolISP Information Support PlansISDN Integrated Services Digital NetworkIST interswitch trunkJCSE Joint Communications Support ElementJIEO Joint Information and Engineering OrganizationJITC Joint Interoperability Test CommandJTA Joint Technical ArchitectureJTDLMP Joint Tactical Data Link Management PlanJTF Joint Task ForceJTF-GNO Joint Task Force Global Network OperationsJWICS Joint Worldwide Intelligence Communications SystemsKb KilobitsKPP Key Performance ParametersLAN Local Area NetworkLPC linear predictive codingMCA maximum calling areaMDA Multifunction Digital AdaptorMFS multifunction switchMILSTAR Military Strategic and Tactical Relay SatelliteMLPP Multilevel Precedence and PreemptionMOA memorandum of agreementMOS mean opinion scoreMOU memorandum of understandingMTF message text formatMUF military-unique featureNAF non-appropriated fundNAOC National Airborne Operations CenterNATO North Atlantic Treaty OrganizationNCA National Command AuthoritiesNCID Net Centric Implementation DocumentNCN NATO Core NetworkivNCS National Communications SystemNDN National Defense NetworkNE Network ElementNIPRNET Sensitive, but unclassified Internet ProtocolRouter networkNMCC National Military Command CenterNM network managementNMCC National Military Command CenterNMCS National Military Command SystemNORAD North American Aerospace Defense CommandNSA National Security AgencyNS/EP National Security and Emergency PreparednessNTAS NORAD Tactical AUTOVON SystemOA&M Operation, Administration and MaintenanceOCONUS outside continental United States (CONUS)O&M operations and maintenanceOPLAN operation planOSD Office of the Secretary of DefenseP PRIORITYPAT Precedence Access ThresholdPBD Program Budget DecisionPBX Private Branch ExchangePBX1 Private Branch Exchange Type 1PBX2 Private Branch Exchange Type 2PCM Pulse-code ModulationPDC Program Designator CodePDS protected distribution systemPIN personal identification numberPMO Program Management OfficePOM Program Objective MemorandumPSTN Public Switched Telephone NetworkPTT Public Telephone and TelegraphQoS Quality of ServiceR RoutineRMC Resource Management CommitteeRSU Remote Switching UnitRTS Real Time ServicesSA stand-aloneSAL security access levelSATCOM satellite communicationsSBU Sensitive But ClassifiedvSCI sensitive compartmented informationSCIF SCI facilitySCIP Secure Communications Interoperability ProtocolSDN Subscriber Directory NumberSECN Survivable Emergency Conferencing NetworkSIPRNET Secret Internet Protocol Router NetworkSMEO Small End OfficeSMU Switch Multiplexer UnitSSM Single System ManagerSTE Secure Terminal EquipmentSTEP Standardized Tactical Entry PointSTU-III Secure Telephone Unit third generation/low-costterminalSVS Secure Voice SystemTDL Tactical Data LinksTDM Time Division MultiplexingT-ISP Tailored Information Support PlansTNC Theater NetOps CenterTRI-TAC Tri-Services Tactical CommunicationsTSEC Telecommunications SecurityTSP Telecommunications Service PriorityTR Telecom RequestTS TOP SECRETTSRS Telecommunications Service RequestsUCR Unified Communications RequirementsUHF ultrahigh frequencyUMUX universal multiplexerUN United NationsVHF very high frequencyVOIP Voice Over Internet ProtocolVOSIP Voice Over Secure IPVSAL variable security access levelVTC video teleconferencingWWSVCS Worldwide Secure Voice Conferencing SystemviPART II -- DEFINITIONSEntries here with caption (JP 1-02) are from the Department of DefenseDictionary of Military and Associated terms (short title: Joint Publication 1-02).JP 1-02 terminology is approved for DOD wide general use. The otherterminology is specialized and limited to the scope of this instruction.area of responsibility (AOR). The geographical area associated with acombatant command within which a combatant commander has authority toplan and conduct operations. Also called AOR. (See reference bb)automatic number Identification (ANI). A service feature in which the directorynumber or equipment number of a calling station is automatically obtained.ANI is used in message accounting. (See reference jj.)avoidance routing. The assignment of a circuit path to avoid certain critical ortrouble-prone circuit nodes. (See reference jj.)backbonea. The high-traffic-density connectivity portion of any communicationsnetwork.b. In packet-switched networks, a primary forward-direction path tracedsequentially through two or more major relay or switching stations. Note: Inpacket-switched networks, a backbone consists primarily of switches andinterswitch trunks. (See reference jj.)combatant commander (CCDR). A commander of one of the unified or specifiedcombatant commands established by the President. (See reference bb)classmark. Designator used to describe the service privileges and restrictionsfor lines accessing a switch (e.g., precedence level, conference privilege,security level, or zone restriction). (Telephony’s Dictionary, Langley, Graham,Telephony Publishing Corp. Chicago, IL, June 1982)command and control (C2). The exercise of authority and direction by aproperly designated commander over assigned and attached forces in theaccomplishment of the mission. Command and control functions areperformed through an arrangement of personnel, equipment, communications,facilities, and procedures employed by a commander in planning, directing,coordinating, and controlling forces and operations in the accomplishment ofthe mission (JP1-02).communications security (COMSEC). The protection resulting from allmeasures designed to deny unauthorized persons information of value thatmight be derived from the possession and study of telecommunications, or toviimislead unauthorized persons in their interpretation of the results of suchpossession and study. Also called COMSEC. (See reference bb)computer security (COMPUSEC). The protection resulting from all measures todeny unauthorized access and exploitation of friendly computer systems. Alsocalled COMPUSEC. See also communications security (See reference bb)Condor. NSA’s program to secure wireless communications.configuration management (CM). A discipline applying technical andadministrative direction and surveillance to:a. identify and document the functional and physical characteristics of aconfiguration itemb. control changes to those characteristicsc. record and report changes to processing and implementation status.(See reference bb.) (See reference kk.)continental United States (CONUS). United States territory, including theadjacent territorial waters, located within North America between Canada andMexico. Also called CONUS. (See reference bb.)cryptosecurity. The component of communications security that results fromthe provision of technically sound cryptosystems and their proper use. (Seealso communications security). (See reference bb.) (See reference kk.)Defense Information Systems Network (DISN). An integrated network centrallymanaged and configured to provide long-haul information transfer services forall DOD activities. It is an information transfer utility designed to providededicated point-to-point, switched voice and data, imagery, and videoteleconferencing services. (See reference bb.)Defense Switched Network (DSN). A component of the Defense InformationSystem Network (DISN) that handles DOD voice, data, and videocommunications. (See reference bb.)directionalization. The temporary conversion of a portion or all of a two-waytrunk group to one-way trunks favoring traffic flowing away from a congestedswitch. (See reference jj.)DSS Terminology. a. Approval. The official sanctioning effort necessary topermit implementation of a requirement. The level at which approval must beobtained will vary based on the type of service required (See Enclosure D).Service