UNCLASSIFIED//
ROUTINE
R 261805Z DEC 18
FM CNO WASHINGTON DC
TO NAVADMIN
BT
UNCLAS
NAVADMIN 315/18
PASS TO OFFICE CODES:
FM CNO WASHINGTON DC//N2N6//
INFO CNO WASHINGTON DC//N2N6//
MSGID/GENADMIN/CNO WASHINGTON DC/N2N6/DEC//
SUBJ/TRANSFORMING OUR END-TO-END INFORMATION ENVIRONMENT - COMPILE TO
COMBAT IN 24 HOURS IMPLEMENTATION FRAMEWORK (CORRECTED COPY)//
REF/A/DOC/CNO WASHINGTON DC/DEC18//
REF/B/DOC/NAVAUDSVC/09MAR2018/NOTAL//
REF/C/DOC/JCS/31AUG2018//
REF/D/LTR/SECDEF CIO/28MAR13//
REF/E/DOC/SECDEF CIO/05DEC17//
REF/F/LTR/CNO N2N6 WASHINGTON DC/01FEB17//
REF/G/LTR/CNO N2N6 WASHINGTON DC/19DEC17//
REF/H/DOC/SPAWAR SAN DIEGO CA/14SEP18//
REF/I/MTG/INFORMATION ASSURANCE TECHNICAL ADVISORY BOARD/19SEP18//
REF/J/DOC/SECDEF/21MAY14//
NARR/ REF A IS THE CHIEF OF NAVAL OPERATIONS DESIGN FOR MAINTAINING
MARITIME SUPERIORITY V2.0. REF B IS NAVAL AUDIT SERVICE (NAVAUDSVC)
AUDIT REPORT N2018-00 21 - NAVY DATA STRATEGY DETAILING NAVYS
INABILITY TO MEET DATA MANAGEMENT AND DATA SHARING REQUIREMENTS AS
SET FORTH IN WHITE HOUSE AND DEPARTMENT OF DEFENSE (DOD) MANDATES.
REF C IS THE CHARTER OF THE JOINT REQUIREMENTS OVERSIGHT COUNCIL
(JROC) AND IMPLEMENTATION OF THE JOINT CAPABILITIES INTEGRATION AND
DEVELOPMENT SYSTEM (JCIDS) MANUAL GOVERNING ASSESSMENTS OF JOINT MILITARY
CAPABILITIES, IDENTIFICATION, APPROVAL, AND PRIORITIZATION GAPS IN
OPERATIONAL CAPABILITIES, AND MANDATES SPECIFIC ADHERENCE TO DOD
ARCHITECTURE FRAMEWORK (DODAF) REQUIREMENTS AND PERFORMANCE PARAMETERS
FOR COVERED SYSTEMS. REF D IS THE DOD MEMO FOR ADOPTION OF THE NATIONAL
INFORMATION EXCHANGE MODEL (NIEM) WITHIN THE DOD, AND ESTABLISHING
THAT MODEL AS THE DOD MANDATED DATA SHARING MODEL. REF E SETS THE SHARING
OF DATA, INFORMATION, AND INFORMATION TECHNOLOGY (IT) SERVICES IN THE
DOD AND ESTABLISHES DOD POLICY, ASSIGNS RESPONSIBILITIES, AND PRESCRIBES
PROCEDURES TO ENABLE A SECURE DATA SHARING ENVIRONMENT THAT SUPPORTS THE
WARFIGHTING, BUSINESS, DOD INTELLIGENCE, AND ENTERPRISE INFORMATION
ENVIRONMENT MISSION AREAS. REF F IS THE NAVY CLOUD FIRST POLICY AND
PROVIDES POLICY FOR PROMOTION, ACQUISITION, AND CONSUMPTION OF COMMERCIAL
CLOUD SERVICES AS PART OF THE NAVY CLOUD COMPUTING STRATEGY. REF G,
THE NAVY COMMERCIAL CLOUD BROKERAGE POLICY, IMPLEMENTS NAVY COMMERCIAL
CLOUD BROKERAGE GOVERNANCE AND DEFINES REQUIREMENT TO ACCELERATE NAVY
ADOPTION OF COMMERCIAL CLOUD TECHNOLOGIES AND SERVICES WHILE
PROTECTING NAVY INFORMATION IN THE CLOUD. REF H, THE SPAWAR C2C24
IMPLEMENTATION STANDARD, DOCUMENTS APPLICATION AND SYSTEM DEVELOPMENT
REQUIREMENTS FOR SOFTWARE APPLICATIONS TO TRANSITION TO A MODERN
SOFTWARE DELIVERY LIFECYLE THAT SUPPORTS WARFIGHTING,BUSINESS, NAVY
INTELLIGENCE, AND ENTERPRISE INFORMATION ENVIRONMENT MISSION AREAS,
AND PROVIDES DATA STANDARDIZATION VIA THE EXTENSIBLE MARKUP LANGUAGE(XML)
STANDARD. REF I WAS THE INFORMATION ASSURANCE TECHNICAL ADVISORY BOARD
(IA TAB) DECISION ON ADOPTION OF EXTENSIBLE MARKUP LANGUAGE (XML) AS
THE NAVY DATA STANDARD. REF J IS THE DOD INSTRUCTION, INTEROPERABILITY
OF INFORMATION TECHNOLOGY (IT),INCLUDING NATIONAL SECURITY SYSTEMS (NSS),
