Revision

Description

Date

Approved

A

Updated Trusted Traveler definition; added Operational Node definitions; changed cover page

12 November 2010

Rick Vien

B

Incorporated customer comments – ‘Pedestrian Access Granted Process’ operational node definition added.

10 December 2010

Rick Vien

C

Removed RFID as per ECP 03

25 July 2011

Rick Vien

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

3DES

Acronym

Triple Data Encryption Standard

Access Control

AIE System/Node

The process at a military installation that manages the system administration and vetting process of military personnel requesting entry to the site.

Access Lists

Need Line

Lists that allow/deny access to installation. Can be local, national or international i.e., Force Protection Condition (FPCON), local base list, etc.

Access Results

Need Line

The vetting results of a credential query to determine an entrant's authorization at a military installation.

ACP

Acronym/Term

Access Control Point. A corridor at the military installation entrance through which all vehicles and pedestrians must pass when entering or exiting the installation. An ACP is sometimes located within the installation perimeter to provide access control to an area within the installation. The perimeter of the ACP consists of both passive and active barriers arranged to form a contiguous barrier to pedestrians and vehicles.

ACP Monitoring

System Function

Access Control Point (ACP) Monitoring. Provides domain level monitoring of the ACP.

ACPEP

Acronym

Access Control Point (ACP) Equipment Program. The equipment located at each ACP that controls the access of motorized and pedestrian traffic at the military installation sites.

ACPP

Acronym/Term

Access Control Point (ACP) Program. The program implemented post 9/11/2001 by the Joint Program Executive Office for Chemical and Biological Defense (JPEO-CBD) that involves the security, standardization, and automation of ACPs throughout Continental United States (CONUS) and Outside the Continental United States (OCONUS) military installations. At the core of the program is the Automated Installation Entry (AIE) program, which provides an automated vehicle/personnel entry control system to increase security by vetting operator credentials to identify military personnel who have authorization to gain access at the site.

Active Vehicle Barriers

Element

Barriers that are controlled by Access Control Point (ACP) guards and must be utilized in each inbound and outbound lane to permit or deny vehicle access.

AES

Acronym

Advanced Encryption Standard

AIE

Acronym

Automated Installation Entry.

Alarm Data

Need Line

Alarm data sent to the Installation Alarm Monitoring system.

Alarm Reporting

System Function

Reporting alarms within the Network Monitoring domain.

Allow/Deny Access

Operational Node

Allow or deny physical access for user/vehicle to the installation. OV-5 reference #17.

AT/FP

Acronym

Anti-terrorism/Force Protection.

ATO (DIACAP)

Acronym

Authority To Operate Defense Information Assurance Certification and Accreditation Process.

Authentication (of credentials)

Term

The process of ensuring that the presented credential exists in the registration database, generally performed when the entrant enters the lane.

Authoritative Databases

Term

The official databases used for authentication of an entrant's credentials: Defense Enrollment Eligibility Reporting System (DEERS), Centralized Operations Police Suite/Vehicle Registration System (COPS/VRS), and National Crime Information Center (NCIC)).

Authoritative Source

Term

A database or other information source that contains the definitive information of its kind and is maintained by an authorized government entity. Examples include the Defense Enrollment Eligibility Reporting System (DEERS) database for DoD employees, Common Access Card (CAC) holders, and the National Crime Information Center (NCIC for federal criminal information. A state database may be an authoritative source for state-level criminal information and an installation may be an authoritative source for locally-issued credentials.

Automated Lane

Term

A lane at an Access Control Point that has the AIE system installed and operating.

Biometric

Term

A unique and measurable characteristic of a human being used to identify an individual. Examples include fingerprints, hand geometry, retina, and iris patterns. For the AIE Increment 2 Enterprise System program, facial recognition will not be used as a primary form of biometrics.

BIT

Acronym

Built-In-Test. A mechanism that permits a machine to test itself.

BOE

Acronym

Basis of Estimate. Developed from the Work Breakdown Structure (WBS) to estimate hours needed per task.

CAC

Acronym

Common Access Card. A United States DoD smart card issued as a standard identification for active-duty military personnel, reserve personnel, and eligible non-military personnel for authentication and access to DoD computers, networks, and certain DoD facilities.

