NMCI Certification

Within NMCI, the term "certification" refers to the process by which applications/systems are determined or made to be compatible with the NMCI network and its information assurance infrastructure. Due to the NMCI security posture, many commercial hardware and software products either do not function, do not function without modifications and/or special procedures, or present vulnerabilities which must be mitigated before the products are allowed to be used in NMCI. NMCI certification is a matter of functional interoperability within NMCI information assurance constraints. To ensure that only certified items are installed, NMCI does not allow users the ability independently to install software or hardware that requires software or drivers onto their desktops. Therefore, all application components must be packaged and certified and standardized installation documentation developed, if necessary, for deployment onto NMCI desktops. Since "certification" in this context is a verification that an application/system is compatible with the NMCI network, any modifications to a product necessitate recertification of the product's compatibility with the NMCI network.

Certifications are performed at the Commerce Point, San Diego, facility in accordance with the EDS Technical Delivery Life Cycle (TDLC) process.

From an accreditation perspective, NETWARCOM has granted all applications that successfully complete the NMCI Certification Process an Interim Authority to Operate (IATO).

Software Certification

Within NMCI, there are three different types of software that may be deployed. The software can be categorized as follows:

• EDS-Provided Commercial Off-the-Shelf (COTS) - This is software EDS provides to the Department of the Navy as part of an overall services agreement or as optional software products that a claimant may order from the options catalog (CLIN 0023).
• Government-Provided Commercial-Off-the-Shelf (COTS) - This is software the Department of the Navy has purchased and has elected to maintain internally.
• Government Off-the-Shelf (GOTS) - This is software developed by a government agency for the Department of the Navy for specific business operations.

1. Windows 2000 (W2K) or XP compatible
2. NMCI Group Policy Object (GPO) compatible
3. No duplication of Gold Disk (office automation) or NMCI catalog software or services
4. Comply with Department of Navy boundary policies
5. No setup, installation, uninstallation, update, and auto-update tools or utilities
6. No games
7. No freeware or shareware
8. No beta/test software (authorized on S&T Seats only)
9. No application development software (authorized for S&T Seats only)
10. No agent software
11. Gold Disk compatible
12. No peripherals, peripheral drivers, or internal hardware
13. No personal, nonmission- or nonbusiness-related software
14. No 8/16-bit applications

Within NMCI, EDS offers the Department of the Navy services in which hardware peripherals (printers, PDAs, scanners, electronic tablets, hard drives, etc.) can be provided as extra services for each individual desktop. EDS will evaluate hardware peripherals for business suitability and operational compliance within the NMCI environment. If the hardware is determined to be or can be made compliant and is selected for addition to NMCI, then EDS will determine pricing and propose the item for addition to the options catalog (CLIN 0023). Upon acceptance by the NMCI Program Contracts Office and completion of certification and accreditation, the item will be added to the catalog so that it may be ordered by claimants for addition to users' desktops.

Accreditation

EDS maintains the accreditation for the NMCI network. Therefore, all systems/applications (servers and applications residing on servers) connecting to NMCI must be accredited in order to connect and operate. NMCI enforces a formal, standardized process to document and validate all appropriate features and procedures. This process is required of all information systems and is embodied in the Department of Defense Instruction 5200.40, DITSCAP (Defense Information Technology Security Certification and Accreditation Process).

The DITSCAP establishes standard processes, activities, and task descriptions to accredit information systems that will maintain the security posture of the Defense Information Infrastructure (DII). It is a tailorable process designed to certify that an information technology system meets security requirements and that the system will continue to maintain the accredited security posture throughout the system's life cycle. It consists of the following four phases:

1. Definition
2. Verification
3. Validation
4. Post-Accreditation

The result of following the DITSCAP process is that the system/application will be approved to operate in the NMCI environment with the approval of a System Security Authorization Agreement (SSAA) and an Interim Authority to Operate (IATO) or Authority to Operate (ATO) document. It is only with these documents that a system/application will be allowed to operate in NMCI.

NMCI Product Evaluation Center

The Department of the Navy is planning to establish an NMCI Product Evaluation Center (NPEC) for vendors to determine compatibility with NMCI. More information will be provided when the center is operational.

Please be aware that submitting your offering to the Supplier Engagement Process does not automatically certify your solution.