Title
FMN Spiral 4 Standards Profile

Reference document

Org
FMN
Pubnum
Date
2021-02-08
Version
4
Title
FMN Spiral 4 Overview of Standards and Profiles

Subprofiles

Status

URI

History

Flag Date RFC Version
added 2021-01-15 13-019 14.0
UUID
c7b21062-3aea-492a-8cfe-062bdb9b9551

FMN Spiral 4 Standards Profile

FMN Spiral 4.0 Infrastructure Standards Profiles

FMN Spiral 4.0 Infrastructure Security Standards Profiles

Service Standard Implementation Guidance

FMN Spiral 4.0 Certificates Exchange Profile

The Certificates Exchange Profile specifies the use of public standards for exchange of digital certificates.

Digital Certificate Services

Mandatory

The PEM format with base64-encoded data shall be used to exchange Certificates, Certificate Revocation Lists (CRLs), and Certification Requests.

FMN Spiral 4.0 Cryptographic Algorithms Profile

The Cryptographic Algorithms Profile specifies the use of public standards for cryptographic algorithm interoperability to protect IT systems.

Digital Certificate Services

Mandatory

The following algorithms and parameters are to be used to support specific functions

  • Root CA Certificates
    • Digest Algorithm SHA-256 or SHA-384 (Root CA certificates, which were signed using SHA-1 before 1 January 2016, may be used until 1 January 2025)
    • RSA modulus size (bits) 3072 or 4096
    • ECC Curve NIST P-256 or P-384
  • Subordinate CA Certificates
    • Digest Algorithm SHA-256 or SHA-384
    • RSA modulus size (bits) 2048, 3072 or 4096
    • ECC Curve NIST P-256 or P-384
  • Subscriber Certificates
    • Digest Algorithm SHA-256 or SHA-384
    • RSA modulus size (bits) 2048, 3072 or 4096
    • ECC Curve NIST P-256 or P-384
For further guidance on the implementation the AC/322-N(2020)0077 iTIF Certificate Profiles Version 1.2.2 shall also be considered.Even more guidance
  • A digital certificate service provider shall choose which combination of algorithm and keylength chain to build. The service portfolio may contain several parallel solutions.
  • You shall not mix key-algorithms in one CA/sub-CA chain.
  • A digital certificate service consumer shall support the full spectrum of possible combinations in algorithm and keylength.
  • During a mission instantiation, the service designer shall verify service consumer capabilities with regard to supported algorithms.

FMN Spiral 4.0 Digital Certificate Profile

The Digital Certificate Profile provides standards and guidance in support of a Public Key Infrastructure (PKI) on federated mission networks.

Digital Certificate Services

Mandatory

Mandatory

The Online Certificate Status Protocol (OCSP) capability is mandatory for PKI Service providers. The addresses of OCSP endpoints shall be provided in digital certificates through X.509 certificate extensions such as Authority Information Access (AIA). Clients might support this protocol.

Mandatory

CRLs may be provided at multiple endpoints. The addresses of these endpoints shall be provided in digital certificates through X.509 certificate extensions such as Authority Information Access (AIA) and CRL distribution point (CDP). Each CA shall provide CRLs over HTTP. Clients must support this protocol.

The version of the encoded public key certificate shall be version 3. The version of the encoded certificate revocation list (CRL) shall be version 2.For further guidance on the implementation the AC/322-N(2020)0077 iTIF Certificate Profiles Version 1.2.2 shall also be considered.

FMN Spiral 4.0 Infrastructure Processing Standards Profiles

Service Standard Implementation Guidance

FMN Spiral 4.0 Virtual Appliance Interchange Profile

The Virtual Appliance Interchange Profile provides standards and guidance to support the Virtualized Processing Services to exchange virtual appliances between different host platforms.

Virtualized Processing Services

Conditional

If automated importing of virtual appliances is supported by the service provider, OVF format shall be used as exchange format.

Mandatory

File format for virtual hard disk drives, which the service consumer has to be able to provide.

To ensure optimization of the exchange of virtual appliances, the following guidelines should be observed.The environment should be prepared for optimal implementation of a virtual machine (VM).

  • Strip down the hardware as much as possible, by removing sound cards, USB controllers, CD-ROM and floppy drives, and para-virtualized devices;
  • Minimize the VMs’ HDD footprint to a minimum and use thin provisioning;
  • Unmount any removable devices before exporting to Open Virtualization Format (OVF);
  • Delete all snapshots;
  • Shutdown machine; and
  • Include a CRC Integrity Check.
The platform should be able to support the following minimalistic set of hardware features
  • vCPU support minimal two vCPUs supported per VM
  • SCSI disk controller minimal two
  • Virtual SCSI harddisks and optical disk minimal eight
  • IDE nodes
  • Virtual IDE disks
  • Virtual IDE CD-ROMs
    • E1000 (Network Interface)
  • SVGA displays minimal one
  • Serial ports minimal one

FMN Spiral 4.0 Infrastructure Networking Standards Profiles

Service Standard Implementation Guidance

FMN Spiral 4.0 Time Synchronization Profile

The Time Synchronization Profile provides standards and guidance to support the synchronization of clients and servers across a network or a federation of networks and the safeguard of the accurate use of timestamps.

