APPENDIX 1 REFERENCES

Legislation
PL 89-306 (Brooks Act) 1965. Assigns "sole" procurement authority for Federal ADP resources to GSA. Established ADP Fund (now the Information Technology Fund) making funds available without fiscal year limitation. GSA further delegates authority to Federal agencies. Sets standards to ensure individual privacy is protected. All records on individuals, including those in computers, are to be compiled in lawful manner, be current and available for access by such individuals. Requires such records to be fully protected from unlawful access. Requires agencies to comply with information policies, procedures, and guidelines, including planning reviews and controlling the collection, use, and dissemination of information. Amends the Brooks Act to exclude ADP equipment and services for the direct fulfillment of a military or intelligence mission.

PL 93-579 (Privacy Act) 1974.

PL 96-511 (Paperwork Reduction Act) 1980.

PL 97-86 (Warner Amendment) 1981.

PL 101-511, DoD Appropriation Act - 1991, 1990

Qualifies and legalizes the DoD Ada mandate.

Federal Regulations
Federal Acquisition Regulation (FAR), 1991 edition. DoD Federal Acquisition Regulation Supplement (DFARS) Part 270 (48 CFR 2). Army Federal Acquisition Regulation Supplement (AFARS) Part 70. Federal Information Resources Management Regulations (FIRMR), 1990 Edition. Federal Information Processing Standards Publication (FIPS-PUBS). Unifies procurement regulations of several Executive Branch agencies into a single source.

Applies to management, acquisition and use of ADPE by DoD.

Applies to management, acquisition and use of ADPE by Department of the Army.

Is used in conjunction with the FAR and is the ultimate federal regulation pertaining to FIP. (The term "FIP" incorporates the redefinition of ADP to include telecommunications resources.) The FIRMR is the ultimate FIP regulation.

Official publications relating to standards issued by the National Bureau of Standards for ADP.

OMB Circulars

USACE LCM Manager's Guide - Version 2.0 Appendix 1

March 31, 1996 Page A1-1

Appendix 1 - References

OMB Circular A-11

Provides guidance and procedures to Federal agencies on specific use of budget appropriations references and codes.

OMB Circular A-109, 12 December 1985.

Provides guidance and procedures to Federal agencies concerning the major system acquisitions.

DoD Directives, Instructions, Manuals and Standards

DoD-STD-2167A. Establishes a uniform software development process which is applicable throughout the system life cycle (Note: Superseded by MIL-STD-498). Contains requirements for the establishment and implementation of a software quality program. Incorporates application requirements of MIL-STD-1520 and MIL-STD-1535, and implements the policies of DoDD 4155.1, Quality Program. Limits the number of programming languages used within the Department of Defense to facilitate achievement of the goal of transition to the use of Ada for DoD software development.

DoD-STD-2168A.

DoD Directive 3405.1, Computer Programming Language Policy, 2 April 1987. DoD Manual 4160.19M.

Prescribes procedures for reporting, screening and releasing excess Government-owned ADPE. Provides life cycle management guidance and policy for the safeguarding of classified, sensitive unclassified, and unclassified information processed in AISs. It also provides mandatory, minimum AIS security requirements.

DoD Directive 5200.28, Security Requirements for Automated Information Systems (AIS), 21 March 1988.

DoD 5200.28-STD, Department of Defense Trusted Computer System Evaluation Criteria DoD Directive 5220.28.

Establishes specific DoD standards for ADP systems security requirements at all levels, and procedures for evaluating compliance.

Provides for application of security measures required to protect ADP from damage or theft.

DoD Directive 5400.11-R.

Provides DoD guidance on complying with the system acquisition requirements of OMB Circular A-109 (See OMB Circulars). Specifically cited for information on inter-agency sharing of AIS data.

DoD 7950.1-M, Automated Data Processing Resource

Provides DoD guidance on various aspects of managing DoD ADP resources, including provisions for disposal of ADP assets.

USACE LCM Manager's Guide - Version 2.0 Appendix 1

March 31, 1996 Page A1-2

Appendix 1 - References

Management (C3I). DoD Directive 8120.1, Life Cycle Management of Automated Information Systems (AIS). DoD Instruction 8120.2, Automated Information Systems (AIS) Life-Cycle Management (LCM) Process, Review, and Milestone Approval Procedures, 14 January 1993. DoD 8020.1-M, Interim Management Guidance on Functional Process Improvement, 5 August 1992, w/CH1, January 1993. DoD 8120.2-M, Automated Information System Life Cycle Management Manual (Draft), May 1995. These provisions govern DoD programs, projects, and activities concerned with the design, development, deployment, operation, and acquisition of AIS or FIP resources. Life-cycle management and its phases, milestones, exit criteria at the milestones, and policies governing the acquisition of AISs are all defined. Provides for OSD reviews and approval procedures for major (over $100 million) automated information system development.