approvals are not normally provided without identified funding. b.Coordination. Any request for service that affects the network within thegeographic area of an overseas combatant command requires priorviiicoordination with concurrence of the affected combatant command. DISAcoordination is required for all DSN requirements. New requirements for whichfunds have not been previously programmed require coordination with theDOD component designated to provide funding. These may includeimplementation costs, annual depot support costs, annual O&M costs, and apotential increase in a DOD component’s annual DWCF bill. c. Resolution.Forward a requirement to the Joint Staff for resolution of the action when theview of an activity is not in accordance with current policy.d. Validation orRevalidation. The confirmation and declaration by competent higher authoritythat a requirement is justified. Requirements of a requesting agency arevalidated by the applicable combatant command, Service Chief, director ofDefense agency, or head of other agency, or officials delegated thisresponsibility. Joint Staff validation or revalidation, when required. Validationor revalidation of a requirement by itself does not guarantee funding unless thefunding profile is included in the validation or revalidation process.dual homing. The connection of a terminal so that it is served by either of twoswitching centers. Note: In dual homing, a single directory number or a singlerouting indicator is used. (See reference kk.)emission security. Protection resulting from all measures taken to denyunauthorized persons information of value that might be derived from interceptand analysis of compromising emanations from crypto-equipment, AIS, andtelecommunications systems. (See reference kk.)end office (EO). A central office at which user lines and trunks areinterconnected-providing long-distance service by interconnecting with DSNnodal switches. [FS1037] EO switches provide users with switched callconnections and all DSN service features, including MLPP.End-to-End. All DSN services beginning at the initiating users facilities until itreaches the receiving user (e.g., phone-to-to phone, video unit-to-video unit,fax-to-fax, STE-to-STE [Secure Terminal Equipment] and deployedapplications).Federal Communications Commission (FCC). The US Government board of fivepresidential appointees that has the authority to regulate all nonfederalgovernment interstate telecommunications (including radio and televisionbroadcasting) as well as all international communications that originates orterminates in the United States. Note: Similar authority for regulation offederal government telecommunications is vested in the NationalTelecommunications and Information Administration. (See reference kk.)Federal Telecommunications System (FTS). A commercial switched longdistancetelecommunications service provided for official federal governmentixuse. Use of FTS contract services is mandatory for use by US Governmentagencies for all acquisitions subject to 40 USC 759.foreign military sales (FMS). That portion of US security assistance authorizedby the Foreign Assistance Act of 1961, as amended, and the Arms ExportControl Act of 1976, as amended. This assistance differs from the MilitaryAssistance Program and the International Military Education and TrainingProgram in that the recipient provides reimbursement for defense articles andservices transferred. (See reference bb.)global integrated grid (GIG). A DODD 8100.1, dated 19 September 2002,established the definition of the GIG, which by agreement among DOD CIO, theUnder Secretary of Defense (USD) for Acquisition, Technology and Logistics(AT&L), and the Joint Staff/J-6. The GIG is defined as follows:a. Globally interconnected, End-to-End set of information capabilities,associated processes, and personnel for collecting, processing, storing,disseminating, and managing information on demand to warfighters, policymakers, and support personnel. The GIG includes all owned and leasedcommunications and computing systems and services, software (includingapplications), data, security services, and other associated services necessaryto achieve Information Superiority. It also includes National Security Systems(NSS) as defined in section 5142 of the Clinger-Cohen Act of 1996. The GIGsupports all DOD, National Security, and related Intelligence Community (IC)missions and functions (strategic, operational, tactical, and business) in warand in peace. The GIG provides capabilities from all operating locations (bases,posts, camps, stations, facilities, mobile platforms, and deployed sites). TheGIG provides interfaces to coalition, allied, and non-DOD users and systems.b. The GIG includes any system, equipment, software, or service thatmeets one or more of the following criteria:(1) Transmits information to, receives information from, routesinformation among, or interchanges information among other equipment,software, and services.(2) Provides retention, organization, visualization, informationassurance, or disposition of data, information, and/or knowledge received fromor transmitted to other equipment, software, and services.(3) Processes data or information for use by other equipment, software,and services.c. Non-GIG Information Technology (IT) – Stand-alone, self-contained, orembedded IT that is not or will not be connected to the enterprise network.xGlobal NetOps Center. The Global NetOps Center (GNC) is the JTF-GNOCommand Center responsible for executing the daily operation and defense ofthe GIG. The GNC provides overall management, control, and technicaldirection for GIG NetOps and oversees collaborative coordination processinvolving all CC/S/As, supporting the needs of the President, SECDEF, NetOpsCommunity, and the warfighting, business, and intelligence domains. (Seereference vv.)Global NetOps Support Center (GNSC). The Global NetOps Support Center(GNSC) provides the day-to-day technical operation, control, and managementof the portions of the GIG that support Global Operations but are not assignedto a combatant command. The GNSC conducts GIG backbone NetOps, tacticalDISN extension via Standard Tactical Entry Point (STEP) and Teleport missionsupport, provisioning of provided services, network engineering, circuitimplementation, and inter-theater connectivity among USNORTHCOM,USPACOM, USEUCOM, USSOUTHCOM, and USCENTCOM areas ofresponsibility. The GNSC provides General Support (GS) to the TNCs, andprovides DS to the GNCCs. (See reference vv.)grade of service (GOS).a. The probability of a call being blocked or delayed more than a specifiedinterval, expressed as a decimal fraction, (e.g. P.09 means nine calls out of 100will be blocked). GOS may be viewed independently from the perspective ofincoming versus outgoing calls and is not necessarily equal in each direction.GOS may be applied to the busy hour or to some other specified period or set oftraffic conditions.b. In telephony the QoS for which a circuit is designed or conditioned toprovide; e.g., voice grade or program grade. Criteria for different grades ofservice may include equalization for amplitude over a specified band offrequencies, or in the case of digital data transported via analog circuits,equalization for phase. (See reference jj.)high-altitude electromagnetic pulse (HEMP). An electromagnetic pulseproduced at an altitude effectively above the sensible atmosphere; i.e., aboveabout 120 km. (See reference kk.)Homeland Defense (HD). The protection of United States sovereignty, territory,domestic population, and critical infrastructure against external threats andaggression or other threats as directed by the President. (See reference