GOVERNING INTEROPERABILITY CERTIFICATION OF SYSTEMS.//POC/WALKER/GG-15/
OPNAV N2N6G32/-/TEL: (571) 256-8543/TEL: DSN 260-8543//
RMKS/1. This NAVADMIN establishes the way ahead for transforming our
enterprise information environment and architecture from shore
through to the tactical edge. It describes key fundamental changes
to how we move, secure, and prioritize information exchange in the
Compile to Combat in 24 Hours (C2C24) framework and its supporting
four pillars. The C2C24 Implementation Framework puts the Navy on the
path to modernizing our data and transport architecture, to include using
commercial industry best practices for software modernization.
Successful implementation of this data centric approach will provide
information in context for decision making to the tactical edge, and
will improve how data are move and used across the enterprise.
It also provides the foundation to leverage future capabilities like
artificial intelligence and machine learning to increase warfighting
lethality and improve readiness (references (a) through (h)).
C2C24 supports the Chief of Naval Operations vision to use commercial
technology and open standards for maximum agility, speed of
capability delivery and joint/coalition interoperability. C2C24,
successfully piloted by SPAWAR for the past year, provides the
standardized way forward to transforming the Navys information
environment through the adoption of a service oriented application
architecture and common standards for data formats and interfaces.
Implementation of the C2C24 Framework will also enable program
managers to significantly reduce Risk Management Framework
accreditation timelines, and will enable improved cybersecurity
monitoring.
2. Information from resource sponsors and program offices for
implementation of a common software delivery lifecycle and data
environment using the C2C24 framework is requested and detailed
below. The Navy will build upon C2C24 piloting to enable
enterprise adoption for appropriate system owners. Successful
adoption and integration of this capability hinges on receiving
detailed feedback from resource sponsors and acquisition
components related to the technical approach piloted by C2C24.
3. C2C24s Implementation Framework Consists of Four Key Pillars:
a. Data Standardization. Establishing a standard way for
authoritative data to be stored once and reused by many allowing
for more efficient transport, and accessibility of
data by all decision makers.
b. Use of Shared Infrastructure Afloat and Ashore.
Decomposition of legacy applications, systems and portals into
agile, secure and streamlined web services using industry
standards and best practices similar to how content is
delivered to smartphones. These services will be hosted on
shared infrastructure.
c. Automation. Maximizing automation of development, security
authorization and approval processes to speed capability delivery.
d. Commercial Cloud. Implementing cloud technologies
afloat and ashore to provide the platform for leveraging advanced
data analytics and synchronization of content. Each of these pillars
is described in more detail in paragraph 7 below.