Distributed Time Services

Mandatory

Stratum 1 devices must implement IPv4 so that they can be used as time servers for IPv4-based mission networks.

FMN Spiral 4.0 Secure Domain Naming Profile

The Secure Domain Naming Profile provides standards and guidance to support the hierarchical distributed name system with a set of extensions to DNS which provide to DNS clients (resolvers) cryptographic authentication of DNS data, authenticated denial of existence, and data integrity, but not availability or confidentiality. These extensions are combined in the Domain Name System Security Extensions (DNSSEC), a suite of Internet Engineering Task Force (IETF) specifications for securing certain kinds of information provided by the Domain Name System (DNS) as used on Internet Protocol (IP) networks.

Domain Name Services

Mandatory

Only the following security algorithms shall be used

  • RSASHA256,
  • RSASHA512,
  • ECDSAP256SHA256,
  • ECDSAP384SHA384.

FMN Spiral 4.0 Domain Naming Profile

The Domain Naming Profile provides standards and guidance to support the hierarchical distributed name system for computers, services, or any resource connected to a federated mission network.

Domain Name Services

Mandatory

FMN Spiral 4.0 COI-Specific Standards Profiles

FMN Spiral 4.0 Command and Control Standards Profiles

Service Standard Implementation Guidance

FMN Spiral 4.0 Maritime C2 Processes Profile

Maritime Operations includes a set of military activities conducted by maritime air, surface, sub-surface and amphibious forces to attain and maintain a desired degree of control of the surface, sub-surface, and air above the sea, influence events ashore, and, as required, support land, air/space, and cyber operations

Business Processes

Mandatory

The maritime conflict and operation themes are likely to cover the following types of operations in the maritime environment (AJP-3.1)

  • Major combat operations,
  • Peace support,
  • Peacetime military engagement.
Maritime forces have roles in the following activities
  • Warfare and combat,
  • Maritime security,
  • Security cooperation.

FMN Spiral 4.0 Land C2 Information Exchange Profile

The Land C2 Information Exchange Profile provides standards and guidance to support the exchange of Command and Control information within a coalition network or a federation of networks.

Situational Awareness Services,

Battlespace Object Services

Mandatory

The MIP4 profile should be used primarily for the exchange of Battlespace Objects (BSOs); this profile is not intended to support high volume, high frequency updates such as Friendly Force Tracking (FFT). Nor is it intended to support the exchange of data over tactical bearers (with limited capacity and intermittent availability).The MIP interoperability specification comprises both a mandatory technical interface specification as well as implementation guidance documents, and is available on the MIP website (https //www.mip-interop.org). The minimum iteration for MIP4 implementation is MIP4.3 (and MIP4.3 is the basis for the capabilities covered by the Spiral 4 Specification). However, as the MIP4 specification supports inter-version compatibility, later iterations of MIP4 (i.e. MIP4.4+) are expected to remain interoperable with MIP4.3.The suite of guidance documents includes the MIP Operating Procedures (MOP), which provides technical procedures for configuration/operation of MIP 4.3 interfaces in a coalition environment.

FMN Spiral 4.0 Maritime C2 Information Exchange Profile

The Maritime C2 Information Exchange Profile provides standards and guidance to support the exchange of the Recognized Maritime Picture (RMP) information within a coalition network or a federation of networks.

Recognized Maritime Picture Services

Conditional

For conditional use, coupled with the AIS line from OTH-T GOLD Baseline 2007.

Mandatory

The implementation of the following message types is mandatory

  • Enhanced Contact Report (XCTC);
  • Overlay Message (OVLY2, OVLY3);
The implementation of the following message types is mandatory for an RMP Manager, optional for Mission Network Participants
  • Area of Interest Filter (AOI);
  • FOTC Situation Report;
  • Group Track Message (GROUP);
  • Operator Note (OPNOTE);
  • PIM Track (PIMTRACK);
These messages can be used for other C2 functions.For interconnecting C2 Systems and their RMP Services, the implementation of the following transport protocol to share OTH-T GOLD messages is mandatory
  • TCP (connect, send, disconnect) - default port 2020
End-users that do not have RMP Applications MAY generate OTH-T GOLD messages manually and transmit them via eMail/SMTP.

FMN Spiral 4.0 Land Tactical C2 Information Exchange Profile

The Land Tactical C2 Information Exchange Profile provides standards and guidance with regard to a core set of Command and Control information and also on how to exchange XML messages within a coalition tactical environment with mobile units.

Track Distribution Services,

Situational Awareness Services,

Battlespace Object Services,

Direct Messaging Services

Mandatory

AEP-76 is to be used for direct C2 Data Exchange between coalition units at the Mobile Tactical Edge, where a shared interoperability network is in place built upon the loaned radio concept. The data model of AEP-76 is based on variant of MIP 3.1 XML messages. The following 8 messages of the messages defined in Volume II are mandatory for federating JDSS in coalition operations: Presence MessageIdentification MessageContact /Sighting MessageSketch MessageGenInfo MessageReceipt MessageOverlay MessageCasualty Evacuation Request Message (Request Message Body only)