Defines the overall functional management process for implementing the Defense Information Management (IM) program within DoD Component organizations. Guidance applies to IM resources and services used for routine administrative and business applications and to command, control, communications and intelligence (C3I) unless specifically excluded by ASD (C3I). Guidance does not apply to AIS/FIP/ADP resources and services integral to weapons systems, weapon testing, or basic DoD R&D. Establishes DoD procedures and documentation requirements to aid AIS program management in successfully managing and documenting LCM activities throughout the acquisition process.

DoD Technical Architecture Framework for Information Management (TAFIM), Defense Information Systems Agency/Center for Architecture, Vols. 18, Version 2.0, JuneAugust 1994.

Provides DoD technical guidance for the evolution of the DoD technical infrastructure. It provides services, standards, design concepts, components and configurations for guiding the development of technical architectures that meet specific mission requirements.

USACE LCM Manager's Guide - Version 2.0 Appendix 1

March 31, 1996 Page A1-3

Appendix 1 - References

Office of the Deputy Assistant Secretary of Defense (Information Management), The CIM Help Disk (CD-ROM Disk), Vol. 2, January 1995.

Contains the most comprehensive set of documents, tools, and guidebooks published in Corporate Information Management (CIM). Includes policies & DoD directives, software reuse, education and workshops, software process improvement, business process improvement, tools, and CIM-general.

ASD(C3I)/Director of Defense Provides DoD guidance on requirements and procedures for conducting a Functional Information, Functional Economic Analysis (FEA). Economic Analysis Guidebook, 15 January 1993. MIL-STD-498, Military Standard, Software Development and Documentation, 5 December 1994. MIL-STD-973, Military Standard: Configuration Management MIL-STD-1521B, Technical Reviews and Audits for Systems, Equipments, and Computer Software Draft standard, currently in DoD agency coordination, issued to create a single DoD software development standard usable for any type of software. Merges three previous DoD standards. Provides increased compatibility with all development strategies, methodologies, and supporting CASE tools, as well as with recent changes in DoD directives and guidance on AIS management. Defines the DoD requirements for configuration management as they apply to defense material items, including both hardware and software configuration items (CIs), for controlling CIs over the system life cycle. Prescribes specific DoD requirements for conducting technical reviews and formal audits on systems, equipment (configuration items), and computer software (AIS-level down to CSCIs).

Army Publications
AR 11-2, Internal Control Systems Provides Army requirements and guidelines for implementing internal controls in systems to reduce or eliminate risks/threats to an information system in the areas of fraud, waste, abuse and security violations. Covers the policies and responsibilities for the conduct of cost and economic analysis throughout the Army. Includes the policies, general guidance, responsibilities and key definitions for the implementation of the Army's Cost and Economic Analysis Program.

AR 11-18, The Cost and Economic Analysis Program, 7 May 1990.

AR 18-7, Data Processing Activity Management Procedures and Standards.

HQDA implementation of DoD Manual 7950.1-M regarding reuse of ADPE.

AR 25-1, The Army Information Resource

Provides guidance for acquisition of ADP for administrative or business applications.

USACE LCM Manager's Guide - Version 2.0 Appendix 1

March 31, 1996 Page A1-4

Appendix 1 - References

Management Program, 18 November 1988. AR 25-3, Army Life Cycle Management of Information Systems, 27 November 1989, and Revised Draft, April 1995. AR 25-8, Army Information Systems Standards Management Program, 1 November 1990. AR 25-9, Army Data Management and Standards Program, 25 September 1989. Provides guidance in performing life cycle management of information systems. (Note: Pending the final revision of AR 25-3, this guide is based on ER 25-1-2, and the requirements of DoD Directive 8120.1, Life Cycle Management of Information Systems (AIS)).

Establishes the Army Information Standards Management (AISM) Program. Provides policy, establishes the structure, and assigns responsibilities for appropriate usage of standards in the required disciplines and environments of the Information Mission Area (IMA) to support IMA interoperability.