4. All application owners and content providers are subject to the
data call reflected in this NAVADMIN, including Combat Systems,
Weapons Systems, portal owners and Operational Technology/Control
Systems. Feedback related to C2C24 is requested from all resource
sponsors, Functional Area Managers, and program executive officers
responsible for the development and integration of software
applications. Application owners and program managers are specifically
requested to address information requested in paragraph 9. C2C24
adoption will initially focus on systems hosted by the Consolidated
Afloat Networks and Enterprise Services (CANES) and Agile Core
Services (ACS) however, the technical approach is anticipated to be
applicable to Combat Systems, Weapons Systems, and Operational
Technology/Control Systems. Responses to this NAVADMIN are requested
as follows:
a. Category I. Applications/systems (to include portals) that are
already web based and using shared infrastructure (such as those
applications already hosted on CANES) are best positioned to
transition to the C2C24 framework first. Application owners for
these systems are directed to provide a Plan of Actions and
Milestones (POAM) to DASN C4I and OPNAV N2N6G by 15 March 2019.
This POAM should reflect a plan to sustain current applications
while implementing applications in the C2C24 framework within
24 months. Resource sponsors and program offices shall identify
where existing funding could be used to support refactoring and
modernization. If migration to C2C24 is not possible within 24
months using existing funding, application owners should identify
what additional support and/or resources are needed.
b. Category II. Applications and systems not covered under category
I are directed to provide to DASN C4I and OPNAV N2N6G by 15 March
2019 an assessment of required actions to implement C2C24.
Application and system owners should specifically address their plans
to expose their data and share data for reuse per the C2C24 framework
and relevant policy specific to the use of the subject data.
Identify potential barriers to implementation to be removed (may be
technical, policy, architectural, contractual, financial, or other).
If implementation is feasible, provide a POAM for modernization and
identify what additional support and/or resources are needed.
5. OPNAV will organize systems into mission capability areas and
review the POAMs to ensure system IT architecture, cybersecurity
/Authority to Operate (ATO) Accreditation, and data management
compliance with the Net Ready Key Performance Parameters (NR-KPPs)
per reference (c), coordinate a prioritized mission-based allocation
of requirements, costs, dependencies, risks and timelines in phases,
and remove barriers necessary to implement C2C24. The results of the
reviews will be used to inform program requirements, POM planning,
and other priorities.
6. For service oriented architecture used in the afloat environment,
application and system owners will also identify their requirements
for use of the shared infrastructure (described below), to include
information exchange requirements for ships in port and those
underway so satellite and pier infrastructure bandwidth can be
properly scoped. To assist content/application owners with producing
their POAMs:
a. Detailed C2C24 Implementation Standard developers guidance is
provided in reference (h), and PMW160 is promulgating the CANES
Agile Core Services (ACS) Developers Guide in December 2018 (draft
is available now at https://confluence.di2e.net/display/ACS3ext/) to
help capability developers understand how to build in this
environment.
b. A C2C24 Developers Working Group meeting was held 16-18 October
2018 for all Navy Program Management Offices (PMO), system owners,
application developers, and content providers to go through the
development process in detail. Another Developers Working Group
is being scheduled for Spring 2019. The details of the second event
will be announced via a separate NAVADMIN.
c. Subject Matter Experts are available to meet with application
owners and program offices to provide advice on refactoring
applications to align with the C2C24 framework.
7. C2C24 Implementation Framework and Four Pillars in Detail.
a. Data Standardization. Data will be standardized using Extensible
Markup Language (XML) IAW references (h) and (i). Exceptions will be
made when it is demonstrated that there is an operational requirement
for use of a different data format (i.e., a legacy combat or control
system). XML is a leading industry data standard format that provides
many benefits in one format in addition to the meeting inter-agency
data exchange requirements directed in references (b) through (d).
As a leading industry open standard for describing data, XML benefits
include:
(1) Enables maximum use of commercial products built to this standard
for improved interoperability and easy of meta-tagging data
(2) Improves cybersecurity at the data element layer by using the XML
Security Assertion Markup Language (SAML) protocol
(3) Improves Quality of Service for precision prioritization of data
transfer to the tactical edge
(4) Enables compression of data using the XML EXI specification for
efficient bandwidth usage over limited satellite communication
channels
(5) Mitigates data communication satellite based-latencies
(6) Enables use of National Security Agency approved cross-domain
XML data guards for movement of data between networks of different
classifications. References (b) through (e), require the movement
and transformation of data through distributed, automated data
exchange and brokerage mechanisms that is durable, resilient, and
fault tolerant. XML meets those requirements. Additionally, to
enable more robust data analytics, even systems that cannot use XML
for their primary function (i.e., a legacy weapon or control system)
can still provide an EXI compressed XML archival record of the non
-XML data for integration into the DON cloud-based Data Enterprise
per reference (f).