Mandatory

Mandatory

Mandatory

Developers may useAEP-76 Ed A V2 XML Schema Definitionsfor implementing JDSS.See SIP for Loaned Radio Connector for an interim replacement of the cancelled standard AEP-86 (STANAG 4619).AEP-76 is to be used for direct C2 Data Exchange between coalition units at the Mobile Tactical Edge, where a shared interoperability network is in place built upon the loaned radio concept. The information exchange mechanism of AEP-76 supports the efficient information exchange of XML messages over a coalition mobile tactical edge network.The following two JDSS messages are out-scoped for FMN Spiral 4

  • Coordination message. STANAG 4677 provides the Overlay message that is a superset of functionality that is provided by the coordination message and can be used instead..
  • NBC message. STANAG 4677 provides the Overlay message that is a superset of functionality that is provided by the coordination message and can be used instead.
For the Casualty Evacuation message, the Reply Message Body is out-scoped. Instead of the dedicated reply message body, the Geninfo message can be used to coordinate casualty evacuations after the initial dedicated CasEvac request message.

FMN Spiral 4.0 CIS Support Standards Profiles

FMN Spiral 4.0 SMC Orchestration Profile

Service Standard Implementation Guidance

FMN Spiral 4.0 COI-Enabling Standards Profiles

FMN Spiral 4.0 Operations Information Standards Profiles

Service Standard Implementation Guidance

FMN Spiral 4.0 Battlespace Event Federation Profile

The Battlespace Event Federation Profile provides standards and guidance to support the exchange of information on significant incidents, important events, trends and activities within a coalition network or a federation of networks.

Battlespace Event Services

Mandatory

To support exploitation the following APP-11 message formats MUST be supported (MTF Identifier, MTF Index Ref Number): Incident Report (INCREP, A078)Incident Spot Report (INCSPOTREP, J006)Troops in Contact SALTA format (SALTATIC, A073)Events Report (EVENTREP, J092)Improvised Explosive Device Report (IEDREP, A075) The INCREP is used to report any significant incident caused by terrorism, civil unrest, natural disaster, or media activity. The INCSPOTREP is used to provide time critical information on important events that have an immediate impact on operations. The SALTATIC is used to report troops in contact, the report should be made as soon as possible by the unit that has come under some form of attack. It uses the following basic format: Size of enemy, Action of enemy, Location, Time and Action taken The EVENTREP is used to provide the chain of command information about important Events, trends and activities that do not have an element of extreme urgency, but do influence on-going operations The IEDREP is sent when an IED has been encountered. It identifies the hazard area, tactical situation, operational priorities and the unit affected. This initial report should be followed by normal EOD/Engineer reporting requirements.

FMN Spiral 4.0 Friendly Force Tracking Profile

The Friendly Force Tracking Profile provides standards and guidance to support the exchange of Friendly Force Tracking information within a coalition network or a federation of networks.

Text-based Communication Services,

Track Distribution Services,

Track Management Services

Mandatory

Messages exchanged according to the exchange mechanisms described in ADatP-36(A)(2) shall comply with the Message Text Format (FFI MTF) schema incorporated in APP-11.IP1 is the preferred protocol for FMN Spiral 4. Where needed, the other ADatP-36(A)(2) protocols (IP2 or WSMP 1.3.2) may be used if the situation requires this. The version of WSMP to be used in FMN Spiral 4 is version 1.3.2. This version is explicitly stated as is it is recognized that ADatP-36(A)(2) does not unambiguously state a version of WSMP to be used.

FMN Spiral 4.0 Tactical Message Distribution Profile

The Tactical Message Distribution Profile provides standards and guidance to support the exchange of selected messages between Tactical Data Link networks and IP based federation of networks.

Track Management Services,

Recognized Air Picture Services,

Recognized Ground Picture Services,

Recognized Maritime Picture Services,

Situational Awareness Services

Mandatory

The "Minimum Link-16 Message Profile", as described in the FMN Spiral 3 Service Interface Profile for RAP Data, defines the minimum set of data elements that are required to be available for operational or technical reasons so that correctly formatted technical message can be generated to establish the RAP in a federated environment. The implementation of the following message types of ATDLP-5.16 is MANDATORY and refers to Appendix A of the standard for the detailed requirement of receive or transmit support, also based on the role of the MNP: Precise Participant Location and Identification (PPLI) MessagesJ2.0 Indirect Interface Unit PPLIJ2.2 Air PPLIJ2.3 Surface (Maritime) PPLIJ2.4 Subsurface (Maritime) PPLIJ2.5 Land (Ground) Point PPLIJ2.6 Land (Ground) Track PPLISurveillance MessagesJ3.0 Reference PointJ3.1 Emergency PointJ3.2 Air Track messageJ3.3 Surface (Maritime) TrackJ3.4 Subsurface (Maritime) TrackJ3.5 Land (Ground) Point/TrackJ3.7 Electronic Warfare Product Information For MNPs that are contributing to Shared Situational Awareness production, the following messages should be supported to maximize the ability to share tactical data: J7 Information ManagementJ9 Weapons Coordination and ManagementJ10 Weapons Coordination and ManagementJ12 ControlJ13 Platform and System StatusJ15 Threat WarningJ17 Miscellaneous More recent editions of this standard may be implemented for operational use but ATDLP-5.16 is the minimum to guarantee Link 16 tactical message distribution.

