LATS_OV01_1.9.8
advertisement
FBI Information Technology Life Cycle Management Directive (IT LCMD), Version 3.0 SCR Control Gates APR FDR DCR MNR SSR SSAR CIR DR CDR PDR Project Level Reviews OAR Sys TRR DRR SATR RCR PTRR STRR AOR ORR TR CMMI Process Areas Process Areas Key Support Processes Life Cycle Phases Concept Exploration Requirements Development Acquisition Planning Source Selection Design Development & Test Implementation & Integration Operation & Maintenance Life Cycle Phases Process Areas - Key Support Processes (KSP) (Stakeholders) Project Level Reviews Control Gates Purpose: Purpose: Purpose: Purpose: Life Cycle Phases covers different aspects in the evolution and life of an IT project. Each Life Cycle Phase has specific activities that produce work products that are required by the next phase in the life cycle. Process Areas are clusters of related practices in an area that when performed collectively, satisfy a set of goals considered important for making significant improvement in that area. Overview: • • • • Nine consecutive Phases comprise the FBI IT Life Cycle. Each Phase covers a different aspect in the evolution and life of IT programs or projects. System development encompasses several phases, known as Life Cycle phases. Each life cycle phase has associated with it one or more Program Level Reviews, Control Gates, Key Support Processes, documentation requirements as well as specific inputs, outputs, entry and exit criteria. Phase Concept Exploration Purpose The purpose of Concept Exploration is to: • Identify and validate an opportunity to improve business accomplishments of the organization or a deficiency related to a business need. • Identify significant assumptions and constraints on solutions to that need. • Recommend the exploration of alternative concepts and methods to satisfy the need including questioning the need for technology (i.e., will a change in the business process offer a solution?). • Assure executive business and executive technical sponsorship. • Determine system data with "record" status. • Develop the business plan. Control Gate: System Concept Review Supporting Boards: IMPRB, EAB Project Level Reviews: Mission Needs Review Requirements Development Supporting Boards: IMPRB Project Level Reviews: System Specification Review Acquisition Planning allocates requirements among development segments, researches and applies lessons learned from previous projects, identifies potential product and service providers, and secures funding. Acquisition Planning Control Gate: Acquisition Planning Review Supporting Boards: CMB, IMPRB Project Level Reviews: None Source Selection executes solicitation, evaluates proposals, selects support, system providers, and developers for the subsequent phase. Source Selection Control Gate: None Supporting Boards: None Project Level Reviews: Source Selection Authorization Contract Implementation Review Design creates and documents detailed designs for system components, products, interfaces, and initiates test planning that includes electronic recordkeeping criteria. Design Control Gate: Final Design Review Supporting Boards: TRB, EAB Project Level Reviews: Requirements Clarification Review Design Concept Review Preliminary Design Review Critical Design Review Development and Test produces and tests all system components, assembles and tests all products including the approach to be taken for handling official records upon the system, and plans for system testing. Development & Test Control Gate: None Supporting Boards: None Project Level Reviews: Product Test Readiness Review Implementation and Integration executes functional, interface, system and integration testing, including electronic recordkeeping testing; provides certification, risk analysis, and risk mitigation plans for the handling of the electronic records; provides user training, and accepts and transitions the products to operations. Implementation & Integration Control Gate: Deployment Readiness Review System Test Readiness Review Supporting Boards: CMB, TRB Project Level Reviews: Site Test Readiness Site Acceptance Test Review Operational Readiness Review Operation & Maintenance Phase maintains and supports the products, including proper electronic recordkeeping by recertification every three years, and manages and implements necessary modifications. Operation & Maintenance Control Gate: Operational Acceptance Review Supporting Boards: CMB, IMPRB Disposal Project Level Reviews: Annual Operations Review Disposal retires and disposes of the system, software, hardware, data, and official