Prescribes the policies, responsibilities, and concepts of operation for the management of data used in manual and automated information systems throughout the Army. It includes increasing system effectiveness by controlling data through uniformity and standardization of data elements, database construction, accessibility procedures, system communication, maintenance, and control. Establishes policy and guidelines for maintaining and safeguarding the proper retention level for records (data) that exist in electronic form, including planning factors for supporting such requirements in new or emerging AIS.

AR 25-400-2, The Modern Army Recordkeeping System (MARKS), 26 February 1993 AR73-1, Test and Evaluation Policy, 6 December 1990. AR 380-19, Information Systems Security, 1 August 1990 with Change 1, 4 September 1990. DA Pamphlet 25-2, Information Mission Area Planning Process, 30 April 1991. Da Pamphlet 25-3, Procedures for Life Cycle Management of Information Systems DA Pamphlet 25-4, Information Systems Technical Documentation, 10 April 1991.

Establishes Army policies on creation and execution of test and evaluation programs for mission assets acquired or developed by the Army and its subordinate commands, including requirements for continuous evaluation (CE) programs. Prescribes security policy for the protection of classified and unclassified-sensitive information contained in or derived from telecommunications or automated information systems (TAIS) and non-communications emitters.

Describes the procedures and processes to be used for planning in the Information Mission Area.

Establishes initial DA procedures for implementing the Army's policies on life cycle management of automated information systems.

Describes how to carry out policies and procedures prescribed by AR 25-3 and AR 25-8. It also sums up the requirements for documenting information systems for all Information Mission Area disciplines.

USACE LCM Manager's Guide - Version 2.0 Appendix 1

March 31, 1996 Page A1-5

Appendix 1 - References

DA Pamphlet 25-6, Configuration Management for Automated Information Systems, 13 June 1991. DA Pamphlet 25-6-1, Army Acquisition Planning for Information Systems, 1 July 1991. DA Pamphlet 37-100-95.

Provides guidance and procedures to implement configuration management for hardware and software of automated information systems as promulgated by AR 25-3. It outlines the key baselines for configuration management of the program or project and its life-cycle phase(s). It implements applicable public laws and higher level directives.

Describes the process and procedures necessary to acquire Information Mission Area hardware, software, and services.

Provides information on program funding, including specific data on Element of Resource (EOR) items. Provides procedures and guidelines for test and evaluation of Army systems. Document organized in five parts: Test and Evaluation Procedures Guide; Test and Evaluation Master Plan (TEMP) Format, Review and Approval Procedures; Critical Operational Issues and Criteria (COIC) Development, Review and Approval Guidelines; Development, Test and Evaluation (DT&E) Guidelines; and, Operational Test and Evaluation (OT&E) Guidelines. Provides Army guidance for implementing software test and evaluation (T&E) and continuous evaluation (CE) policies prescribed in AR 73-1 and other DA and DoD directives.

DA Pamphlet 73-1, Test and Evaluation Procedures.

DA Pamphlet 73-7, Army Software Test and Evaluation (Final Draft), 19 January 1996. DA Economic Analysis Manual (USACEAC), August 1992. DA/SAIS-ADW Message 061830Z, March 1992, Development and Maintenance of Army Software. DA/ODISC4 Decision Memorandum, Interim Policy on Accelerated Software Development Project, 6 June 1992. HQDA/SAIS-DP Letter of Instruction for Conduct of Major Automated Information Systems (AIS) Reviews, 3 December 1992).

A guide to developing more accurate cost and economic analyses of Army programs, material systems, facility acquisitions, automated information systems, forces and activities. Delineates Army policy for using in-house and contractor assets in the development and post-deployment support of Army software.

Describes the change in procedures for automated information system oversight from the document-driven traditional milestone method to a process that integrates software engineering tools, software reuse, rapid prototyping, and user involvement.

Sets forth policies and guidance to aid Project Managers (PMs) and their staffs to prepare for MAISRC reviews.

USACE LCM Manager's Guide - Version 2.0 Appendix 1

March 31, 1996 Page A1-6

Appendix 1 - References

HQDA Letter 25-92-1, Implementation of the Ada Programming Language, 18 September 1992. Army Technical Architecture (ATA), Version 4.0 (Prepared by AR Staff, Army Science and Engineering Office, Army Science Board, MACOM's and PEO's/PMs

Amplifies Army policy and guidelines for implementing the Ada programming language as required by DoD Directives 3405.1 and 3405.2, and Public Law 101-511. (supersedes previous DA guidance on Ada issued in 1990).

Establishes a comprehensive set of technical standards for Army systems to promote interoperability.