b. Shared Infrastructure Pillar. This pillar establishes a drop
code, not boxes IT development and delivery model for
accelerated capability delivery. In Phase I of C2C24, shared
infrastructure afloat will be provided by the CANES program and
ashore via the approved cloud offerings coordinated through Navy
authorized cloud brokers (reference (g)). Shore based web
services will be hosted in commercial cloud. Focus of effort
from content providers is on delivering software code for new
capabilities quickly and securely rather than delivering
hardware and systems. For content/application owners providing
services afloat, use of the CANES shared infrastructure
alleviates the need for costly and time consuming processes for
systems authorization and approvals for integrating hardware
afloat that slow speed to capability for the Fleet. Full use
of the CANES environment afloat, including CANES Agile Core
Services (ACS) defined in reference (h), as the baseline
development target has the following benefits: Reduces the
cybersecurity attack surface and maximizes use of afloat
enterprise security services, enables improved defense in depth
and cybersecurity monitoring, and maximizes availability and
integrity of operational data in a denied environment. Content
owners that currently provide their own hardware and could
transition to CANES will stop new development of their
application in the legacy construct and supporting hardware as
they transition to this C2C24 Framework, and will sustain
their current infrastructure only until all afloat platforms
that use their services can access them via CANES. CANES ACS
provides the needed data analytics services for the data
centric approach as well as the Platform as a Service
(PaaS) to enable rapid development and deployment of applications.
This will significantly reduce workload and complexity for
systems administrators and Sailors afloat. Follow on phases
of C2C24 will address non-CANES platforms that are unable to
migrate to CANES.
c. Automated Security Authorization and Functional Testing
Pillar. Implementation of the automation pillar drives
standardized processes, reduces development, testing, fielding
and authorization costs, eliminates duplicative
hardware, software and other physical infrastructure, and
re-engineers or eliminates existing costly and time consuming
processes for fielding capability. C2C24 has established a
cloud-enabled CANES DevelopmentSecurityOperations
(DevSecOps) environment for all content providers to use, adopting
commercial industry best-practices for software development by
implementing secure coding methodologies into development and
deployment code. The DevSecOps environment for shore based
applications to be hosted in the cloud is under development
with operations to commence in Spring 2019. Through automation
of our core business processes, there are anticipated cost and
time gains of up to 15 percent or more as we commence effort to
full execution. By standardizing the development, data and
fielding, existing processes can be eliminated or streamlined
and automated. For example, existing security accreditation
and authorization processes have been adapted by the Program
Offices and Navy Authorizing Official (NAO) to leverage this
new framework for process reform, automating functional and
security testing. The NAO approved a Rapid Assess and
Incorporate Software Engineering in a Day (RAISED) process
that enables applications owners compliant with references
(h) to use automated security authorization testing to
significantly reduce the cost and time associated with
fielding their capability. It provides an automated fast
lane to obtain a Risk Management Framework
(RMF) authorization decision for the modern cloud-based
containerized code developed in accordance with reference
(g), and using CANES ACS services. A software security tool
chain is available in the cloud as a fee for service model
as part of the RAISED process and more information about it
can be found in reference (h).
d. Use of Commercial Cloud Pillar. References (f) and
(g) establish Navy policy for the use and acceleration for
promotion, acquisition and consumption of cloud technologies and
services. This pillar provides Program Management Offices
(PMOs) the ability to leverage the benefits of using cloud
technologies and best practices to develop capability, store, use,
and move data. C2C24 recognizes that current cloud offerings and
implementations have technical limitations, and vary across
classification domains. Adoption of C2C24 will ensure that Navy
can quickly and seamlessly integrate cloud capabilities as they
become available. The Navy will be able to leverage cutting edge
commercially provided tools in the cloud for big data analytics
and reuse of authoritative data for multiple purposes across the
enterprise. In the C2C24 framework, the commercial cloud is used
for hosting and production, application development, and as a test
and integration environment. The C2C24 team in coordination with
the CANES program office established a CANES development and test
environment in the cloud for PMOs to reduce the cost and complexity
associated with current development and test processes. The
development environment for development and operations of shore
based web services in the cloud will be available in Spring 2019.