Capture and Store Video

Operational Node

Video is captured at vehicle and/or pedestrian lanes, presented to guard via lane display, and stored in the Network Video Recorder (NVR). OV-5 reference #13.

Civilian

Term

An individual not in the US military.

CLIN

Acronym

Contract Line Item Number. Used in the identification and bidding process of federal contracts.

Compare User Data and Record

Operational Node

Confirm authentication by comparing the retrieved record for the user to the real-time data provided at the lane to include the streaming video recorded during ingress. OV-5 reference #16.

Computing Subsystem

Subsystem

The computing subsystem that encompasses all computer processors and associated peripherals included in the system. These components perform the computational tasks necessary for registration, vetting, user verification, user data storage, lane display functions, and custom reporting.

CONOPS

Acronym

Concept of Operations. Used to describe the characteristics of a proposed system from the viewpoint of the individual who will use the system. A CONOPS is used to communicate the quantitative and qualitative system characteristics to all stakeholders and is typically used in military and government services.

CONUS

Acronym

Continental United States.

COPS/VRS

Acronym

Centralized Operations Police Suite/Vehicle Registration System.

The Centralized Operations Police Suite (COPS) was created to assist military and DoD police departments in creating and maintaining police reports, incident management reports, and traffic violation summonses. The COPS system also maintains soldier, family, retirees, and specific DoD component employee information, including DoD registered vehicle information. Temporary passes for base access can also be issued through the system.

The Vehicle Registration System (VRS) is a module within the COPSthat is used to store registered vehicle data and persons authorized to access military installations. VRS also contains data on registered weapons, bicycles, pets, and individuals who are not authorized to access the installation.

COTS

Acronym

Commercial Off The Shelf.

Creating Vetting Log

Operational Node

Start the vetting process by sending a query with personal data to an external authoritative database for vetting. OV-5 reference #7.

Credential Query

Need Line

A query based on the credentials provided by an individual requesting access, from the Facility to the Enterprise System.

Credential Query Results

Need Line

The results of a credential query returned from the Enterprise System to the Facility.

Credential Reader

Term

A device used to read a presented credential. Examples of individual credential readers include a Common Access Card (CAC) reader or Personal Identification Number (PIN) pad.

Credentials

Need Line/ Term

A form of identification, sometimes including biometrics, used to uniquely identify either an individual. Examples of individual credentials include a Common Access Card (CAC) or Personal Identification Number (PIN).

Data

Need Line

Information sent to an Access Control Point including pictures, data, and validation information.

Data Management

Node

The system that receives the user's personal data for vetting and issuance of credentials. Includes services related to user data and administration functions.

Database Replication

System Function

The process of creating, managing, and synchronizing duplicate versions of a database.

DBID

Acronym

Database Identifier. A unique identifier found in all data file headers, used to identify the database to which a file belongs.

DCI

Acronym

Dry Contact Closure Interface

DEERS

Acronym

Defense Enrollment Eligibility Reporting System (DEERS). A database that stores over 23 million records pertaining to active duty personnel, reserve, military retirees, and dependents who are eligible for TRICARE benefits. DEERS is comprised of the National Enrollment Database (NED), the Person Data Repository (PDR), and several satellite databases. Active-duty and retired service members are automatically registered in DEERS, and have access to the system using their DoD smart card.

Dependent

Term

An individual who is supported by a person on active duty.

DIACAP

Acronym

Defense Information Assurance Certification and Accreditation Process. An Information Systems standard issued by the DoD to ensure a standard set of activities, general tasks, and management practices for risk management within a system’s life cycle.

Display Engine

Element

The AIE Increment 2 Enterprise System windows application with a Graphical User Interface (GUI) that interfaces with local, state, and federal third-party databases to vet driver and pedestrian information and grant access to authorized military personnel at the installation's Access Control Point (ACP).

DMV

Acronym

Department of Motor Vehicles. The state-level government agency that administers vehicle registration and driver licensing throughout the United States.

DoD

Acronym

Department of Defense (United States).

ECP

Acronym

Engineering Change Proposal

EDIPI

Acronym

Electronic Data Interchange Personal Identifier. A unique ten-digit number that's assigned to a record in the United States DoD DEERS database. The EDIPI is located in the barcode on the front of the CAC card, the barcode on the back of the card, and in the integrated circuit chip embedded in the card itself. The first nine digits are assigned unique numbers with the 10th digit being a check digit for the identifier.