records in an orderly manner so that some or all of it may be reactivated in the future if necessary. Control Gate: Disposal Review Project Level Reviews: Termination Review • • • • • • • Provides the necessary management and control, planning, coordination, technical, budgetary, security and other stakeholder functions. Performed independent of any Life Cycle Phase. Required deliverables (as identified) are integrated into the Control Gate and Project Level Reviews. Most are based on existing Federal policies, regulations and laws. Specific policies, processes, standards, and guidelines are developed by the owning organization (e.g., OIPP for ITIM). Details in IT LCMD v3.0, Appendix E. System driven (Funded). Deliverables KSP IT Strategic Planning [OIPP] • • • • • • • • Verification and Validation Plan Concept of Operations (ConOps) Initial Business Case Final Business Case System Security Plan Final Report Risk Repository Information Technology COOP Risk Assessment • • • • • • • LCCE Analysis/Trade Study Report(s) Lessons Learned Mission Needs Statement C&A Boundary and Perimeter C&A Registration Form Sensitive Information & System Security Worksheet Requirements Development defines operational, technical, electronic recordkeeping, and tests requirements and to initiate project planning. Control Gate: None Overview: • • • • System Requirements Specification Contingency Plan Risk Repository Rules of Behavior • Analysis/Trade Study Report • Privacy Impact Assessment • Lessons Learned • • • • • • • • Acquisition Plan System Requirements Specification Analysis/Trade Study Report(s) Bidders List Configuration Management Plan DD 254 Final Business Case Lessons Learned • • • • • • • • Life Cycle Cost Estimates Project Plan Quality Assurance Plan Risk Management Plan IT COOP Risk Mitigation Plan Risk Repository Requirements Traceability Matrix – Level 1 Test and Evaluation Master Plan • • • • • • RFP with Integrated Security Requirements System Security Plan Risk Repository Risk Management Plan CARC Assessment LCCE • • • • • • Lessons Learned Analysis/Trade Study Report(s) Bidders List DD 254 Source Selection Decision Memo Statement of Work • • • • • • • • • • • • • • • • CM Plan Risk Management Plan Project Plan Quality Assurance Plan Transition Plan Certification Test Plan (ST&E) (Development) Certification Test Analysis Report (ST&E) (Development) Independent Test Plan for Security (ST&E) Interconnection Security Agreement Security Implementation Plan Operations & Maintenance Design Document System and Security Architecture Design Test Procedures Critical Performance Measures Database Design Document Interface Design Document • • • • • • • • • • • • • • • • • Software Development Plan Software Product Specification System Design Document System Engineering Management Plan System Requirements Specifications Interface Control Document System Specification Risk Repository Analysis/Trade Study Report(s) Design Concept Description Lessons Learned Requirements Traceability Matrix – Levels 1 & 2 System Security Plan LCCE Rules of Behavior Bill of Materials Requirements Clarification Document • • • • • • • • • • • • • • Version Description Document Test Report User Manual Training Materials Technical Manual Installation Plan Training Plan Transition Plan Certification Test Plan (ST&E) (Dev) Independent Test Plan for Security Security Implementation Plan General User Security Guide Privileged User Security Guide Certification Package • • • • • • • • • • • • • • • • • • • • • • • • • Installation Drawing Certification Package Accreditation Package Operational Readiness Report Analysis/Trade Study Report(s) Contingency Plan General User Security Guide Independent Test Plan for Security Installation Plan Lessons Learned Privileged User Security Guide Requirements Traceability Matrix – Levels 3 & 4 Risk Repository • • • • • • • • • • • • • • Risk Management Plan Software Installation Manual Software Product Specification System Specification Systems Operations & Maintenance Manual Technical Manual Test and Evaluation Master Plan Test Procedures Test Report Training Plan Training Materials Transition Plan User Manual Version Description Document Deactivation Plan Certification Test Analysis Report (ST&E) (OP) Certification Test Plan (ST&E) (Operational) Penetration Test Report Penetration Test Plan Installation Plan Training Plan Transition Plan Technical Manual • • • • • • • • • • • Operations & Maintenance Design Document System Operations & Maintenance Manual Version Description Document Operational Readiness Report Contingency Plan