bb).installation. A grouping of facilities located in the same vicinity “which supportparticular functions”. If a facility has a functions that is part of a DODorganization’s mission, then it would be considered an installation. Example:xiDISA HQ and the Navy Annex have functions that are required organizationalfunctions and are considered installations.Integrated Services Digital Network (ISDN). An integrated digital network inwhich the same time-division switches and digital transmission paths are usedto establish connections for different services. ISDN services includetelephone, data, electronic mail, and facsimile. The method used to accomplisha connection is often specified (e.g., switched connection, non-switchedconnection, exchange connection, or ISDN connection). (See reference jj.)Joint Worldwide Intelligence Communications System (JWICS). The sensitivecompartmented information portion of the Defense Information SystemNetwork. It incorporates advanced networking technologies that permit pointto-point or multipoint information exchange involving voice, text, graphics,data, and video teleconferencing, also called JWICS (See reference bb.)linear predictive coding (LPC). A method of digitally encoding analog signals,which uses a single-level or multilevel sampling system in which the value ofthe signal at each sample time is predicted to be a linear function of the pastvalues of the quantized signal. Note: LPC is related to APC in that both useadaptive predictors. However, LPC uses more prediction coefficients to permituse of a lower information bit rate than APC, and thus requires a more complexprocessor. (See reference jj.)maximum calling area (MCA). Geographic calling limits permitted to aparticular access line based on requirements for the particular line. Note:MCA restrictions are imposed for network control purposes. (See reference jj.)Multilevel Precedence and Preemption (MLPP). In military communications, apriority scheme: a. for assigning one of several precedence levels to specificcalls or messages so that the system handles them in a predetermined orderand timeframeb. for gaining controlled access to network resources in which calls andmessages can be preempted only by higher priority calls and messagesc. that is recognized only within a predefined domaind. in which the precedence level of a call outside the predefined domain isusually not recognized. (See reference jj.)National Command Authorities (NCA). The President and the Secretary ofDefense or their duly deputized alternates or successors. (See reference bb.)National Communications System (NCS). a. The organization established bysection 1(a) of Executive Order No. 12472 to assist the President, the NationalxiiSecurity Council, the Director of the Office of Science and Technology Policy,and the Director of the Office of Management and Budget, in the discharge oftheir national security emergency preparedness telecommunications functions.The NCS consists of both the telecommunications assets of the entitiesrepresented on the NCS Committee of Principals and an administrativestructure consisting of the EA, the NCS Committee of Principals, and theManager. (See reference p) b. The telecommunications system that resultsfrom the technical and operational integration of the separatetelecommunications systems of the several executive branch departments andagencies having a significant telecommunications capability. (See reference bb.)National Security or Emergency Preparedness (NS/EP) telecommunications.Telecommunications services that are used to maintain a state of readiness orto respond to and manage any event or crisis (local, national, or international)that causes or could cause injury or harm to the population, damage to or lossof property, or degrade or threaten the national security or emergencypreparedness posture of the United States. (See reference jj.)Network Management (NM). The execution of the set of functions required forcontrolling, planning, allocating, deploying, coordinating, and monitoring theresources of a telecommunications network, including performing functionssuch as initial network planning, frequency allocation, predetermined trafficrouting to support load balancing, cryptographic key distributionauthorization, configuration management, fault management, securitymanagement, performance management, and accounting management. Note:NM does not include user terminal equipment. (See reference jj.)nodal switch. A tandem switch in the DSN that connects multiple EOs,provides access to a variety of transmission media, routes calls to other nodalswitches, and provides network features such as MLPP. Nodal switches aresupervised by and interconnected to the DSN A/NM subsystem. The two typesof nodal switches in the DSN are:a. stand-alone switch (SA). The SA functions solely as a tandem switch inthe DSN.b. multifunction switch. This switch incorporates the combined functionsof an SA switch and an EO switch. No physical division exists between the EOand SA functions within the MFS, but a logical division exists.nonappropriated funds (NAF). Funds generated by DOD military and civilianpersonnel and their dependents and used to augment funds appropriated bythe US Congress to provide a comprehensive, morale-building welfare,religious, educational, and recreational program designed to improve the wellbeingof military and civilian personnel and their dependents. (See referencebb.)xiiioutside continental United States (OCONUS). World wide area outside theUnited States territory, including the adjacent territorial waters, located withinNorth America between Canada and Mexico.off-hook.a. In telephony, the condition that exists when an operational telephoneinstrument or other user instrument is in use; (i.e., during dialing orcommunicating). Note: Off-hook originally referred to the condition thatprevailed when the separate ear piece (receiver) was removed from its switchhook, which extended from a vertical post that also supported the microphoneand connected the instrument to the line when not depressed by the weight ofthe receiver. b. One of two possible signaling states, such as tone or no toneand ground connection versus battery connection. If off-hook pertains to onestate, on-hook pertains to the other. c. The active state, i.e., closed loop, of asubscriber or PBX user loop.d. An operating state of a communications link in which data transmissionis enabled either for voice or data communications or network signaling. (Seereference kk.)off-net calling. The process by which telephone calls that originate or passthrough private switching systems in transmission networks are extended tostations in a public switched telephone system.physical security. The component of communications security that resultsfrom all physical measures necessary to safeguard classified equipment,material, and documents from access thereto or observation thereof byunauthorized persons. (See reference bb.)precedence. In communications, a designation assigned to a message by theoriginator to indicate to communications personnel the relative order ofhandling and to the addressee the order in which the message is to be noted.(See reference bb.) The ascending order of precedence for military messages isROUTINE, PRIORITY, IMMEDIATE, FLASH and Flash Override.a. ROUTINE. Precedence designation applied to official US Governmentcommunications that require rapid transmission by telephonic means but donot require preferential handling.b. PRIORITY. Precedence reserved generally for telephone calls requiringexpeditious action by called parties and/or furnishing essential information forthe conduct of US Government operations.c. IMMEDIATE. Precedence reserved generally for telephone callspertaining to: (1) Situations that gravely affect the security of nationaland allied forces (2) Reconstitution of forces in a post attack period.xiv(3) Intelligence essential to national security. (4) Conduct ofdiplomatic negotiations to reduce or limit the threat of war. (5)Implementation of federal government actions essential to national survival.