Mandatory

The JREAP Standard enables TDL data to be transmitted over digital media and networks not originally designed for tactical data exchange. JREAP consists of three different protocols: A, B and C. For implementation in FMN only JREAP-C 'Encapsulation over Internet Protocol (IP)' which enables TDL data to be transmitted over an IP network must be used. Refer to Appendix E of the standard for an overview of which messages are MANDATORY for implementation. Within JREAP-C, UTC must be supported as the common time reference. If no common time reference is available, round-trip shall be used.

JREAP is designed to support operations using Link 16 over most communication media (JRE media) including forwarding TDL data over satellite communication links (JREAP-A), serial links (JREAP-B), and over IP networks (JREAP-C). Each JRE medium has unique characteristics. For implementation in FMN only JREAP-C Encapsulation over IP is to be used. It supports UDP Unicast, UDP multicast, and TCP.

FMN Spiral 4.0 Situational Awareness Standards Profiles

Service Standard Implementation Guidance

FMN Spiral 4.0 Ground-to-Air Situational Awareness Profile

The Ground-to-Air (G2A) Situational Awareness Profile provides standards and guidance to support the exchange of Friendly Force Tracking information within a coalition network or a federation of networks over Link 16.

Track Distribution Services,

Track Management Services

Mandatory

Messages exchanged according to the exchange mechanisms described in ADatP-37(A) shall comply with the J-series message schema defined STANAG 5516, Tactical Data Exchange – Link 16 and STANAG 5518, Interoperability Standard for Joint Range Extension Application Protocol (JREAP).

FMN Spiral 4.0 Ground-to-Air Information Exchange Profile

The Ground-to-Air Information Exchange Profile provides standards and guidance to support the exchange of Friendly Force Tracking information within a coalition network or a federation of networks over Link 16.

Track Distribution Services,

Track Management Services

Mandatory

Messages exchanged according to the exchange mechanisms described in ADatP-37(A) shall comply with the J-series message schema defined STANAG 5516, Tactical Data Exchange – Link 16 and STANAG 5518, Interoperability Standard for Joint Range Extension Application Protocol (JREAP).

FMN Spiral 4.0 Overlay Distribution Profile

The Overlay Distribution Profile covers the standards for overlays and (military) symbology that identify locations on the surface of the planet. These overlays are employed when disseminating recognized domain or functional pictures and related picture elements between different communities of interest in a federated mission network environment, as well as sharing with partners operating outside of the Operational Network.

Symbology Services

Mandatory

Applies to NVG only. Implementation Guidance is provided inNVG 2.0 APP-6D Bindings

Mandatory

The minimum conformance level for Spiral 4 is defined as conformant with type B3R - as per the NVG 2.0.2 Specification summarized as: File-based and NVG Request/Response Protocol, all symbolized content, with timing information and operationally relevant extended data.

Conditional

Conditional for three use cases that typically involve cross-domain information exchange: sharing overlays outside of the Mission Network or,sharing overlays to exchange information in the form of Cross-security domain exchange. If an Affiliate has the requirement to share (export/import) with external (non-MN) organisations, then it is to support exchange via KMLexchanging of targeting and JISR products that are prepared on national networks. This particular COI have articulated a requirement to use KML for “Named Area of Interest”. In terms of conditionality, this use is to be defined by that COI. When exporting KML files that reference external resources, KML Zipped (KMZ) must be used and all relevant referenced external resources must be included in the KMZ structure as relative references. The references to these files can be found in the href attribute (or sometimes, the '"`UNIQ--nowiki-0000FC1C-QINU`"' element) of several KML elements. To enable cross domain exchange and long-term preservation relative references must be used for those resources that are included in the KMZ structure. As many Earth Viewers only work with legacy PKZIP 2.x format for KMZ, .zip folders shall be created in accordance withhttps://www.pkware.com/documents/APPNOTE/APPNOTE-2.0.txt.

All presentation services shall render tracks, tactical graphics, and battlespace objects using the defined symbology standards except in the case where the object being rendered is not covered in the standard. In these exceptional cases, additional symbols shall be defined as extensions of existing symbol standards and must be backwards compatible. These extensions shall be submitted as a request for change within the configuration management process to be considered for inclusion in the next version of the specification.

FMN Spiral 4.0 Communications Access Standards Profiles

Service Standard Implementation Guidance

FMN Spiral 4.0 Routing Encapsulation Profile

The Routing Encapsulation Profile provides standards and guidance for generic routing encapsulation functions between network interconnection points (NIPs).

Packet-based Transport Services

Mandatory

Protected Core Networking does not support the use of pre-shared keys as an authentication method. While classified information domains in Coloured Clouds may use pre-shared keys in their NIP-G interfaces, IKEv2 is used for authentication both using digital certificates and pre-shared keys.

FMN Spiral 4.0 Inter-Autonomous Systems Routing Profile

The Inter-Autonomous Systems Routing Profile provides standards and guidance for routing between inter-autonomous systems. The best current practice for the Border Gateway Protocol (BGP) based network routing operations and security is described in RFC 7454 - "BGP Operations and Security". Deployment guidance with regards to the application of BGP in the Internet is described in IETF RFC 1772:1995.

IPv4 Routed Access Services,

Packet Routing Services

Mandatory

The following standards are added to improve BGP resilience through faster detection of network failures

Mandatory

The following standard applies for unicast routing.