General Users Security Guide Privileged Users Security Guide Risk Repository Risk Management Plan Analysis/Trade Study Report(s) Lessons Learned • • • • • • • • • • Deactivation Plan • Risk Repository • Certification Closeout Certification Test Analysis Report (ST&E) (Dev) Software Installation Manual Test and Evaluation Master Plan Test Procedures Product (CSCIs) Systems O&M Manual Penetration Test Plan Interconnection Security Agreement Risk Repository Risk Management Plan Analysis/Trade Study Report(s) Lessons Learned Purpose Overview: Overview: Project Level Review Purpose The Mission Needs Review examines the user need or technological opportunity, the deficiencies in the current set of systems, alternative and the proposed solution, and a business case or rationale for further investigating changes to the FBI’s information systems. The “Go / No Go” decision may include incorporation of the need into an existing program or initiation of a new program. Project Level Reviews provide a forum for stakeholders to approve and address project deliverable issues. Records Management [RMD] Provides the processes for obtaining Electronic Record Keeping Certification (ERKC). Enterprise Architecture [OIPP] Provides the processes and structure for implementing change and improving service delivery through more efficient use of IT. Life Cycle Phase: Concept Exploration IT Continuity of Operations Planning (COOP) [OIPP] Manages the operational risk of providing IT systems and services to users. IT Investment Management (ITIM) [OIPP] Provides the mechanisms for Selecting, Evaluating and Controlling IT investments. Supporting Boards: IMPRB IT Acquisition [FD/OIPP] Guidelines for FBI procurement of IT assets. Information Assurance (IA) [SecD] Assure that security engineering is applied through out the lifecycle and provide management with the appropriate visibility. Logistics Ensure support requirements are included for entire lifecycle. System Specification Review (SSR) CMMI is a proven framework for helping organizations reduce project costs while shortening development timelines and improving overall product quality across the Life Cycle CMMI addresses multiple disciplines (systems engineering, software engineering, integrated product and process development, and supplier sourcing). CMMI is useful to identify opportunities for process improvement, benchmarking and improving organizational maturity and capability. Provides a means for the FBI to be recognized as a world class IT organization FBI Goal – Reach Maturity Level (ML) 2 in FY07 and ML3 in FY08 Details in IT LCMD v3.0, Appendix F Source Selection Authorization Review (SSAR) Contract Implementation Review (CIR) Measurement & Analysis (MA) Develop and sustain a measurement capability that is used to support management information needs. Project Planning (PP) Establish and maintain plans that define project activities. Project Monitoring & Control (PMC) Provide an understanding of the project’s progress so that appropriate corrective actions can be taken when the project’s performance deviates significantly from the plan. Requirements Clarification Review (RCR) Manage the requirements of the project’s products and product components and identify inconsistencies between those requirements and the project’s plans and work products. Process & Product Quality Assurance (PPQA) Provide staff and management with objective insight into processes and associated work products. Supplier Agreement Management (SAM) Manage the acquisition of products from suppliers for which there exists a formal agreement. Design Concept Review (DCR) The Design Concept Review is a Technical Progress Review of the decomposition of the system or product (hardware, software, and manual operations). Life Cycle Phase: Design Control Gate: Final Design Review Supporting Boards: TRB Purpose Identify potential problems before they occur, so that risk-handling activities may be planned and invoked as needed across the life of the product or project to mitigate adverse impacts on achieving objectives. Control Gate: Final Design Review Supporting Boards: TRB CMMI ML 3 Process Areas Process Area Control Gate: Final Design Review The Requirements Clarification Review is a joint customer and solution provider review that ensures the solution provider has a full understanding of the requirements for the system or segment and can articulate this understanding through proposed implementations of the requirement. Life Cycle Phase: Design Requirements Management (RM) Preliminary Design Review (PDR) Requirements Development (RD) Produce and analyze customer, product, and product-component requirements. The Preliminary Design Review can be a single event or it can be spaced out over time during the Design Phase to cover logical groupings of configuration items. It is used to prove that the concept and the specification for the concept are feasible and will satisfy the higher level requirements relegated to it, and to approve the preliminary design-to specifications and associated verification plans. All hardware, software, support equipment, facilities, personnel, and tooling should be reviewed in descending order of system to assembly. Organizational Process Definition (OPD) Establish and maintain a usable set of organizational process assets. Life Cycle Phase: Design Organizational Process Focus (OPF) Plan and implement organizational process improvement based on a thorough understanding of the current strengths and weaknesses of the organization’s processes and process assets. Supporting Boards: TRB Organizational Training (OT) Develop the skills and knowledge of people so they can perform their roles effectively and efficiently. Validation (VAL) Demonstrate that a product or product component fulfills its intended use when placed in its intended environment. Verification (VER) Ensure that selected work products meet their specified requirements. Critical Design Review (CDR) Control Gate: Final Design Review The Critical Design Review approves the build-to and code-to documentation, the associated draft verification procedures, ensures that the design presented can be produced, and that when built meets expected design-to specifications at verification. Life Cycle Phase: Design Control Gate: Final Design Review Supporting Boards: TRB Tailoring •Allowed & Expected •Project Manager’s Responsibility •Documented in Project Plan •Reviewed & Agreed to at Control Gate 2 - Acquisition Plan Review Product Test Readiness Review (P-TRR) The Product Test Readiness Review is a series of Technical Progress Reviews at which the customer concurs that the solution provider is ready to conduct official "sell-off” tests during which official verification data will be produced. Life Cycle Phase: Development and Test Considerations •Complexity, Interfaces, Budget, Schedule, Risk, User Needs Control Gate: Deployment Readiness Review Supporting Boards: CMB Typical Approaches •Combination / Elimination of Events; Modification of Reports, Documents, or Deliverables; Phase Iteration • Analysis/Trade Study Report • Concept of Operations (ConOps) • Lessons Learned • Mission Needs Statement Control Gate Gate 1 – SCR System Concept Review Purpose The System Concept Review determines if the project should continue through the Life Cycle using the recommended System Concept of Operations. It ensures Strategic Business Objectives are being met, and that all alternatives have been evaluated for the Mission Needs requested. Life Cycle Phase: Concept Exploration • • • • • • • • • • Analysis/Trade Study Report C&A Boundary & Perimeter C&A Registration Form Contingency Plan Lessons Learned Analysis/Trade Study Report Asset Library Bidders List CARC Assessment DD 254 • Analysis/Trade Study Report • Asset Library • CARC Assessment • • • • • • • • Privacy Impact Assessment Rules of Behavior Sensitive Information & System Security Worksheet System Requirements Specification The Acquisition Plan Review determines if the project should continue through the Life Cycle using the preliminary Systems Specification, Design and Control documents, and the approach and resources required to acquire the system as defined in the Acquisition Plan. Gate 2 – APR Acquisition Plan Review Lessons Learned RFP with Integrated Security Requirements Security Factor Summary Report Source Selection Decision Memo • Lessons Learned • RFP with Integrated Security Requirements • Security Factor Summary Report Supporting Project Level Reviews: Mission Needs Review Life Cycle Phase: Acquisition Planning Supporting Boards: IMPRB, CRB Supporting Project Level Reviews: System Specification Review The Final Design Review determines if the project continues through the Life Cycle using the build-to and code-to documentation and associated draft verification procedures. It also ensures that the design presented can be produced, and that when built meet its expected design-to specifications at verification. Gate 3 – FDR Final Design Review Life Cycle Phase: Design Supporting Boards: TRB, EAB Supporting Project Level Reviews: Source Selection Authorization, Contract Implementation, Requirements Clarification, Design