(6) Situations that gravely affect the internal security of the United States.(7) Civil Defense actions concerning US population. ( Disastersor events of extensive seriousness having an immediate and detrimental effecton the welfare of the population. (9) Vital information having an immediateeffect on aircraft, spacecraft, or missile operations.d. FLASH. Precedence reserved generally for telephone calls pertaining to:(1) Command and control of military forces essential to defense andretaliation.(2) Critical intelligence essential to national survival.(3) Conduct of diplomatic negotiations critical to the arresting orlimiting of hostilities.(4) Dissemination of critical civil alert information essential to nationalsurvival.(5) Continuity of federal government functions essential to nationalsurvival.(6) Fulfillment of critical US internal security functions essential tonational survival.(7) Catastrophic events of national or international significance.e. FLASH OVERRIDE. A capability available to:(1) The President of the United States, Secretary of Defense, and JointChiefs of Staff.(2) Commanders of combatant commands when declaring DefenseCondition One or Defense Emergency.(3) USNORAD when declaring either Defense Condition One or AirDefense Emergency and other national authorities the President mayauthorize.(4) FLASH OVERRIDE cannot be preempted in the DSN.(5) FLASH OVERRIDE. A DRSN capability available to:(a). The President of the United States, Secretary of Defense, andJoint Chiefs of Staff.(b). Commanders of combatant commands when declaring DefenseCondition One or Defense Emergency.(c). USNORAD when declaring either Defense Condition One or AirDefense Emergency and other national authorities that the President mayauthorize in conjunction with Worldwide Secure Voice Conferencing System(WWSVCS) conferences.xvFLASH OVERRIDE cannot be preempted.preemption. The ruthless seizure -- usually automatic -- of a path through themilitary telephone system that is being used to serve lower precedence calls inorder to immediately serve a higher precedence call. (See reference jj.)Primary Switch. An installation switch (e.g., EO) that provides directconnections to user’s terminals and the bulk of the installation’s inter-DODmission communications. Large installations may have multiple EOs thatprovides a significant amount of DOD communications for multiple missions ofthe whole installation or serve individual tenant organizations on aninstallation.private branch exchange (PBX). 1. a. A telecommunications switch, ownedby a DOD Component that usually includes access to the public switchnetwork. b. A switch that serves a selected group of users and is subordinateto a switch at a higher level in the DSN hierarchy.c. A private telephone switchboard that provides on-premises dial serviceand may provide connections to local and trunked communications networks.Note: A PBX operates with only a manual switchboard. A private automaticexchange PAX does not have a switchboard.(See reference jj.)protected distribution system (PDS). A wireline or fiber-opticstelecommunication system that includes terminals and adequate acoustical,electrical, electromagnetic, and physical safeguards to permit its use for theunencrypted transmission of classified information: A complete PDS includesthe subscriber and terminal equipment and the interconnecting lines. (Seereference jj.)public switched telecommunications network (PSTN). Global collection ofprivate and US Government interconnected public telephone networksproviding voice and data communications via switched lines. Any commoncarriernetwork that provides circuit switching among public users. Note: Theterm is usually applied to public switched telephone networks, but it could beapplied more generally to other switched networks, such as packet-switchedpublic data networks. (See reference jj.)Real Time Services (RTS). A subset of the four categories of services containedin the GIG NCID, QoS (T300). The four categories of services are Signaling,Inelastic/Real Time, Preferred Elastic and Elastic. Signaling includes bothNetwork Control and User Signaling for managing the network and setting upand taking down sessions over the network. Inelastic RTS provide GIG userswith primarily live interactive services that are that are extremely sensitive topacket delay, jitter and loss to include voice, video, multimediacommunications or rapid delivery of critical command and control informationinvolving weapons delivery capabilities that clearly allow for (1) the equivalentxviof “Face to Face” interactions in which both factual and emotional content ofthe interaction can be conveyed and (2) operation of surveillance and weaponssystems that require rapid message delivery.satellite communications (SATCOM). A telecommunications service providedvia one or more satellite relays and their associated uplinks and downlinks.(reference jj.)Secure Communications Interoperability Protocol (SCIP). SCIP is the USGovernment's standard for secure voice and data communication and wasadopted to replace the FNBDT (Future Narrowband Digital Terminal) title in2004. SCIP systems have been in use since 2001, beginning with the CONDORsecure cell phone. The standard is designed to cover wideband as well asnarrowband voice and data security.SECRET Internet Protocol Router Network (SIPRNET). Worldwide SECRETlevelpacket switch network that uses high-speed Protocol routers and highcapacityDefense Information Systems Network circuitry. (See reference bb.)split homing. The connection of terminal equipment to more than oneswitching center by separate access lines, each of which has a separatedirectory number. (See reference jj.)tactical communications. Communications in which information of any kind,especially orders and decisions, are conveyed from one command, person, orplace to another within the tactical forces, usually by means of electronicequipment, including communications security equipment, organic to thetactical forces. Tactical communications do not include communicationsprovided to tactical forces by the DISN, to non-tactical military commands andto tactical forces by civil organizations. (See reference jj.)tandem. Pertaining to an arrangement or sequencing of networks, circuits, orlinks, in which the output terminals of one network, circuit, or link areconnected directly to the input terminals of another network, circuit, or link.(See reference jj.)tandem office. A central office that serves local subscriber loops and also isused as an intermediate switching point for traffic between central offices.