PMOs will use cloud for data storage and to maximize data sharing
for the purpose of data analytics and artificial intelligence.
8. Applicability. This NAVADMIN applies to all Navy systems,
including business, warfighting, control systems and portals that
move data between shore sites and Navy platforms on, under, and
above the sea. While C2C24 is primarily focused on unclassified
and secret General Service (GENSER) networks, commonality across
the enterprise is the goal, and the Navy will leverage existing,
Intelligence Community (IC)-provided Top Secret/Sensitive
Compartmented Information (SCI) infrastructure to get to a common
solution across all classification domains as quickly and seamlessly
as possible.
a. Warfighting and Combat Systems. Warfighting systems are NSS, as
defined by 40 USC 11103 (a)(1)(B), (C), (D), or (E). The intent is
for combat and warfighting systems to adopt the C2C24 Implementation
Framework for better integration into the overarching network and the
data analytic environment. At a minimum, system owners are expected
to expose their data and share it for reuse as previously described,
in accordance with relevant policy concerning the use and rights to
specified data. Follow on guidance will be provided after the NR-KPP
review based on the information provided by these systems in response
to this NAVADMIN.
b. For CANES hosted systems/applications, ensure system new starts
or modernization efforts develop new capabilities in accordance with
the C2C24 Framework articulated in references (b) through (i).
Non-CANES systems that are hosted by or interfaced with another
afloat network shall develop a plan to migrate to CANES.
c. All manned and unmanned (UX) warfighting systems deployed as
sensor platforms, shall provide modernization plans that allow
for collected sensor data to be to be transmitted, post mission,
to an enterprise data lake IAW C2C24 data standards.
d. All systems currently in development are subject to the C2C24
data call to meet the same timeline for execution of their
capability in the C2C24 framework. Systems currently in
development or in sustainment will identify changes that would
be required make such systems compatible with the C2C24 construct
and timeline. Current systems with joint information exchange
requirements and/or joint information exchange interfaces need to
verify their certification status (four years from the date of issue)
per reference (j), and apply for certification and/or
re-certification as required. Systems under development if it is
determined that they will have joint information exchange requirements
will follow the same referenced instructions. Systems under development
that will not have joint information exchange requirements may apply
for a waiver to policy per reference (j).
9. Required Actions. Application owners will provide the following
information for each system under their resource control, including a
POAM that describes their plan to decompose their existing
application or portal within 24 months in accordance with the C2C24
Framework specifications in reference (h). In support of the
NR-KPP review, within 90 days, all program managers and application
owners shall provide the following information to OPNAV N2N6 via
this tasker link https://portal.secnav.navy.mil/orgs/OPNAV/N2N6
/DDCION/C2C24/SitePages/Home.aspx.
a. For Category I systems, provide POAM to migrate
systems/applications/portals to the C2C24 framework within the next
24 months. PMs should show how they will reallocate existing FY19-20
fundingto cease development in non-compliant frameworks and migrate to
the C2C24 Framework. If the program cannot meet the 24-month timeline,
provide an alternative POAM based on the existing BES-20 resource profile.
Identify risks, if any, under this approach.
b. For Category II systems, provide an assessment of what would be
required to implement C2C24, specifically addressing the ability to
expose data and share it for reuse per the C2C24 framework. Identify
risks, if any, under this approach.
c. Identify any barriers to migration and what help is needed across
DOTMLPF to overcome them. Specifically, identify any resources
required in the POM-21 FYDP to meet or accelerate migration. These
resources may include identification of specific knowledge, skills,
and expertise in the form of identified training requirements as well
as resources required for the refactoring of software codebase and
retooling of development, and hosting environments.
d. Subject Matter Expert (SME) Point of Contact (POC) capable of
responding to resourcing and technical specification questions on the
system/application/portal.
e. System/application/portal name, and if the system used both
afloat and ashore.
f. System Department of the Navy Applications and Database
Management (DADMS) registration number, if the system is registered,
or DADMS placeholder identifier X9999, if the system is not
registered. Additional guidance on registration of systems in DADMS
for C2C24 purposes will be provided via NAVADMIN.