Concept, Preliminary Design, and Critical Design Supporting Boards: TRB Purpose Establish and maintain the integrity of work products using configuration identification, configuration control, configuration status accounting, and configuration audits. Risk Management (RSKM) The Contract Implementation Review is a Project Level Review and is the first Review between the customer and the solution provider following a contract award. Project Level Reviews provide a forum for stakeholders to approve and address project deliverable issues. The CIR establishes the Earned Value baselines if applicable. Life Cycle Phase: Source Selection Configuration Management (CM) Control Gate: Final Design Review Supporting Boards: IMPRB CMMI ML 2 Process Areas Process Area Control Gate: Acquisition Plan The Source Selection Authorization Review is a Project Level Review that approves source selection results and authorizes contract negotiations. Life Cycle Phase: Requirements Development Deliverables Reviewed: Supporting Boards: IMPRB, EAB The System Specification Review is a Project Level Review and is the decision point to proceed with the development of an Acquisition Plan, the allocation of high level system requirements to segment specifications, and the development of Project Plans that will manage the acquisition. Life Cycle Phase: Requirements Development Process Areas - CMMI • • • • • • Control Gate: System Concept Review Supporting Boards: IMPRB Overview: • Facilitated by one of three executive boards: IMPRB, TRB, CMB. • Also supported by other executive boards: EAB, CRB. • All reviews are mandatory. – The Life Cycle Model chosen determines how many times each of the Control Gate Reviews are performed. – Several reviews can be combined into one review (eg., Gates 4, 5, & 6 can be combined into one review) – must be part of the tailoring agreement. • Each Control Gate Review includes a table that provides a framework for everything that should be covered in the review. • Requires PM to obtain Key Stakeholder positions – concur, concur w/conditions, non-concur. PM needs to address all conditions at control gate review. • Includes Project Health Ratings (Cost, Schedule, & Risk). • Details in IT LCMD v3.0, Appendix C. Facilitated/chaired by PM. Stakeholders must be in attendance. Not all reviews are mandatory – can be tailored to meet the project requirements. Includes review of documentation and project status. Each Project Level Review includes a table that provides a framework for everything that should be covered in the review. Results of review must be documented and presented at the appropriate Control Gate Review. Details in IT LCMD v3.0, Appendix D. Mission Needs Review (MNR) Establishes the FBI’s IT strategic planning process. Control Gates are a formal management review process designed to examine and evaluate a project’s work products and approve the approach for continuing the project. Project stakeholders and team members conduct project level reviews during the IT life cycle to ensure the project is meeting stakeholder needs. • • • • • • • Site Test Readiness Review (S-TRR) Bottom Line: • • • • • • • • • Analysis/Trade Study Report Asset Library Bill of Materials Configuration Management Plan Database Design Document Interface Control Document Interface Design Document Lessons Learned Produce a Level 1 Requirements Traceability Matrix • • • • • • • • • • Project Plan Quality Assurance Plan Requirements Clarification Document Solution Provider Risk Management Plan Software Development Plan System Design Document System Engineering Management Plan System Requirements Specifications System Specification Verification & Validation Plan • • • • • Analysis/Trade Study Report Asset Library Critical Performance Measures Database Design Document Design Concept Description • • • • Interface Control Document Lessons Learned Operations and Maintenance Design Document System Design Document • • • • • • • • Analysis/Trade Study Report Asset Library Certification Test Plan (CTP) (Development) Critical Performance Measures Database Design Document Interface Control Document Interface Design Document LCCE • • • • • • • Lessons Learned Operations and Maintenance Design Document Risk Repository System and Security Architecture Design System Design Document System Requirements Specifications System Specification • • • • • • • • • • • • • Analysis/Trade Study Report Asset Library Bill of Materials Certification Test Analysis Report (ST&E) (Development) Certification Test Plan (CTP) (Development) Critical Performance Measures Database Design