(Seereference jj)Telecommunications Service Priority (TSP) service. A regulated service providedby a telecommunications provider, such as an operating telephone company ora carrier, for NS/EP telecommunications. Note: The TSP service replacedRestoration Priority service effective September 1990. (See reference jj.)xviiTheater NetOps Center (TNC). Each TNC provides direct support to its TNCC,ensuring the effective operation and defense of the GIG within the theater. TheTNC is OPCON to JTF-GNO and offers onsite, theater support. Each TNC canissue technical directives to STNOSCs/Agency Theater Network Operations andSecurity Centers (ATNOSCs). The TNC develops, monitors and maintains aGIG SA view for the theater. The theater GIG Situational Awareness (SA) viewis aggregated and segmented based on requirements provided by the TNCC asderived from the GIG common SA standards. The GIG SA view will includepertinent theater, operational, and tactical-level system and network, GND,and GCM status. Coordination with the TNCC is paramount especially withregards to reporting requirements and SA. (See reference vv.)Theater NetOps Control Center (TNCC). The primary mission of the TNCC is tolead, prioritize, and direct theater GIG assets and resources to ensure they areoptimized to support the GCC’s assigned missions and operations, and toadvise the combatant command of the GIG’s ability to support current andfuture operations. The specific roles of the TNCC include monitoring of the GIGassets in their theater, determining operational impact of major degradationsand outages, leading and directing responses to degradations and outages thataffect joint operations, and directing GIG actions in support of changingoperational priorities. The TNCC leads the combatant command response toNetOps events and responds to JTF-GNO direction when required to correct ormitigate a global NetOps issue. (See reference vv.)transmission security. The component of communications security that resultsfrom the application of measures designed to protect transmissions frominterception and exploitation by means other than crypto-analysis. (Seereference jj.)TRI-TAC. Acronym for tri-services tactical. See tactical communications. (Seereference jj.)TRI-TAC equipment. Equipment that accommodates the transition fromcurrent manual and analog systems to fully automated digital systems andprovides for message switching, voice communications circuit switching, andthe use of secure voice terminals, digital facsimile systems, and user digitalvoice terminals. (See reference jj.)ultrahigh frequency (UHF). Frequencies from 300 MHz to 3000 MHz. (Seereference jj.)user. A person, organization, or other entity (including a computer orcomputer system) that employs the services provided by a telecommunicationssystem or an information processing system for transfer of information
DEFENSE INFORMATION SYSTEM NETWORK (DISN): POLICY ANDRESPONSIBILITIESReferences: See Enclosure E.1. Purpose. This instruction establishes policy and responsibilities forthe connection of information systems (ISs) (e.g., applications, enclaves,or outsourced processes) to the Defense Information System Network(DISN).a. Additional policies governing other subnetworks of the DISNnetworks are covered in the following instructions:(1) Chairman of the Joint Chiefs of Staff Instruction (CJCSI)6250.01, “Satellite Communications” (reference a).(2) CJCSI 6215.01, “Policy for Department of Defense VoiceNetworks” (reference b).b. Policy on sensitive compartmented information (SCI) is covered inDirector of Central Intelligence Directive (DCID) 6/3, “ProtectingSensitive Compartmented Information within Information Systems”(reference c).c. This instruction does not cover connection policy to research,development, test, and evaluation networks such as the DefenseResearch and Engineering Network or Advanced Concept TechnologyDemonstration networks.11 These networks must follow DISN connection and DOD cross domain processes and proceduresif connecting to the DISN.CJCSI 6211.02C9 July 200822. Cancellation. CJCSI 6211.02B, 31 July 2003, “Defense InformationSystem Network (DISN): Policy, Responsibilities and Processes,” iscanceled.3. Applicability. This instruction applies to the Joint Staff; combatantcommands, Services, and Defense agencies (CC/S/As); and DOD fieldand joint activities, including DOD and Service Nonappropriated FundInstrumentalities. This instruction also applies to non-DODgovernmental DISN users and contractors in facilities that interconnectwith the DISN.4. Policy. See Enclosure A.5. Responsibilities. See Enclosure B.6. Summary of Changes. This revision updates CJCSI 6211.01B. Itfurther:a. Moves to the concept of baseline CD services and solutions (i.e.,enterprise CD services, centralized CD solutions, and baseline pointsolutions) providing the primary capabilities for information sharingbetween different security domains.b. Replaces DISN Designated Approving Authorities (DISN DAAs)with the new DOD Principal Accrediting Authorities (PAAs). Additionally,replaces the DISN Flag Panel with the DISN/Global Information Grid(GIG) Flag Panel.c. Updates certification and accreditation (C&A) guidance based onthe DOD Information Assurance Certification and Accreditation Process(DIACAP) implementation in accordance with (IAW) DOD Instruction(DODI) 8510.01 (see reference d).d. Focuses on policy and responsibilities. Specific process steps willbe maintained and updated as required by the Defense InformationSystems Agency (DISA).e. Transfers Cross Domain Solutions Assessment Panelresponsibilities to Cross Domain Resolution Board (CDRB) chaired by theDirector, Unified Cross Domain Management Office (UCDMO).f. Makes CC/S/A headquarters responsible for endorsing andvalidating requirements for CC/S/A organization CD information transferand non-DOD connection requests.CJCSI 6211.02C9 July 20083g. Adds DOD requirement to register ISs connected to the DISN inthe DOD Information Technology (IT) Portfolio Repository (DITPR) or theSECRET Internet Protocol Router Network (SIPRNET) IT Registry.h. Adds UCDMO responsibilities and roles.i. Provides updated guidance on official and authorized use of DISNIAW DOD Regulation 5500.7-R (reference e). Additionally, updatesguidance covering violations of standards of conduct prescribed in theregulation IAW DODD 5500.7 (reference f).j. Provides reciprocity guidance for connection of ISs to facilitate theestablishment of joint bases, combatant command operationalrequirements, and the migration to net-centric warfare.7. Definitions. See Glossary. Major source documents for definitions inthis instruction are Joint Publication (JP) 1-02, “DOD Dictionary ofMilitary and Associated Terms,” (reference g) and Committee on NationalSecurity Systems (CNSS) Instruction (CNSSI) 4009, “National InformationAssurance Glossary” (reference h).8. Releasability. This instruction is approved for public release;distribution is unlimited. DOD components (including combatantcommands), other federal agencies, and the public may obtain copies ofthis instruction through the Internet from the CJCS Directives HomePage -- http://www.dtic.mil/doctrine.9. Effective Date. This instruction is effective immediately.For the Chairman of the Joint Chiefs of Staff:--------------ENCLOSURE APOLICY1. Defense Information System Network (DISN) Backgrounda. The DISN is a composite of DOD-owned and leasedtelecommunications subsystems and networks. It is DOD’s worldwideenterprise-level telecommunications infrastructure providing end-to-endinformation transfer in support of military operations. The DISNfacilitates information resource management and supports nationalsecurity as well as DOD needs. As a critical portion of the GIG, the DISNfurnishes network services to DOD installations and deployed forces.Those services include voice, data, video, messaging, and other unifiedcapabilities along with ancillary enterprise services such as directories.The DISN has three segments: sustaining base, long-haul, and deployed.(1) The sustaining base infrastructure (i.e., base, post, camp orstation, and Service enterprise enclaves) interfaces with the long-haulinfrastructure to support strategic/fixed environment usertelecommunications requirements. The sustaining base segment isprimarily the responsibility of the CC/S/A.(2) The long-haul telecommunications infrastructure and itsassociated services are the responsibility of the DISA.