EDIPI/FASCN

Acronym

Electronic Data Interchange Person Identifier/Federal Agency Smart Credential Number.

EIMS

Acronym

Enterprise Identity Management System.

Encrypted Communications

Industry Term

Communications or data that have been converted or ciphered into a secret code for transmission.

Encrypted Data at Rest

Term

The translation of stored data or data that is not accessed or frequently changed into a secret code to achieve data security.

Enrollee (Permanent Party)

Term

A user that is allowed indefinite access privileges onto a site.

Enrollment

System Function

Registration domain that supports the enrollment process.

Enrollment Record

System Data

The complete set of data stored for a given user during the enrollment process.

Enrollment Workstation

Element

The on-site location housing the enrollment workstation and pre-registration station where permanent parties and visitors can be enrolled or pre-registered in the AIE Increment 2 Enterprise system database.

Enterprise Data Center

Term

The physical location housing an AIE Increment 2 Enterprise System enterprise server set.

Enterprise Server

Term

A computer containing programs that collectively serve the needs of an enterprise rather than a single user, department, or specialized application.

Entry Gate

Element

A gate capable of securing entrance to an Access Control Point (ACP). The entry gate must provide the same level of protection as the adjoining perimeter and appear to resemble the adjoining perimeter fence and/or barriers.

External Agencies

Node

External authoritative entities that user personal data is vetted against, i.e., Defense Enrollment Eligibility Reporting System (DEERS), Centralized Operations Police Suite/Vehicle Registration System (COPS/VRS), etc.

FAR 3.104-4

Term

Federal Acquisition Regulation. The disclosure, protection, and marking of contractor bid or proposal information, and source selection information guidelines for protecting bids and proposals from unauthorized disclosure.

FASCN

Acronym

Federal Agency Smart Credential Number.

FIPS

Acronym

Federal Information Processing Standard

FOUO

Acronym

For Official Use Only.

FPCON Levels

Acronym

Force Protection Condition levels. The measures assigned by the United States terrorist threat system, overseen by the DoD, to protect US military facilities against the current levels of terrorist threats.

Generate Access Control Reports

Operational Node

System access control reports are produced. OV-5 reference #24.

Generate Registration Reports

Operational Node

System registration reports are produced. OV-4 reference #23.

HMI

Acronym

Human Machine Interface

HSPD

Acronym

Homeland Security Presidential Directive

IAFIS

Acronym

Integrated Automated Fingerprint Identification System.

ICIDS

Acronym

Integrated Commercial Intrusion Detection System.

IDIQ

Acronym

Indefinite delivery/indefinite quantity. A type of contract that provides for an indefinite quantity of supplies or services during a fixed period of time with its legal origin deriving from the Federal Acquisition Regulation (FAR), section 16.501(a).

IMM-DEERS

Acronym

Identity Management Middleware for Defense Enrollment Eligibility Reporting System (DEERS).

Implement Integrated Traffic Hold

Operational Node

Procedure to stop all lane traffic for turn-around and search exceptions. OV-5 reference #18.

Implement Re-Vetting Schedule

Operational Node

Ensure that re-vetting process is periodically initiated as required for each user for each external authoritative database. OV-5 reference #9.

Initial Vetting

System Function

Vetting domain that starts the vetting process.

Initiate Vetting Request

Operational Node

Start the vetting process by sending a query with personal data to an external authoritative database for vetting. OV-5 reference #6.

Installation

Term

Army facility, military base, fort or reservation.

Installation Alarm Monitoring System

Node

System that monitors all installation alarms including those from AIE.

Integration Kit Subsystem

Subsystem

Provides mechanical infrastructure and electrical power needed to support the AIE system.

JGS

Acronym

Joint Gatekeeper Service. Provides middleware services, providing a conduit for information exchange between external authoritative databases and Commercial Off the Shelf (COTS) Access Control Systems.

JPEO-CBD

Acronym

Joint Program Executive Office for Chemical and Biological Defense.

Lane

Term

An individually unique access corridor at the Access Control Point (ACP) that allows motorized vehicles to enter the installation.

