7.2.2. Mandatory Policies

DEFENSE ACQUISITION GUIDEBOOK
Chapter 7 - Acquiring Information Technology

7.2.2. Mandatory Policies

7.2.2.1. DoD Directive 5000.01, "The Defense Acquisition System"

7.2.2.2. DoD Instruction 5000.02, "Operation of the Defense Acquisition System"

7.2.2.3. CJCS Instruction 6212.01, "Interoperability and Supportability of Information Technology (IT) and National Security Systems"

7.2.2.4. DoD Directive 4630.05, "Interoperability and Supportability of Information Technology (IT) and National Security Systems (NSS)"

7.2.2.5. DoD Directive 8000.01, "Management of the DoD Information Enterprise"

7.2.2.1. DoD Directive 5000.01, "The Defense Acquisition System"

Extracts:

• E1.1.9: Information Assurance. Acquisition managers shall address information assurance requirements for all weapon systems; Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance systems; and information technology programs that depend on external information sources or provide information to other DoD systems.
• E1.1.10: Information Superiority. Acquisition managers shall provide U.S. Forces with systems and families of systems that are secure, reliable, interoperable, compatible with the electromagnetic spectrum environment, and able to communicate across a universal information technology infrastructure, including NSS, consisting of data, information, processes, organizational interactions, skills, analytical expertise, other systems, networks, and information exchange capabilities.
• E1.1.13: Interoperability. Systems, units, and forces shall be able to provide and accept data, information, materiel, and services to and from other systems, units, and forces and shall effectively interoperate with other U.S. Forces and coalition partners. Joint concepts and integrated [solution] architectures shall be used to characterize these interrelationships.

7.2.2.2. DoD Instruction 5000.02, "Operation of the Defense Acquisition System"

Extract:

• The DoD Enterprise Architecture shall underpin all information architecture development. In accordance with DoD Directive 8000.01 . . ., each integrated solution architecture shall have three views: operational, systems, and technical. The standards used to form the technical views of integrated architectures shall be selected from those contained in the current approved version of the DoD IT Standards Registry.

DoD Instruction 5000.02 requires DoD acquisition programs to demonstrate consistency with GIG policies and architectures, to include relevant standards. (See Enclosure 5, Table 8, Title 40, Subtitle III/CCA Compliance Table) (The table indicates that the Net-Ready Key Performance Parameter in the Acquisition Program Baseline, required at Program Initiation for Ships, Milestone (MS) B, MS C, and the Full-Rate Production Decision Review (DR) (or Full Deployment DR), in part satisfies the requirement. The table also indicates that the Information Support Plan (ISP), in part, satisfies the requirement. An Initial ISP is required at Program Initiation for Ships and at MS B. A Revised ISP is due at the Critical Design Review (unless waived). And the ISP of Record is due at MS C.)

The DoD components under /DoD CIO leadership are required to develop an Enterprise Archtiecture that aligns with the DoD EA,and use their architecture and the DoD EA to guide the acquisition of IT.

Each IT acquisition program (or set of programs) is also required to develop a solution architecture comprised of DoDAF viewpoints determined to meet the needs of the PM (Fit-for-Purpose) and then use these products over the program life cycle to guide, monitor, and implement solutions in alignment with the DoD Enterprise Architecture as described in the DoD IEA.

Using these architectures and plans, the)/DoD CIO, in collaboration with Under Secretary of Defense for Acquisition, Technology and Logistics (USD(AT&L)) and portfolio managers will conduct capability assessments, guide systems development, and define the associated investment plans as the basis for aligning resources throughout the Planning, Programming, Budgeting, and Execution process.

7.2.2.3. CJCS Instruction 6212.01, "Interoperability and Supportability of Information Technology (IT) and National Security Systems"

It is DoD policy that all Information Technology (IT), including NSS, and major modifications to existing IT will be compliant with the Title 40/CCA, DoD interoperability regulations and policies, and the most current version of the DoD Information Technology Standards Registry (DISR). Establishing interoperability and supportability in a DoD system is a continuous process that must be managed throughout the life cycle of the system. The following elements comprise the Net-Ready Key Performance Parameter (NR-KPP): 1) compliant architecture; 2) compliance with DoD Net-centric Data and Services strategies; 3) compliance with applicable GIG Technical Guidance; 4) verification of compliance with DoD information assurance requirements; and 5) compliance with supportability elements to include spectrum utilization and information bandwidth requirements, Selective Availability Anti-Spoofing Module (SAASM) and the Joint Tactical Radio System, as applicable. (See CJCSI 6212.01, Enclosure A, paragraph 1.e.)

7.2.2.4. DoD Directive 4630.05, "Interoperability and Supportability of Information Technology (IT) and National Security Systems (NSS)"

This Directive defines a capability-focused, effects-based approach to advance IT and NSS interoperability and supportability across the Department of Defense.

Extract:

• 1.3. Establishes the Net-Ready Key Performance Parameter (NR-KPP) to assess net-ready attributes required for both the technical exchange of information and the end-to-end operational effectiveness of that exchange. The NR-KPP replaces the Interoperability KPP and incorporates net-centric concepts for achieving IT and NSS interoperability and supportability.
• 4.2. IT and NSS, of the DoD Global Information Grid (GIG), shall provide for easy access to information, anytime and anyplace, with attendant information assurance. The GIG architecture shall be used as the organizing construct for achieving net-centric operations and warfare.

7.2.2.5. DoD Directive 8000.01, "Management of the DoD Information Enterprise"

This document reissues and renames DoD Directive 8000.01 and cancels 8100.01. The new DoD Directive 8000.01 requires the following:

• All aspects of the Defense Information Enterprise, including the Global Information Grid (GIG) infrastructure and enterprise services and solutions be planned, designed, developed, configured, acquired, managed, operated, and protected to achieve a net-centric environment, as envisioned in the National Defense Strategy, and be capable of effectively and efficiently supporting the Department's outcome goals and priorities.
• Investments in information solutions be managed through a capital planning and investment control process that is performance- and results-based; and provides for analyzing, selecting, controlling, and evaluating investments, as well as assessing and managing associated risks.
• The capital planning and investment control process interface with the DoD key decision support systems for capability identification; planning, programming, budgeting, and execution; and acquisition.
• Review of all Information Technology (IT) investments for compliance with architectures, IT standards, and related policy requirements.
• Acquisition strategies appropriately allocate risk between the Government and contractor; effectively use competition; tie contract payments to performance; and, where practicable, take maximum advantage of commercial off-the-shelf and non-developmental item technology.
• Information solutions structured in useful segments, narrow in scope and brief in duration; each segment solves a specific part of the overall mission problem and delivers a measurable net benefit independent of future segments.

DoD Directive 8000.01 encourages pilots, modeling and simulation, experimentation, and prototype projects, appropriately sized to achieve desired objectives, and not be used in lieu of testing or acquisition processes to implement the production version of the information solution.

Top of page