Mandatory

The following standards apply for all IP interconnections.

Conditional

Additionally, the following standard applies for 32-bit extended communities used for traffic engineering purposes. The confidition to use 32-bit extended communities is that MNSMA defines community values to be used for the traffic engineering as well as traffic engineering policies to be applied.

Mandatory

The following standard is added to improve security of BGP peering

BGP sessions must be authenticated, through a TCP message authentication code (MAC) using a one-way hash function (MD5), as described in IETF RFC 4271.

FMN Spiral 4.0 Inter-Autonomous Systems Multicast Routing Profile

The Inter-Autonomous Systems Multicast Routing Profile provides standards and guidance for multicast routing between inter-autonomous systems. Interconnections are based on bilateral agreements.

IPv4 Routed Access Services,

Packet Routing Services

Mandatory

Service providers with their own multicast capability shall provide a Rendezvous Point (RP) supporting the following IP multicast protocol standards.

Mandatory

The following standards shall apply to multicast routing.

Mandatory

These standards shall apply for all IP interconnections.

FMN Spiral 4.0 Platform Standards Profiles

FMN Spiral 4.0 Web Platform Standards Profiles

Service Standard Implementation Guidance

FMN Spiral 4.0 Web Feeds Profile

The Web Feeds Profile provides standards and guidance for the delivery of content to feed aggregators (web sites as well as directly to user agents).

Web Hosting Services

Mandatory

Web content providers must support at least one of the two standards (RSS and/or Atom).

Mandatory

Receivers of web content such as news aggregators or user agents must support both the RSS and the ATOM standard.

RSS and Atom documents should reference related OpenSearch description documents via the Atom 1.0 link element, as specified in Section 4.2.7 of RFC 4287.The rel attribute of the link element should contain the value search when referring to OpenSearch description documents. This relationship value is pending IANA registration. The reuse of the Atom link element is recommended in the context of other syndication formats that do natively support comparable functionality.The following restrictions apply

  • The type attribute must contain the value application/opensearchdescription+xml.
  • The rel attribute must contain the value search.
  • The href attribute must contain a URI that resolves to an OpenSearch description document.
  • The title attribute may contain a human-readable plain text string describing the search engine.

FMN Spiral 4.0 Web Hosting Services Metadata Labelling Profile

The Web Hosting Services Metadata Labelling Profile describes how to apply standard confidentiality metadata to web hosting services.

Web Hosting Services

Mandatory

The Allied Data Publication and associated binding profiles describe the syntax and mechanisms for applying Confidentiality Metadata.

The structure of the binding is defined in ADatP-4778.The labelling values shall be based on the security policy defined for the mission.

FMN Spiral 4.0 Web Content Profile

The Web Content Profile provides standards and guidance for the processing, sharing and presentation of web content on federated mission networks. Web presentation services must be based on a fundamental set of basic and widely understood protocols, such as those listed below. Recommendations in the Service Interface Profile (SIP) for Web Applications are intended to improve the experience of Web applications and to make information and services available to users irrespective of their device and Web browser. However, it does not mean that exactly the same information is available in an identical representation across all devices: the context of mobile use, device capability variations, bandwidth issues and mobile network capabilities all affect the representation. Some services and information are more suitable for and targeted at particular user contexts. While services may be most appropriately experienced in one context or another, it is considered best practice to provide as reasonable experience as is possible given device limitations and not to exclude access from any particular class of device, except where this is necessary because of device limitations.

Web Hosting Services

Mandatory

Providing a common style sheet language for describing presentation semantics (that is, the look and formatting) of documents written in markup languages like HTML.

Mandatory

Publishing information including text, multi-media, hyperlink features, scripting languages and style sheets on the network.

To enable the use of web applications by the widest possible audience, web applications shall be device independent and shall be based on HTML5 standards and criteria for the development, delivery and consumption of web applications and dynamic websites. HTML5 contains new features for attributes and behaviors, plus a large set of associated technologies such as CSS 3 and JavaScript that allows more diverse and powerful Web sites and applications.Web applications will not require any browser plug-ins on the client side as some organizations or end user devices do not allow the use of Java Applets or proprietary extensions such as Silverlight (Microsoft), Flash (Adobe) or Quick Time (Apple). Implementers shall use open standard based solutions (HTML5 / CSS3) instead.The requirements defined in the SIP for Web Applications are mandatory for all web content consumers (browsers) and are optional for web content providers. It is expected that in the future FMN Spiral Specifications they will also become mandatory for the web content providers.

FMN Spiral 4.0 Common File Format Metadata Labelling Profile

The Common File Format Metadata Labelling Profile describes how to apply standard confidentiality metadata to common file formats.

Information Products

Mandatory

The Allied Data Publication and associated binding profiles describe the syntax and mechanisms for applying Confidentiality Metadata.

The structure of the binding is defined in ADatP-4778.The labelling values shall be based on the security policy defined for the mission.

FMN Spiral 4.0 Web Service Messaging Profile

The Web Service Messaging Profile (WSMP) defines a set of service profiles to exchange a wide range of XML-based messages. WSMP is extensible and may be used by any Community of Interest (COI). It is based on publicly available standards and defines a generic message exchange profile based on the Request/Response (RR) and the Publish/Subscribe (PubSub) Message Exchange Pattern (MEP). WSMP is platform independent and can be profiled for different wire protocols such as SOAP. Other protocols like REST, JMS, AMQP, and WEBSocket will be profiled later. This profile is intended for software developers to implement interoperable "WSMP services" and "WSMP clients".