Document Design Concept Description Independent Test Plan for Security (ST&E) Interconnection Security Agreement Interface Control Document Interface Design Document Lessons Learned • • • • • • • • • • • • • Operations and Maintenance Design Document Requirements Traceability Matrix – Level 2 Rules of Behavior Security Implementation Plan Software Development Plan Software Product Specification System and Security Architecture Design System Design Document System Requirements Specifications System Security Plan System Specification Test Procedures Transition Plan • • • • • • • • • Analysis/Trade Study Report Certification Test Analysis Report (ST&E) (Dev) Certification Test Plan (CTP) (Development) General User Security Guide Independent Test Plan for Security Installation Plan Interconnection Security Agreement Lessons Learned Penetration Test Plan (Development) • • • • • • • • • • Privileged User Security Guide Product (CSCIs) Technical Manual Test Procedures Test Report Training Materials Training Plan Transition Plan User Manual Version Description Document The Deployment Readiness Review determines if the project should proceed with all activities to be performed in deploying the product to the customer. Activities include planning, beta testing, preparation of items to be delivered, packaging, “shipping”, installation, training and support. Gate 4 – DRR Deployment Readiness Review Gate 5 – STRR System Test Readiness Review Life Cycle Phase: Implementation & Integration Supporting Boards: CMB, TRB Supporting Project Level Reviews: Product Test Readiness The System Test Readiness Review determines the readiness to perform official system-wide data gathering verification test for either qualification or acceptance. Life Cycle Phase: Implementation & Integration Supporting Boards: CMB, TRB Supporting Project Level Reviews: Site Test Readiness, Site Acceptance Test The Operational Acceptance Review determines if the project is ready to continue through the Life Cycle based on overall system and product validation, along with the customer acceptance and determination whether the Operation & Maintenance organization agrees to, and has the ability to, support continuous operations of the system. Gate 6 – OAR Operational Acceptance Review Life Cycle Phase: Operations & Maintenance Supporting Boards: CMB, IMPRB Gate 7 – DR Disposal Review Supporting Project Level Reviews: Operational Readiness The Disposal Review determines if the project can proceed with termination of Operation & Maintenance and begin disposal of system resources. Life Cycle Phase: Disposal Supporting Boards: CMB, IMPRB, EAB Supporting Project Level Reviews: Annual Operational Deliverables Reviewed: • • • • • • • Analysis/Trade Study Report Concept of Operations (ConOps) Initial Business Case Information Technology COOP Risk Assessment Information Technology COOP Risk Mitigation Plan Lessons Learned Mission Needs Statement • • • • • • • • • • Acquisition Plan Analysis/Trade Study Report Asset Library Bidders List Concept of Operations (ConOps) Configuration Management Plan DD 254 FBI Risk Management Plan Final Business Case Information Technology COOP Risk Assessment • • • • • • • • • Information Technology COOP Risk Mitigation Plan Lessons Learned Project Plan Quality Assurance Plan Requirements Traceability Matrix – Level 1 RFP w/Integrated Security Requirements System Requirements Specification Test and Evaluation Master Plan (TEMP) Verification & Validation Plan • • • • • • • • • • • • • Analysis/Trade Study Report Asset Library Bill of Materials Certification Test Analysis Report (ST&E) (Development) Certification Test Plan (CTP) (Development) Critical Performance Measures Database Design Document (DBDD) Independent Test Plan for Security (ST&E) Interconnection Security Agreement Interface Control Document Interface Design Document Information Technology COOP Risk Assessment Information Technology COOP Risk Mitigation Plan • • • • • • • • • • • • • • Lessons Learned Operations & Maintenance Design Document Requirements Traceability Matrix – Level 2 Rules of Behavior Security Implementation Plan Software Development Plan System and Security Architecture Design System Design Document System Engineering Management Plan (SEMP) System Requirements Specifications System Security Plan System Specification Test Procedures Transition Plan • • • • • • • • • • • Analysis/Trade Study Report Asset Library General Users Security Guide Independent Test Plan for Security (ST&E) Installation Plan Information Technology COOP Risk Assessment Information Technology COOP