USACE Regulations and Publications

EC 5-1-49, Corps-Wide Centers of Expertise, 15 April 1995. EC 15-1-16, Information Resources Management Committees, 14 February 1995. EC 25-1-164, Procurement Authority for Federal Information Processing (FIP) Resources, June 1992, Expires 30 June 1993. Engineering Pamphlet 251-6, USACE Command Data Model and Dictionary, 11 February 1991. Defines and designates the centers of expertise that are beneficial to other USACE commands; establishes policy, selection criteria, responsibility, and procedures concerning of the use of centers of expertise by USACE commands. Establishes a permanent committee structure for corporate review and oversight of the USACE Information Resources Management (IRM) Program and details policies, missions, functions, membership, and procedures for each committee.

Establishes procedures for obtaining procurement authority for Federal Information Processing (FIP) resources with the Army Corps of Engineers.

Provides the structure of the Corps' shared data and their definitions. Includes business rules expressed in the data relationships and the dictionary of data elements.

Engineering Regulation 25-1-2, U.S. Army Corps of Engineers Life Cycle Management of Automated Information Systems (AIS), 30 November 1993.

Provides the policies, procedures and responsibilities for the implementation of a Life Cycle Management for Automated Information Systems within the Corps Of Engineers.

USACE LCM Manager's Guide - Version 2.0 Appendix 1

March 31, 1996 Page A1-7

Appendix 1 - References

Engineering Regulation 700-1-1, USACE Supply Policies and Procedures Engineering Regulation 1125-2-301 HQUSACE Information Systems Plan (ISP), June 1984. HQUSACE Information Systems Plan Implementation (ISPI) Report, January 1985. HQUSACE Information Resources Acquisition Handbook, April 1991. HQUSACE/CEIM-L Letter of Instruction for the Conduct of Class V Major Automated Information Systems (AIS) Reviews, 14 July 1994. HQUSACE/CEIM-L Memorandum, Information Mission Area (IMA) Planning Guidance for FY96-FY03, 4 July 1995. USACE Automated Information Systems (AIS) Economic Analysis Handbook, December, 1994. IM Policy Memo 25-1-21, USACE Application Development and Open Systems Environment Policy. Data Administration Activities and

Provides USACE guidance and general provisions for disposal of ADP assets.

Provides information on the use of Plant Replacement and Improvement Program (PRIP) resources, including payback provisions. Analyzes current and future information needs of the Army Corps of Engineers and recommends strategies to improve information resource management.

Provides guidance for the U.S. Army Corps of Engineers in future data base design and application development activities.

Describes how to acquire information resources within the framework of legislative and regulatory IRM requirements.

Establishes initial USACE policy and procedures for supporting the conduct of major reviews for Class V AIS.

Provides USACE planning guidance for development of Requirements Statements (RS) and information pertaining to Geographic/Technical Architectures, (GTA) for the FY96FY03 planning cycle.

Handbook of general guidelines and requirements associated with the preparation of financial analyses for the life cycle management of Automated Information Systems.

Redefines present Automated Information Systems (AIS) development standards, and establishes target standards for the future development, redesign, and modernization of USACE AIS.

Defines the USACE Data Administration Program in terms of its relationship to other information management programs and outlines the roles, responsibilities, and basic skills that are required for personnel performing Data Administration functions.

USACE LCM Manager's Guide - Version 2.0 Appendix 1

March 31, 1996 Page A1-8

Appendix 1 - References

Responsibilities: A Guide, March 1991.

Other Publications
GSA Guidance to Federal Agencies on the Preparation of Specifications, Selection and Acquisition of Automated Data Processing Equipment Systems. GSA Standard Solicitation Document for ADP Systems. GSA Teleprocessing Services Handbook. Functional Economic Analysis Manual, version 2.2a, Institute for Defense Analysis, 1801 North Beauregard Street, Alexandria, VA 22311. GSA guidance on the acquisition of ADP.

Provides clauses and guidance for ADP Systems contracts.

Provides procedures to be followed by Federal agencies in acquiring commercial teleprocessing services (time sharing). Describes general guidelines and requirements associated with the preparation of financial analyses for the life cycle management of Automated Information Systems.

Evaluating and Comparing CASE Tools. Foresite Systems, Copyright 1989, for DataTech Institute.

A synopsis and comparison of the major CASE tools, including their strengths and weaknesses.

Memorandum, Center for Information Management, Washington, DC, Independent Validation and Verification of Data and Process Modeling Methodologies and Tools: Report of Findings, 20 December 1991. Requirements Analysis & Design Tools Report, Air

Discusses and compares several major structured methodologies and CASE tools.