g. Data formats currently generated or received by the system.
h. Communication requirements of the system, specifically for afloat
applications anticipated amount of data that would be exchanged
/synchronized between the afloat and ashore clouds while the unit is
in port and what would need to be exchanged/synchronized over satellite
links. This will enable engineers to properly scope afloat and pier
bandwidth connectivity services.
i. Mandatory connectivity latency or computational latency factors
KPPs (Quality of Service requirements).
j. Software language, including the current and future software
development environment approach used for the system.
k. For afloat capability, identify required shared infrastructure
capacity to support the processing and storage of data.
Content providers should estimate this based on their user
requirements over the next 3-5 years.
l. Resource expenditures on sustaining the current as-is (non-C2C24)
code for the system while executing a transition to C2C24.
m. An estimate of resource requirements for sustaining the system
after it has transitioned to the C2C24 Framework. Resource
requirements may include identification of specific knowledge,
skills, and expertise in the form of identified training
requirements.
n. System related requirements that will be eliminated from the PMO
once transitioned to C2C24 (i.e., standalone or unique application
testing labs).
o. Additional technical data reporting requirements will be
identified by the technical developers community of interest and data
collection clarifications will be addressed at the Spring 2019
Developers Working Group Meeting.
10. Understanding that this is a significant transformation effort
across Navy, and will require iteration to accelerate adoption, N2N6G
will lead monthly retrospectives that will seek to clarify feedback
and adoption. Initial sources for this first phase of identifying
transition plans:
a. The SPAWAR C2C24 Implementation Standard can be downloaded
from https://go.intelink.gov/d8X1R2g.
b. Contact Ms. Delores Washburn for advice or questions related
to transitioning existing applications to the C2C24 framework.
Commands may contact Mr. Rick Jack to arrange for one-on-one
assistance and to discuss options best suited to program needs
from a cadre of software subject matter experts on a fee for
service basis.
11. Additional points of contact:
a. C2C24 Policy: RDML Danelle Barrett, Navy Cyber Security Division
Director, Office of the Chief of Naval Operations, at comm: (571)
256-8505 or email: danelle.barrett@navy.mil.
b. C2C24 Execution and Implementation: Mr. Joseph T. Walker, C2C24
Executive Lead, at comm: (571) 256-8543, DSN: 260-8543, or
email: joe.t.walker@navy.mil.
c. C2C24 Technical Requirements and advice: Ms. Delores Washburn,
C2C24 Implementation Executive, at comm: (619)553-6798, or
email: delores.washburn@navy.mil.
d. C2C24 Developers Implementation Framework: Ms. Delores
Washburn, C2C24 Implementation Executive, at comm: (619) 553-6798,
or email: delores.washburn@navy.mil.
e. C2C24 Cadre of Software Experts: Mr. Rick Jack, SSC PAC
Software Senior Scientific Technical Manager, at comm: (619) 553
-3840, or email: richard.jack@navy.mil.
f. NAVADMIN Data Reporting Clarification: Mr. Joseph T. Walker,
C2C24 Executive Lead, at comm: (571) 256-8543, DSN: 260-8543, or
email: joe.t.walker@navy.mil.
g. DADMS Registration Clarification: Ms. Brooke Zimmerman, OPNAV
N2N6G31 Portfolio Management, at comm: (571) 256-8521,
DSN: 260-8521, or email: brooke.zimmerman@navy.mil.
h. C2C24 RMF Raised: CAPT Vincent Augelli, OPNAV N2N6G5
Cybersecurity Director, at comm: (571) 256-8422, DSN: 260-8422, or
email: vincent.a.augelli@navy.mil.
i. Application Integration: Mr. Brian Miller, PEO C4I, PMW-160 CANES
Application Integration Support APM, at comm: (619) 524-7592 or
email: brian.miller5@navy.mil.
12. Released by VADM Matthew J. Kohler, Deputy Chief of Naval
Operations for Information Warfare, OPNAV N2N6 and
VADM Michael T. Moran, Principal Military Deputy to
Assistant Secretary of the Navy for Research, Development and
Acquisition.
BT
#0001
NNNN
UNCLASSIFIED//