Message-Oriented Middleware Services

Mandatory

To enable plug-and-play interoperability a pre-defined minimum set of topics referenced and shared by multiple communities of interest is recommended. This TopicNamespace is included in Annex A Information Products - Detailed Definitions to the FMN Spiral 4 Procedural Instructions for Situational Awareness.The version of the WSMP Standard used with MIP4-IES (Version 4.3) is WSMP 1.3.2.

FMN Spiral 4.0 Web Platform Profile

The Web Platform Profile provides standards and guidance to enable web technology on federated mission networks.

Web Hosting Services

Mandatory

HTTP MAY (only) be used as the transport protocol for CRL and AIA exchange between all service providers and consumers (unsecured HTTP traffic). HTTP traffic shall use port 80 by default.HTTPS MUST be used as the transport protocol between all service providers and consumers to ensure confidentiality requirements (secured HTTP traffic). HTTPS traffic shall use port 443 by default.

FMN Spiral 4.0 Web Services Profile

The Web Services Profile provides standards and guidance for transport-neutral mechanisms to address structured exchange of information in a decentralized, distributed environment via web services.

Web Hosting Services

Mandatory

Provide the elements a web service needs to deliver a suitable UI service, such as remote portlet functionality.

Mandatory

The preferred method for implementing web-services are SOAP, however, there are many use cases (mashups etc.) where a REST based interface is easier to implement and sufficient to meet the IERs.Restful services support HTTP caching, if the data the Web service returns is not altered frequently and not dynamic in nature. REST is particularly useful for restricted-profile devices such as mobile phones and tablets for which the overhead of additional parameters like headers and other SOAP elements are less. The foundational document of the REST architectural style may be found athttp //www.ics.uci.edu/~fielding/pubs/dissertation/top.htm.

FMN Spiral 4.0 Structured Data Profile

The Structured Data Profile provides standards and guidance for the structuring of web content on federated mission networks.

Web Hosting Services

Mandatory

General formatting of information for sharing or exchange.

XML shall be used for data exchange to satisfy those Information Exchange Requirements (IERs) within a FMN mission network instance that are not addressed by a specific information exchange standard. XML schemas and namespaces are required for all XML documents.

FMN Spiral 4.0 Web Authentication Profile

The Web Authentication Profile provides standards and guidance in support of principal authentication and exchange of authenticated principal's identity attributes between Mission Network Participants.

Authentication Services

Mandatory

Identity providers must support the following components of the SAML 2.0 specification

  • Profiles Web Browser SSO Profile and Single Logout Profile.
  • Bindings HTTP Redirect Binding and HTTP POST Binding.

FMN Spiral 4.0 Database Platform Standards Profiles

Service Standard Implementation Guidance

FMN Spiral 4.0 Directory Data Structure Profile

The Directory Data Structure Profile provides standards and guidance in support of the definition of the namespace of a federated mission network on the basis of the Lightweight Directory Access Protocol (LDAP).

Directory Services

Mandatory

The Federated Directory Services shall be able to exchange inetOrgPerson object class with mandatory Common Name (cn) and Surname (sn) attributes. Based on the specific mission network's requirements, the list of exchanged attributes for a particular mission network might be extended by Service Management Authority (SMA) during the planning process.

FMN Spiral 4.0 Directory Data Exchange Profile

The Directory Data Exchange Profile provides standards and guidance in support of a mechanism used to connect to, search, and modify Internet directories on the basis of the Lightweight Directory Access Protocol (LDAP).

Directory Services

Mandatory

FMN Spiral 4.0 Communications Transport Standards Profiles

Service Standard Implementation Guidance

FMN Spiral 4.0 IP Quality of Service Profile

The IP Quality of Service Profile provides standards and guidance to establish and control an agreed level of performance for Internet Protocol (IP) services in federated networks.

Packet-based Transport Services,

IPv4 Routed Access Services

Mandatory

The following normative standards shall apply for IP Quality of Service (QoS).

Mandatory

Utilize Quality of Service capabilities of the network (Diffserve, no military precedence on IP).

FMN Spiral 4.0 Inter-Autonomous Systems IP Communications Security Profile

The Inter-Autonomous Systems IP Communications Security Profile provides standards and guidance for communications security for transporting IP packets between federated mission network interconnections and in general over the whole Mission Network.

Transport CIS Security Services

Conditional

In missions where no NATO information products are carried over the mission network, the MISSION SECRET (MS) communications infrastructure is protected with technical structures by mutual agreement made during the mission planning phase.

Conditional

In missions where NATO information products are carried over the mission network, the MISSION SECRET (MS) communications infrastructure is protected at minimum with Type-B crypto devices.

In missions where the mission network classification is MISSION RESTRICTED (MR) or lower, communication infrastructure is protected at the minimum with technical structures that comply with the Security section in the Service Instructions for Communications, and in the Routing Encapsulation Profile.

FMN Spiral 4.0 Inter-Autonomous Systems IP Transport Profile

The Inter-Autonomous Systems IP Transport Profile provides standards and guidance for Edge Transport Services between autonomous systems, using the Internet Protocol (IP) over point-to-point ethernet links on optical fibre.