Provides a detailed evaluation of Upper CASE tools and their specific applications, including benefits and limitations.

USACE LCM Manager's Guide - Version 2.0 Appendix 1

March 31, 1996 Page A1-9

Appendix 1 - References

Force Software Technology Support Center (STSC), April, 1992. Software Engineering Methods, Management, and CASE Tools, by Jay Sodhi, TAB Books, 1991. The Three R's of Software Automation: Reengineering, Repository, Reusability, by Carma McClure, Prentice-Hall, 1992. DoD Software Reuse Initiative - Vision and Strategy, July 15, 1992. Life Cycle Management Guidelines, U.S. Department of Commerce, Office of the Secretary/IRM, December 1992. Describes, in current technology terms, software engineering approaches for applications development and an assessment of the tools available for supporting the process.

Provides a comprehensive view of the benefits and methods for evaluating, applying, and supporting the use of existing software packages and capabilities to meet new and emerging operational needs.

Describes the vision and strategy for a DoD initiative which will make a reuse-based paradigm the preferred alternative for developing and supporting software.

Provides a detailed overview of requirements for managing software development within the system life cycle phases, presented from a non-DoD government agency perspective.

USACE LCM Manager's Guide - Version 2.0 Appendix 1

March 31, 1996 Page A1-10

Appendix 1 - References

Conversion Management Handbook, Federal Software Management Support Center, Office of Software Development and Information Technology, General Services Administration (GSA), September, 1989. Conversion Cost Model Handbook (Version 4), (Same as preceding), May 1986. Human Computer Interface Style Guide, Version 2.0, Defense Information Systems Agency, Center for Information Management, September 30, 1992. Data Administration Activities and Responsibilities: A Guide, March 1991. Economic Analysis Manual, US Army Cost and Economic Analysis Center, August, 1993

Provides guidelines on managing the activities and steps required for converting software applications and databases to operate on different information systems platforms.

Presents a methodology for calculating the potential costs of performing a conversion effort that may involve one or more of the technical approaches described in the preceding reference.

Provides a common framework for HCI design and implementation, including definition and documentation of long term goals, objectives, and requirements for HCI in systems design. Establishes application HCI standards compatible with X-Window standards in FIPS Pub 158.

Presents an overview of several requirements within the Corps for conducting data administration activities.

Provides broad, extensive guidance on conducting various types of financial analyses for U.S. Army projects, including identification of specific areas and cost elements applicable to life cycle cost analysis.

"SEI Capability Maturity Model's Impact on Contractors," Computer, IEEE, January 1995. General Records Schedule 20, Electronic Records, National Archives and Records Administration.

Presents information on Software Process Maturity Model developed by the Software Engineering Institute (SEI) at Carnegie Mellon University, and its potential impacts on the future of software development, particularly in private industry.

Provides Federal guidelines on the proper disposition of electronic records, including specified hard copy or microform records integrally related to electronic records.

USACE LCM Manager's Guide - Version 2.0 Appendix 1

March 31, 1996 Page A1-11

Appendix 1 - References

Guidelines for Successful Acquisition and Management of Software Intensive System, Volume 1, Version 1.1, Department of the Air Force, Software Technology Support Center, February 1995. Designing Quality Databases with IDEF1X Information Models by Thomas A. Bruce, Dorset House Publishing, 1991. Managing The Software Process by Watts S. Humphrey, AddisonWesley Publishing Co., 1990. Integrated ComputerAided Software Engineering (I-CASE) Contract Guide, HQ Standard Systems Group (AFMC), I-CASE System Program Office (U.S. Air Force), April 19, 1995. "The SEE Education Program: The Challenge of Teaching Future Software Engineers, " Norman E. Gibbs, Communications of the ACM, Volume 32, No. 5.

Provides comprehensive set of guidelines that covers the full range of AIS software life cycle management activities, from pre-program strategic planning to post deployment software support; includes details on elements of software intensive systems, and the tasks needed to manage large, complex software development projects.

Provides technical instructions on how to approach and implement logical and physical database structures based on IDEF1X data models.

Addresses multiple facets of software development process, including use of formal and informal structures for review of software design and development activities, such as peer inspections.

Provides detailed data on I-CASE products and services available to government agencies through the DoD I-CASE contract.

Provides insights into the distinction between computer science and software engineering as a discipline and the implications of emerging software development methodologies on future needs in education and training.

USACE LCM Manager's Guide - Version 2.0 Appendix 1

March 31, 1996 Page A1-12