Lane Control Subsystem

Subsystem

Consists of all lane control hardware needed during Access Control Point (ACP) processing. This subsystem reads credentials, provides notifications and credential verification information to the user, and allows or denies access to the installation.

Lane DB

Data Repository

Lane record database.

Law Enforcement

Term

Local and state agencies used for vetting users.

Local Credential

Term

Locally issued and authorized credential for providing short term access for visitors and guests.

Manage Installation FPCON Levels

Operational Node

The AIE Increment 2 Enterprise System automatically modifies the access permissions of each user based upon the current Force Protection Condition (FPCON) level stored in the system. OV-5 reference #1.1.

Manage Negative Access Lists

Operational Node

Security Officer maintains a negative access list for users that are to be denied access to the installation. OV-5 reference #1.2.

Manage User Privileges

Operational Node

Security Officer modifies the access levels of each individual user as needed, to include revocation of privileges, and modifications to trusted traveler privileges. OV-5 reference #2.

Manual Lane

Term

A lane at an Access Control Point that does not have the AIE system operating. The lane could have the AIE system installed, but not in use.

Match Score

System Data

A numerical result indicating the degree to which a presented biometric template matches the corresponding stored biometric template in the system for a given record.

Monitor Pedestrian and Vehicle Lane Security

Operational Node

Process of guard viewing vehicle and/or pedestrian lanes including video display. OV-5 reference #25.

MSDN

Acronym

Microsoft Developers Network

National Terrorist Watch List

Term

Compilation of various watch lists and screening systems.

NCIC

Acronym

National Crime Information Center. The United States' centralized database for tracking crime-related information. The NCIC database is used to assist authorized agencies in apprehending fugitives, locating missing persons, locating and returning stolen property, and protecting law enforcement officials in their daily encounters with fugitives. The NCIC database was developed in 1967 and is maintained by the Federal Bureau of Investigation's Criminal Justice Information Services Division. The database is accessible by federal, state, and local law enforcement agencies, and is operational 24 hours a day, 365 days a year.

Needline

Term

The requirement or flow of information between collaborating operational nodes within the Department of Defense Architectural Framework (DoDAF) from one node to another.

Network Monitoring

AIE System

Network management term that describes a system that continuously monitors a network and notifies a network administrator through messaging systems when a device fails or an outage occurs.

Network Subsystem

Subsystem

Provides the infrastructure for communications across the entire enterprise network. This subsystem provides all required encryption and security for data transmissions.

NFPA

Acronym

National Fire Protection Association. A US-based organization (with a few international members) responsible for creating and maintaining minimum standards and requirements for fire prevention and suppression, training, and equipment. NFPA also provides other life-safety codes and standards and includes everything from building codes to the personal protective equipment utilized by firefighters while extinguishing a blaze.

NIPRNet

Acronym

Non-classified Internet Protocol Router Network. Used to exchange sensitive, unclassified data between internal and authorized external users. The NIPRNet was created by the Defense Information Systems Agency (DISA) to supersede the earlier Military Network (MILNET). The NIPRNet is composed of Internet Protocol routers owned by the United States DoD that provides a gateway to the public Internet.

Node

Term

An element of the operational architecture that produces, consumes, or processes information. What constitutes an operational node can vary among architectures, including, but not limited to, representing an operational/human role (e.g., Air Operations Commander), an organization (e.g., Office of the Secretary of Defense) or organization type, i.e., a logical or functional grouping (e.g., Logistics Node, Intelligence Node), and so on. The notion of an operational node will also vary depending on the level of detail addressed by the architecture effort.

Notify User

Operational Node

Provide information to the user to indicate whether or not their vetting request received negative or positive results. OV-5 reference #5.

NVR

Acronym

Network Video Recorder

OASIS

Acronym

Organization for the Advancement of Structured Information Standards.

Objective Parameter

Term

A value within a requirement that is desired above the threshold value, if feasible and cost effective. A threshold requirement may contain an objective parameter (along with a threshold parameter). In this case, the entire requirement must be satisfied, using the threshold parameter at a minimum and the objective parameter as a goal. Objective parameters are referenced as such within the text of a requirement.

Objective Requirement

Term

A requirement that is a goal above a threshold requirement. Satisfaction of objective requirements are strongly desired if technologically and programmatically feasible, cost-effective, and can be completed within the scope of the schedule.