Packet-based Transport Services

Mandatory

For automatic detection of MTU between end-points.

Mandatory

The use of LC-connectors is required for network interconnections inside shelters (or inside other conditioned infrastructure).

Mandatory

Standards for IP version 4 (IPv4) over Ethernet.

Mandatory

Section 3 - Clause 38 - 1000BASE-LX, nominal transmit wavelength 1310nm.

Mandatory

Conditional

If the interconnection point is outside a shelter in a harsh environment, the interconnection shall follow AComP-4290 or MIL-DTL-83526 connector specifications.

Use 1 Gb/s ethernet over single-mode optical fibre (SMF).

FMN Spiral 4.0 Tactical Interoperability Network Interconnection Profile

The Tactical Interoperability Network Interconnection Profile provides standards and guidance for a shared interoperability network at the mobile tactical edge: when no common waveform for land tactical radios can be used to interconnect networks, a standard "bridging" solution with loaned radios can be used to mitigate the interoperability problem. In that situation, interoperability will be achieved with the exchange of assets. Information exchange for mobile users at the tactical edge is based on STANAG 4677. The information exchange over the loaned radio interface shall be protected with similar mechanisms that are required to protect NATO RESTRICTED information or an equivalent mission classification level. The protection of information at the lower tactical level has a number of distinctive characteristics: The information is often transient and perishable – it is only relevant for a short period of time.The transmission of information is confined to a small geographic area.The information is held on portable devices which are often close to physical threats.The networks at the lower tactical level are often isolated from the wider network.

Packet-based Transport Services,

IPv4 Routed Access Services

Mandatory

Implement the following standard in addition to RFC 1112.

Mandatory

This profile is to be used exclusively for operations at the tactical edge (TACCIS [MC0640]) and not in combination with any of the other profiles defined in the SP4 SI for Communications, which are targeted at OPCIS [MC0640].

FMN Spiral 4.0 Interface Auto-Configuration Profile

The Interface Auto-Configuration Profile provides standards and guidance for support of the Routing Information Protocol (RIPv2 and RIPng) to expand the amount of useful information carried in RIP messages for the exploitation of auto-configurations over NIP-G and PCN-compliant interfaces, and for the inclusion of a measure of control.

Packet-based Transport Services

Mandatory

The auto-configuration is a highly recommended feature for the desired flexibility, maintainability and survivability in communications systems configuration. Nevertheless, there is always an option to follow a manual configuration process. This implies that auto-configuration in itself is not mandatory; when applied, the listed standards are mandatory.

FMN Spiral 4.0 Business Support Standards Profiles

FMN Spiral 4.0 Information Management Standards Profiles

FMN Spiral 4.0 Formal Messaging Standards Profiles

Service Standard Implementation Guidance

FMN Spiral 4.0 Formatted Messages for MedEvac Profile

The Formatted Messages Profile for Medical Evacuation (MedEvac) provides standard for formatted messages that are typically used for C2 of Medical Evacuation missions. These formatted messages may be used as payload/attachment in combination with various transport mechanisms such as informal messaging (e-mail), text collaboration (chat) or in standardized voice procedures.

Text-based Communication Services,

Informal Messaging Services,

Audio-based Communication Services

Mandatory

C2 of MedEvac Missions requires the following messages: Situational Awareness:Incident Report (INCREP – A078)Incident Spot Report (INCSPOTREP – J006)Troops in Contact SALTA Format (SALTATIC A073)Requests:Medical Evacuation Request (MEDEVAC – A012)Mechanism Injury Symptoms Treatment (MIST‐AT, supplement to A012)Diving Accident (DIVEACC – N019)Evacuation Request (EVACREQ – N096)

FMN Spiral 4.0 Geospatial Standards Profiles

Service Standard Implementation Guidance

FMN Spiral 4.0 Web Feature Service Profile

The Web Feature Service Profile provides standards and guidance for in support of Geospatial Services to provide a standardized interface for geodata provision in a defined format over a network connection.

Geospatial Web Feature Services

Mandatory

Implementation guidance can be found in DGIWG 122, Defence Profile of OGC’s Web Feature Service 2.0 v.2.0.1, 28 November 2017.

FMN Spiral 4.0 Geospatial Web Feeds Profile

The Geospatial Web Feeds Profile provides standards and guidance for in support of Geospatial Services to deliver geospatial content to web sites and to user agents, including the encoding of location as part of web feeds.

Web Hosting Services

Mandatory

GML subset for point "gml:Point", line "gml:LineString", polygon "gml:Polygon", and box "gml:Envelope". In Atom feeds, location shall be specified using Atom 1.0's official extension mechanism in combination with the GeoRSS GML Profile 1.0 whereby a "georss:where" element is added as a child of the <entry> element.

Mandatory

GeoRSS Simple encoding for "georss:point", "georss:line", "georss:polygon", "georss:box".

Geography Markup Language (GML) allows to specify a coordinate reference system (CRS) other than WGS84 decimal degrees (lat/long). If there is a need to express geography in a CRS other than WGS84, it is recommended to specify the geographic object multiple times, one in WGS84 and the others in your other desired CRSs.