(3) The deployed warfighter and associated combatant commandertelecommunications infrastructures support the Joint Task Force and/orCombined Task Force. The combatant command and subordinateService components have primary responsibility for the deployedwarfighter and associated combatant command telecommunicationsinfrastructure within the theater.b. The DISN provides the GIG transfer infrastructure by connectingseparate CC/S/A and field activity ISs into a DOD enterprise-widenetwork to meet common-user and special purpose information transferrequirements.c. DISN information transfer facilities support secure transportrequirements for subnetworks such as the Defense Switched Network(DSN), Defense Red Switch Network (DRSN), Non-Secure InternetProtocol Router Network (NIPRNET),2 SIPRNET, DISN Video Services2 Based on DOD dictionary and JP 1-02 (reference g). Other uses of the acronym includeUnclassified But Sensitive Internet Protocol Router Network (DOD IT Portfolio Registry) and Non-Classified Internet Protocol Router Network (DODI 8500.2 (reference k)).CJCSI 6211.02C9 July 2008A-2Enclosure A(DVS) Network, Enhanced Mobile Satellite Services (EMSSs), and othergovernment agency networks.d. The DISN's long-haul telecommunications infrastructure isdesignated as a mission critical3 and mission assurance category (MAC) Inational security system (NSS). The DISN and its subnetworks must beoperated and protected IAW DODD 8500.01E (reference i) and other8500 series issuances.(1) The DISN SIPRNET, NIPRNET, DRSN, and EMSS subnetworksare designated as mission critical IAW DODI 5000.2 (reference j).(2) The DISN SIPRNET, DRSN, and EMSS subnetworks aredesignated as MAC I ISs handling information vital to the operationalreadiness or mission effectiveness of deployed and contingency forces interms of content and timeliness. These subnetworks must implementdesignated MAC I information assurance (IA) controls IAW DODI 8500.2(reference k) and DODI 8510.01 (reference d).2. Policya. DOD will use DISN services to satisfy DOD long-haul and widearea network transfer communications requirements IAW DODI 4640.14(reference l).b. The DISN will use secure configurations of approved IA and IAenabledIT products (i.e., National Information AssurancePartnership/Federal Information Processing Standardsevaluated/approved products), certified IA personnel, and strictconfiguration control.c. DOD ISs4 connected to DISN must be certified and accredited IAWapplicable guidance and processes (i.e., DODI 8510.01 (reference d),DODI 8100.3 (reference m), or DCID 6/3 (reference c)).3 A system that meets the definitions of “information system” and “national security system” inthe Clinger Cohen Act, the loss of which would cause the stoppage of warfighter operations ordirect mission support of warfighter operations. See DODI 5000.2 (reference j).4 Includes DOD-owned ISs and DOD-controlled ISs operated on behalf of the Department forDefense that receive process, store, display, or transmit DOD information, regardless ofclassification or sensitivity.CJCSI 6211.02C9 July 2008A-3Enclosure Ad. Non-DOD (see Glossary) ISs operating on behalf of theDepartment of Defense must be certified and accredited IAW applicableDOD guidance and processes (i.e., DODI 8510.01 (reference d) or DOD5220.22-M, “National Industrial Security Program Operating Manual”(NISPOM) (reference n)).e. DOD ISs must be registered in the DITPR or the SIPRNET ITregistry by the responsible CC/S/As or field activities IAW DOD ChiefInformation Officer (CIO) memorandum (reference o).f. Non-DOD ISs operating on behalf of the Department of Defensemust be registered in the DITPR or the SIPRNET IT registry by thesponsoring CC/S/As or field activities IAW DOD CIO memorandum(reference o).g. Unclassified IS applications connected to the DISN must beregistered in the systems/networks approval process (SNAP) systemWeb-based application, the systems approval process (SysAP).h. DOD ISs connected to the DISN must be covered by accreditedComputer Network Defense Service (CNDS) providers IAW DODDO-8530.1 (reference p).i. Non-DOD ISs connected to the DISN must be covered byaccredited CNDS providers IAW DODD O-8530.1 (reference p).5j. Direct or indirect DISN connections must follow the connectionpolicies and responsibilities established in this instruction. They mustalso follow DISA connection request procedures, requirements, andprocesses. Connections for SCI ISs will be IAW DCID 6/3 (reference c).k. Tunneling of classified Secret information over transport otherthan SIPRNET must use National Security Agency (NSA)/CentralSecurity Service (CSS) approved cryptography. Data must be encryptedby NSA/CSS approved Type-1 cryptography when transported over anetwork not cleared at or above the highest level of classification of thedata.5 The sponsoring CC/S/A or field activity must ensure that the CNDS provider requirement is defined in acontract, MOA, or MOU with the non-DOD organization or entity.CJCSI 6211.02C9 July 2008A-4Enclosure Al. Connections among ISs of different security domains will be IAWthis instruction, DODD 8500.01E (reference i), DODD O-8530.1(reference p), and other applicable DOD issuances and instructions.Connections to SCI ISs must be IAW DCID 6/3 (reference c).6(1) Connections of non-DOD ISs to the DISN must be sponsored,endorsed, and validated by the CC/S/A or field activity headquarters andapproved by the Office of the Assistant Secretary of Defense for Networksand Information Integration (OASD(NII)/DOD CIO).(2) All non-DOD connections to DISN require a DOD sponsor,separate connection request, and filtered access.(3) Contractor ISs connected to the DISN must comply with thisinstruction, guidelines issued by DISA as the operating entity, and DOD5220.22-M, NISPOM (reference n).7m. Cross Domain Information Transfer Requirements andCapabilities(1) CD information transfers must be used only to meet CC/S/Aand field activity compelling mission requirements and must be validatedby CC/S/A or field activity headquarters.(2) CD information transfer requirements will be prioritized basedon the National Military Strategic Plan for the War on Terrorism(reference q) priorities and the military objectives in the National MilitaryStrategy (reference r).(3) CD information transfer requirements will employ baselinecapabilities and technologies8 in the following order:(a) Enterprise CD services, which are used to connect ISs ofdifferent security domains, will be established to fulfill operationalrequirements across the DOD enterprise.(b) Centralized CD solutions, which are centrally managed andowned by a single DOD component, will be established to fulfilloperational requirements across multiple organizations.6 SCI CD connections to a collateral DISN system will be documented in the system’s DODaccreditation package.7 Defense Security Service has been assigned as the Cognizant Security Office for DODimplementation of the NISPOM.8 The Cross Domain Baseline can be found at https://www.intelink.gov/mypage/ucdmo.CJCSI 6211.02C9 July 2008A-5Enclosure A(c) Baseline point CD solutions approved for operational usewill be used only when an enterprise CD service or centralized CDsolution is not available.(4) When existing CD baseline services or capabilities cannot meetoperational requirements, the development of new solutions must beapproved IAW this instruction.n. A DOD inspection, site visit, and assessment program9 willsupport connected ISs.(1) All ISs connected to the DISN are subject to electronicmonitoring for communications management and network security. Thisincludes site visits, compliance inspections, and remote vulnerabilityassessments to check system compliance with configuration standards.