On-site registration

System Function

Registration domain, allows registration at site.

Operational Availability

Term

Operational Availability (Ao) is the probability that a system or equipment, when used under stated conditions in an actual operational environment, will operate satisfactorily when called upon. Ao is expressed as the Mean Time Between Downing Events (MTBDE) divided by the sum of MTBDE and Mean Down Time (MDT). MTBDE is the average time between events that bring the system down, including critical or non-critical failures, preventive maintenance, and training. MDT is the average total elapsed time to fully restore the system/subsystem to an operational state because of a downing event. It includes active maintenance time, logistics delay time, and administrative delay time.

Ao = MTBDE ÷ (MTBDE + MDT)

Operator

Term

A staff member who directly interfaces with the system to support the users of the system, such as a security guard or registration staff.

PACS

Acronym

Physical Access Control Systems.

Passive Barriers

Term

Barriers used to prevent the penetration of a threat vehicle.

Pedestrian Access

System Function

Access Control domain, allows pedestrian access.

Pedestrian Access Denied Process

Operational Node

An operational practice under installation control for dealing with denied pedestrian users. OV-5 reference #22

Pedestrian Access Granted Process

Operational Node

User enters facility and equipment returns to default state. For pedestrian lane, default state includes turnstile locked and card readers ready for input. OV-5 reference #29.

Pedestrian Lane

Element

An access corridor at the Access Control Point (ACP) that allows persons with non-motorized vehicles to enter the installation.

Personal Data

Need Line

Personal information provided by the Facility to the Registration System or from the Enterprise System to the Registration System for vetting and issuance of vetted credentials.

Personal Data Query

Need Line

The start of the vetting process initiated by the Enterprise System to the DoD External databases (DBs).

Personal Data Query Results

Need Line

The results of the vetting process resulting from the original Personal Data Query; the data is sent from the DoD External databases (DBs) to the Enterprise System.

PII

Acronym

Personally Identifiable Information.

PIN

Acronym

Personal Identification Number.

PIR

Acronym

Public Information Request.

PLC

Element

Programmable Logic Controller. A digital computer used for automation of electromechanical processes, such as control of machinery on factory assembly lines, amusement rides, or lighting fixtures.

POC

Acronym

Point of Contact.

Pre-registration

Process

Process of initiating registration remotely.

Pre-registration Workstation/Kiosk

Element

Workstation provided in the visitor control center that provides the user with the capability to pre-enter data required for registration or enrollment in the AIE Increment 2 Enterprise System.

Present User Credentials

Operational Node

Showing user credentials to system including Common Access Card (CAC), Personal Identification Number (PIN), biometrics etc. OV-5 reference #12.

Present User Credentials

Operational Node

Showing pedestrian credentials to system including Common Access Card (CAC), Personal Identification Number (PIN) and biometrics. OV-5 reference #21.

Provide Credentials

Operational Node

Registration system presents to the user a local credential to be used for access to the installation. OV-5 reference #10.

PSEAG

Acronym

Physical Security Equipment Action Group

Read User Data

Operational Node

Process of accepting personal credentials presented at the lane or pedestrian gate. OV-5 reference #14.

Receive Alarm Data

Operational Node

Facility alarm center receives alarm data. OV-5 reference #27.

Record Access Control Transactions

Operational Node

Recording of all access control transactions that occur in each vehicle and pedestrian lane. OV-5 reference #19.

Registration Data

Element/Need Line

Data provided by the user to be used for registration or enrollment within the system and information passed to external agencies related to user registration.

Report Alarm Data

Operational Node

Alarm data that is sent to Facility or process of sending alarm data. OV-5 reference #26.

Retirees

Term

Individuals retired from a branch of the US military.

Retrieve Record

Operational Node

Retrieve enrollment records to confirm authentication. OV-5 reference #15.

Return Vetting Results

Operational Node

Action performed by any external authoritative database to provide results of vetting to the registration system. OV-5 reference #8.

Re-vetting

System Function

Vetting domain, re-starts vetting process after specific operational time.

SALTS

Acronym

Standard Automated Logistics Tool Set. Used by the United States Navy to provide a means of moving logistical and administrative data from a single point of entry to a wide host of databases and data services world-wide using single sign-on.