Risk Mitigation Plan Lessons Learned Privileged Users Security Guide Product CSCI’s Requirements Traceability Matrix – Level 3 • • • • • • • • • • • • Software Installation Manual System Security Plan Systems Operations & Maintenance Manual Technical Manual Test and Evaluation Master Plan (TEMP) Test Procedures Test Report Training Materials Training Plan Transition Plan User Manual Version Description Document • • • • • • • Analysis/Trade Study Report Asset Library Certification Test Plan (CT&E) (Operational) Installation Drawings Information Technology COOP Risk Assessment Information Technology COOP Risk Mitigation Plan Lessons Learned • • • • • • • Requirements Traceability Matrix – Level 4 System Security Plan Technical Manual Test and Evaluation Master Plan (TEMP) Test Report Training Materials User Manual • • • • • • • • • • • Accreditation Package Analysis/Trade Study Report Asset Library Certification Package Certification Test Analysis Report (CT&E) (Operational) Certification Test Plan (CT&E) (Operational) Contingency Plan Division COOP Plan General Users Security Guide Installation Plan Information Technology COOP Risk Assessment • • • • • • • • • • • • • Information Technology COOP Risk Mitigation Plan Lessons Learned Operation & Maintenance Design Document Operational Readiness Report Penetration Test Plan (Operational) Penetration Test Report Privileged Users Security Guide Software Installation Manual System Security Plan Technical Manual Training Plan Transition Plan Version Description Document • • • • • • Analysis/Trade Study Report Asset Library Deactivation Plan IT COOP Risk Assessment IT COOP Risk Mitigation Plan Lessons Learned The Site Test Readiness Review is a series of Technical Progress Reviews at which the customer concurs that the supplier is ready to conduct official "sell-off' tests during which official verification data will be produced. Life Cycle Phase: Implementation & Integration •Accommodate Both LCMD Intent & Project’s Needs Disposal Control Gate: System Test Readiness Review • Analysis/Trade Study Report • Asset Library • Lessons Learned • Requirements Traceability Matrix – Level 4 • Software Installation Manual • Version Description Document • Analysis/Trade Study Report • Asset Library • Installation Drawings • Lessons Learned • Requirements Traceability Matrix – Level 4 • System Security Plan • • • • Analysis/Trade Study Report Asset Library Contingency Package Lessons Learned • • • • Operational Readiness Report Penetration Test Plan Software Installation Manual System Security Plan • • • • • Analysis/Trade Study Report Asset Library Certification Test Analysis Report (ST&E) (Operational) Certification Test Plan (CTP) (Operational) Lessons Learned • • • • Penetration Test Plan Penetration Test Report System Operations and Maintenance Manual System Security Plan Supporting Boards: CMB Site Acceptance Test Review (SATR) The Site Acceptance Test Review is a Technical Progress Review where the customer organization accepts the system or segment delivered to the site. Life Cycle Phase: Implementation & Integration • Analysis/Trade Study Report • Lessons Learned Control Gate: System Test Readiness Review Supporting Boards: CMB Operational Readiness Review (ORR) Supporting Boards: CMB, IMPRB, EAB The Operational Readiness Review is a Technical Progress Review between the Project Office and the Product User to verify readiness for system validation required by the Operational Readiness Plan developed in compliance with the Mission Requirements and Concept of Operations Document at the project outset. Life Cycle Phase: Implementation & Integration Control Gate: Operational Acceptance Review Supporting Boards: CMB Annual Operations Review (AOR) The Annual Operations Review is conducted by the Operations & Maintenance organization to ensure that the fielded system is continuing to support its intended mission and can be continuously supported, operated and maintained in the future in a cost effective manner. Life Cycle Phase: Operations & Maintenance Control Gate: Disposal Review Supporting Boards: CMB Termination Review (TR) The Termination Review is a Technical Progress Review held at the end of the life cycle to confirm that all disposal activities are complete. Life Cycle Phase: Disposal Control Gate: None • Analysis/Trade Study Report • Asset Library • System Closeout • Lessons Learned Supporting Boards: None Accessible on FBI Intranet at: http://oipp.fbinet.fbi/ppmu/LCMD For more information contact the Office of IT Policy & Planning (OIPP): Process, Policy & Metrics Unit (PPMU)