(2) Scanning and monitoring by organizations external to aCC/S/A or field activity must be pre-coordinated at least 24 hours priorto the event.10o. Survivability enhancements in transmission paths, routing,equipment, and associated facilities must be implemented in ISssupporting critical CC/S/A mission requirements based on thecommander’s or director’s formal risk management process IAW DODI8510.01 (reference d).p. Personnel with access or privileged access to the DISN will meetthe personnel security requirements IAW DOD 5200.2-R (reference s).q. The DISN is the DOD’s worldwide enterprise-leveltelecommunications infrastructure. It is critical to planning, mobilizing,deploying, executing, and sustaining U.S. military operations (DODD3020.40 (reference t)).3. Official and Authorized Use of DISN. The DISN must be used only forofficial and authorized purposes IAW DOD 5500.7-R (reference e).11 Useof the DISN for non-official purposes must be authorized in writing bythe CC/S/A Component head.9 See Enclosure D, DISN Security Information Assurance Program.10 This will occur with at least 24 hours notification and coordination with the CC/S/A or fieldactivity DAA or appointed representative and U.S. Strategic Command (USSTRATCOM).11Federal government communication systems and equipment (including government-ownedtelephones, facsimile machines, electronic mail, Internet systems, and commercial systems whenuse is paid for by the federal government) shall be for official use and authorized purposes only.CJCSI 6211.02C9 July 2008A-6Enclosure Aa. CC/S/As may authorize categories of non-official communicationafter determining that such communications:(1) Do not adversely affect the performance of official duties by theDOD employee or CC/S/A or field activity.(2) Are of reasonable duration and frequency and, wheneverpossible, are made during the DOD employee’s or military member’spersonal time (such as after normal duty hours or during lunch periods).(3) Serve a legitimate public interest such as enabling DODemployees or military members to stay at their desks rather than leavethe work area to use commercial communication systems.(4) Do not overburden the communication system and create nosignificant additional cost to DOD, CC/S/A, or field activity.b. DOD 5500.7-R (reference e) states that authorized purposes mightinclude brief communications made by military members and DODemployees during official travel to notify family members oftransportation or schedule changes. They may also include reasonablepersonal communications from the military member or DOD employee athis or her workplace (such as checking with spouses or minor children;scheduling doctor, automobile, or home repair appointments; briefInternet searches; or e-mailing directions to a visiting relative).c. CC/S/A directors or military commanders may prohibit use ofgovernment communications systems and equipment, or filter access tocommercial Web sites or services, to defend DOD’s IT resources andensure sufficient bandwidth is available for DOD operations. Examplesof situations where access may be prohibited or filtered include thefollowing:(1) Accessing streaming video or radio Web sites.(2) Accessing personal commercial e-mail accounts (e.g., Hotmail,Yahoo, AOL, etc.) from government computers.d. Unauthorized DISN uses include the following:(1) Use, loading, or importing of unauthorized software (e.g.,applications, games, peer-to-peer software, movies, music videos or files,etc.).CJCSI 6211.02C9 July 2008A-7Enclosure A(2) Accessing pornography.(3) Unofficial advertising, selling, or soliciting (e.g., gambling,auctions, stock trading, etc.).(4) Improperly handling classified information.(5) Using the DISN to gain unauthorized access to other systemsand/or networks.(6) Endorsing any product or service, participating in any lobbyingactivity, or engaging in any prohibited partisan political activity.(7) Posting DOD information to external newsgroups, bulletinboards, or other public forums without authorization.( Other uses incompatible with public service.e. DODD 5500.7 (reference f) states penalties for violation of thestandards of conduct prescribed in DOD 5500.7-R (reference e) thatinclude statutory and regulatory sanctions such as judicial (criminal andcivil) and administrative actions for DOD civilian employees andmembers of the Military Departments.(1) The provisions concerning the official and authorized use of theDISN (federal communications) in DOD 5500.7-R (reference e) constitutelawful general orders or regulations within the meaning of Article 92(section 892 of reference u) of the Uniform Code of Military Justice(UCMJ), are punitive, and apply without further implementation. Inaddition to prosecution by court-martial under the UCMJ, a violationmay serve as a basis for adverse administrative action and other adverseaction authorized by United States Code (USC) or federal regulations. Inaddition, violation of any provision in DOD 5500.7-R (reference e) mayconstitute the UCMJ offense of dereliction of duty or other applicablepunitive articles.(2) Violation of any provision in DOD 5500.7-R (reference e) byDOD civilian employees may result in appropriate criminal prosecution,civil judicial action, disciplinary or adverse administrative action, orother administrative action authorized by USC or federal regulations.CJCSI 6211.02C9 July 2008
Government Networks:Secure mission-critical communications and transform critical infrastructure with exceptional interoperability, capacity, and intelligence
Solutions forGovernment Networks The power to transform at your commandDepends on multiservice flexibility and mission-critical reliability Features and Benefits Application Highlights Related Products JITC-certified multiservice switching platforms work within budget constraints to deliver high-speed bandwidth and efficient, net-centric operations. Standards-based interoperability accommodates existing and emerging applications, facilitates seamless evolution, and improves inter-agency communications.Transformation – Consolidate multiple network elements into one compact system Survivability – Empower mission-critical service availability and optical mesh resiliency Scalability – Enable scalable multiservice communications – unified from edge to core Security – Protect vital information using central authentication and strong encryption Manageability – Optimize performance and capacity utilization with unmatched network and service awareness, end-to-end intelligence, and advanced modeling tools
Intelligent, packet-optimized networking platforms keep pace with our customers' needs for enhanced broadband service delivery, increased network resiliency, and cost-effective migration strategies. By simplifying operations and helping network operators manage bandwidth capacity more efficiently, Sycamore products dramatically reduce network cost and complexity.Intelligent Multiservice/Optical Switching Products SN 16000 Intelligent Optical Switch High-capacity bandwidth management and mesh resiliency for the optical core SN 9000 Intelligent Multiservice Switch Packet/optical grooming and aggregation for the metro and regional core SN 3000 Intelligent Optical Edge Switch Multiservice flexibility and reliable performance at the network edge SILVX® Network Management Scalable, unified network management system common to all SN switches BroadLeaf® Networking Software ASON/GMPLS-compliant control plane shared across SN switching platforms Digital Cross-Connect and Access Gateway Products DNX Cross-Connect Platform Aggregation, grooming, and access concentration from DSO to OC-3/STM-1 ENvision Plus Network Management Comprehensive management system for DNX cross-connect platforms DNX-1u Access Gateway TDM grooming and remote cell site management for the mobile RAN IAB-3000 Integrated Access Bank Compact and economical channel bank for multiservice voice/data access SPS-1000 Signal Processing System Voice conferencing and data bridging for SCADA/telemetry applications