SEWG

Acronym

Security Engineering Working Group

Site

Term

A military base or other location that has AIE installed.

SOAP

Acronym

Simple Object Access Protocol.

SSO

Acronym

Single sign-on. A session/user authentication process that permits a user to enter one name and password in order to access multiple applications. The process authenticates the user for all the applications they have been given rights to and eliminates further prompts when they switch applications during a particular session.

Storage of Transactions

System Function

The process of storing access control, registration, and vetting events to the AIE Increment 2 Enterprise System database.

Store User Data

Operational Node

Store all data submitted by the user. OV-5 reference #4.

Submit User Data

Operational Node

User provides personal data (i.e., drivers license, name, DOB, SSN, citizenship) as well as personal credentials. OV-5 reference #3.

Surveillance Video

Need Line

Video data exchanged between the Access Control System and the Installation Alarm Monitoring System.

System Administration

System Function

Network Monitoring domain, administration of system computers and hardware.

System Alarms

Need Line

System alarm data that is exchanged between the Access Control System and the Installation Alarm Monitoring System.

TCP/IP

Acronym

Transmission Control Protocol/Internet Protocol

Threshold Parameter

Term

A value within a requirement that must be satisfied at a minimum. An objective requirement may contain a threshold parameter (along with an objective parameter). In this case, the entire requirement may or may not be satisfied, but if it is satisfied, it can use the threshold parameter at a minimum and the objective parameter as a goal. A threshold parameter will be indicated within the text of a requirement.

Threshold Requirement

Term

A requirement that the system must satisfy. All requirements are threshold requirements unless otherwise stated as objective.

Tier 1 Configuration

Term

Complete or full system solution that includes all all requirements.

Tier 2 Configuration

Term

A system configuration that allows the system to be deployed in an expedited schedule with capabilities that may be less than the full (Tier 1) system. Individual requirements annotated with “Tier 2” are part of the minimum set of requirements for the Tier 2 configuration. Tier 2 does not have the site preparation work and relies on hand-held devices for driver authentication.

TRM

Acronym

Technical Reference Model

Trusted Traveler

Term

DoD employees and active duty/retired service members and spouses with a valid DoD issued identification card. Trusted Travelers are entirely responsible for the actions of all occupants in their vehicles and for meeting all local security requirements for escort as established by the installation commander. Trusted Travelers can vouch for occupants in their immediate vehicle to allow them access.

User

Node/Term

An AIE customer, vehicle, person or pedestrian attempting to register or gain access to a facility.

User Authorization

Need Line

Enterprise data send to the Access Control Point (ACP), including access lists.

User Data

Term

Personal and/or biometric data passed to the Access Control System from the Registrations system.

User Access Denied Process

Operational Node

An operational practice under installation control for dealing with denied users and/or their vehicles. OV-5 reference #20.

User Access Granted Process

Operational Node

An operational practice under installation control for dealing with users and/or their vehicles when granted access. User enters facility and equipment returns to default state. For the vehicle lane, the default state includes gate arm down and traffic light red. OV-5 reference #28.

Vehicle Access

System Function

Access Control domain, allows vehicle access.

Vehicle Ingress

Term

The process of gaining access to a facility by providing valid credentials for both personnel and vehicles.

Vetting (of credentials)

AIE System

The process of verifying that a presented credential is valid, usually against an authoritative source, and generally performed at time of registration.

Vetting Request

Need Line

A request sent to external vetting systems for a vetting result.

Vetting Results

Need Line

The results of automated vetting of personal data against DoD external databases (DBs), returned to the Facility from the Enterprise System.

Video Subsystem

Subsystem

Encompasses all video components including cameras, video encoders, and network video recorders.

Visitor Control Center (Pass and ID)

Element

Physical location where on-site enrollment and registration functions are performed. Houses the Enrollment Workstation and Pre-registration Workstation.

VMS

Acronym

Video Management System

VRS

Acronym

Vehicle Registration System. A module within the Centralized Operations Police Suite (COPS), which is used to store registered vehicle data and persons authorized to access military installations. It also contains data on registered weapons, bicycles, pets, and individuals who are not authorized to access the installation.

Web Pre-registration

System Function

Registration domain, allows online and kiosk registration.

Web Service Application

Term

Application Programming Interface (API) executed on a remote system hosting the requested services.