Intelligent Optical Switching at the DISA Network CoreThe Global Information Grid-Bandwidth Expansion (GIG-BE) ProjectSome Communications Really Are Mission-CriticalWhen the US Department of Defense (DoD) decided they needed a super-high-speed network, they soon realized the best course of action was to build their own. The result –the Global Information Grid-Bandwidth Expansion (GIG-BE) project – formed a state-of-the-art network foundation for DoD communications, under the jurisdiction of their Defense Information Systems Agency (DISA).GIG-BE created a robust, IP-based network where bandwidth is no longer a constraint and vast quantities of information can be distributed, analyzed, and shared in a more efficient and effective manner. The new network ensures secure, high bandwidth capability over a physically diverse, optical mesh architecture that interconnects key intelligence, command, and operational locations throughout the continental United States (CONUS), Pacific, and European Theaters.We’re proud to say that Sycamore intelligent optical switching technology plays a pivotal role in providing connectivity for one of the world’s most advanced and technically innovative networks.About DISAThe GIG-BE project is a highly strategic initiative of the Defense Information Systems Agency (DISA) within the US Department of Defense (DoD). DISA is a combat support agency responsible for planning, engineering, acquiring, fielding, and supporting global net-centric solutions and operating the Global Information Grid to serve the needs of the President, Vice President, Secretary of Defense, Joint Chiefs of Staff, Combatant Commanders, and other DoD Components under all conditions of peace and war.DISA is the preferred provider of Global Net-Centric Solutions for the Nation’s warfighters and all those who support them in defense of the Nation. For more information, visit www.disa.mil.Why the World’s Best Consistently Choose SycamoreAfter rigorous testing of the leading optical switch products, DISA and SAIC concluded that the Sycamore switch represented the best technical solution, based on their evaluation criteria:- Operationally proven product reliability- Advanced networking software intelligence- Industry-leading switch capacity and system scalability- Support for diverse protection schemes- Advanced network emulation and design toolsGIG-BE was operational by year-end 2005 and, after follow-on evaluation, accredited to support very high-speed traffic classified up to and including Top Secret. Achieving DISA’s vision of “a color to every base” entailed physically diverse network access and substantial upgrades to the optical backbone. GIG-BE met this objective in a state-of-the-art switched optical network with 10 Gbps OC-192 or faster connections serving 85 sites throughout the world.The ultimate goal is to bring the efforts of the military, the intelligence community, and other coalition forces together to ensure US forces get the information they need to complete a mission in as near real-time as possible. Taking the next step in that direction, the GIG-BE team is planning for the transformation and optimization of DISN subsystems (voice, data, video). They intend to provide converged services by the end of the decade. It’s a safe bet they will.
CorporateCompany Overview – Intelligent Bandwidth Management (PDF 158 KB) Empowering Connections for Government Networks (PDF 1.4 MB) Intelligent Multiservice/Optical Switching ProductsProduct Brief: SN 16000 Intelligent Optical Switching Platform – Service Provider (PDF 830 K) Product Brief: SN 16000 Intelligent Optical Switching Platform – Government (PDF 833 K) Product Brief: SN 9000 Intelligent Multiservice Switch – Service Provider (PDF 1.2 MB) Product Brief: SN 9000 Intelligent Multiservice Switch – Government (PDF 1.2 MB) Product Brief: SN 3000 Intelligent Optical Edge Switch (PDF 705 KB) Datasheet: SN 16000 Intelligent Optical Switching Platform – Service Provider (PDF 340 KB) Datasheet: SN 16000 Intelligent Optical Switching Platform – Government (PDF 340 KB) Datasheet: SN 9000 Intelligent Multiservice Switch – Service Provider (PDF 577 KB) Datasheet: SN 9000 Intelligent Multiservice Switch – Government (PDF 577 KB) Datasheet: SN 3000 Intelligent Optical Edge Switch – Service Provider (PDF 363 KB) Datasheet: SN 3000 Intelligent Optical Edge Switch – Government (PDF 365 KB) Datasheet: BroadLeaf Networking Software (PDF 274 KB) Datasheet: SILVX Intelligent Network Management (PDF 348 KB) Datasheet: Universal Service Card (PDF 950 KB) Datasheet: Multirate Ethernet Card for the SN 9000 Multiservice Switch (PDF 555 KB) Case Study: Empowering Next-Generation Digital Media Distribution (PDF 320 KB) Case Study: Intelligent Optical Switching at the DISA Network Core (PDF 340 KB) Application Note: Control Plane Intelligence for Multiservice Networks (PDF 327 KB) Application Note: Core Transport Optimization for Mobile Networks (PDF 358 KB) Application Note: Efficient MSO Inter-Regional Core Networks (PDF 309 KB) Application Note: Field-Proven Intelligent Optical Control Plane Solutions (PDF 297 KB) Application Note: Integrated ADM/MSPP/DCS for Regional/Core Applications (PDF 469 KB) Application Note: Intelligent Ethernet Transport for Multiservice Networks – Service Provider (PDF 334 KB) Application Note: Intelligent Ethernet Transport for Multiservice Networks – Government (PDF 524 KB) Application Note: International SONET/SDH Gateway Services (PDF 258 KB) Application Note: Practical Ethernet Solutions for Mobile Core Networks (PDF 300 KB) White Paper: Proven Operational Benefits and Business Value of Optically Switched Networks (PDF 987 KB) Byline: EtherOptics Optimizes Intelligent IP/Ethernet Transport – Lightwave (PDF 397 KB) Byline: Intelligent Optical Layer Improves Broadband Disaster Recovery – Lightwave (PDF 1.0 MB) Access Gateway and Digital Cross-Connect ProductsProduct Brief: DNX Cross-Connect Platform (PDF 1.1 MB) Datasheet: S-DNX Cross-Connect (PDF 747 KB) Datasheet: DNX Module Sets (PDF 604 KB) Datasheet: PSX-5300 Protection Switch (PDF 504 KB) Datasheet: DNX-1u Access Gateway (PDF 420 KB) Datasheet: IAB-3000 Integrated Access Bank (PDF 832 KB) Datasheet: SPS-1000 Signal Processing System (PDF 433 KB) Datasheet: ENvision Plus Network Management (PDF 513 KB) Datasheet: Circuit/Packet eXchange (CPX) Module Set (PDF 491 KB) Datasheet: Low Speed Optical Modules for Utility Communications (PDF 390 KB) Application Note: Efficient Consolidation for Teleport Networks (PDF 379 KB) Application Note: Migrating SS7 Signaling Networks to Sigtran (PDF 271 KB) Application Note: Mobile Backhaul Optimization (PDF 347 KB) Application Note: Optimizing VoIP Platforms for MSO/Cable Operators (PDF 337 KB) Application Note: Telemetry Networks: Monitor and Control Remote Sites (PDF 282 KB) Application Note: Utility Network Optimization (PDF 387 KB) Case Study: Mobile RAN Telemetry: Three Solutions Scenarios (PDF 615 KB) White Paper: Secure and Reliable Utility Telecom Networks (PDF 493 KB) Services & SupportBrochure: Services and Support (PDF 339 KB) Datasheet: Disaster Recovery (PDF 159 KB) Datasheet: Engineering, Furnishing, Installation & Test (EFI&T) (PDF 161 KB) Datasheet: Network Audit (PDF 163 KB) Datasheet: Software Upgrades (PDF 159 KB)