FMN Spiral 4.0 Geospatial Data Exchange Profile

The Geospatial Data Exchange Profile provides standards and guidance in support of Geospatial Services to produce and exchange geospatial data between different participants using standardized exchange formats. These datasets will be loaded into specialized geospatial information systems (GIS) and published via standardized web services.

Geospatial Services

Mandatory

This ESRI Technical Paper describes XML schemas for the Geodatabase in order to enable exchange of digital geospatial data. In contrary to the ESRI Arc Geodatabase (File-based), this document is freely available to the public and does not require vendor-specific licenses.

Mandatory

Exchange of Digital Vector Data

Mandatory

Exchange of Digital Raster Data

Implementation guidance for GeoTIFF Format Specification is defined in STANAG 2592 - AGeoP 11.3 GeoTIFF Raster Format Specification – Edition A – Version 1 – December 2018.

FMN Spiral 4.0 Web Map Tile Service Profile

The Web Map Tile Service Profile provides standards and guidance in support of Geospatial Services to provide a standardized protocol for serving pre-rendered georeferenced map tiles over the Internet.

Geospatial Web Map Tile Services

Mandatory

Implementation Guidance Service Providers can select which profile(s) to implement, and should put emphasis on DGIWG Profiles. Service Consumers that want to consume WMS/WMTS services provided by the NATO Command Structure must implement the NCIA SIP.

FMN Spiral 4.0 Web Map Service Profile

The Web Map Service Profile provides standards and guidance in support of Geospatial Services to provide a standardized interface for geodata provision in a defined format over a network connection.

Geospatial Web Map Services

Mandatory

Service Providers can select which profile(s) to implement, and should put emphasis on DGIWG Profiles. Service Consumers that want to consume WMS/WMTS services provided by the NATO Command Structure must implement the NCIA SIP.

FMN Spiral 4.0 Communication and Collaboration Standards Profiles

FMN Spiral 4.0 Audio-based Collaboration Standards Profiles

Service Standard Implementation Guidance

FMN Spiral 4.0 Audio-based Collaboration Profile

The Audio-based Collaboration Profile provides standards and guidance for the implementation of an interoperable voice system (telephony) on federated mission networks.

Audio-based Communication Services

Mandatory

The following standards are used for audio protocols.

Voice over IP (VoIP) refers to unprotected voice communication services running on unclassified IP networks e.g. conventional IP telephony. Voice over Secure IP (VoSIP) refers to non-protected voice service running on a classified IP networks. Depending on the security classification of a FMN instance, VoIP or VoSIP is mandatory.If a member choses to use network agnostic Secure Voice services in addition to VoSIP, then SCIP specifications as defined for audio-based collaboration services (end-to-end protected voice) shall be used.The voice sampling interval is 40ms.

FMN Spiral 4.0 Media-based Collaboration Standards Profiles

FMN Spiral 4.0 Call Signaling Profile

Service Standard Implementation Guidance

FMN Spiral 4.0 Voice Services Call Signaling Profile

Standards profile for signaling of voice services.

Audio-based Communication Services

Mandatory

FMN Spiral 4.0 VTC Services Call Signaling Profile

Standards profile for signaling of video teleconferencing services.

Video-based Communication Services

Mandatory

FMN Spiral 4.0 Unified Audio and Video Profile

Service Standard Implementation Guidance

FMN Spiral 4.0 Priority and Pre-emption Profile

The Priority and Pre-emption Profile provides standards are used to execute priority and pre-emption service with the Session Initiation protocol (SIP).

Video-based Communication Services,

Audio-based Communication Services

Mandatory

FMN Spiral 4.0 SRTP-based Media Infrastructure Security Profile

The SRTP-based Media Infrastructure Security Profile provides security standards that are used for security of media infrastructure based on Transport Layer Security (TLS) and Secure Real-time Transport Protocol (SRTP).

Transport CIS Security Services

Conditional

Securing the MN Media infrastructure can be done in several ways and that the selection of the appropriate method is to be done during the mission planning. For this specific method, the following standard apply.

Note that securing the MN Media infrastructure can be done in several ways and that the selection of the appropriate method is to be done during the mission planning.

FMN Spiral 4.0 IPSec-based Media Infrastructure Security Profile

The IPSec-based Media Infrastructure Security Profile provides security standards that are used for security of media infrastructure based on Internet Protocol Security (IPSec).

Infrastructure CIS Security Services,

Network Access Control Services

Conditional

Securing the media infrastructure can be done in several ways and that the selection of the appropriate method is to be done during the mission planning. For this specific method, the following standard apply.

FMN Spiral 4.0 Session Initiation and Control Profile

The Session Initiation and Control Profile provides standards used for session initiation and control.

Video-based Communication Services

Mandatory

The following standards define the Session Initiation Protocol (SIP) and Real-time Transport Protocol (RTP) support for conferencing.

Mandatory

The following standards are used for regular Session Initiation Protocol (SIP) support..

FMN Spiral 4.0 Media Streaming Profile

The Media Streaming Profile provides standards used to stream media across the mission network.

Audio-based Communication Services

Mandatory

FMN Spiral 4.0 Secure Voice Profile

Service Standard Implementation Guidance

FMN Spiral 4.0 SCIP PPK Profile

In the context of secure communications, PPK is the Pre-Placed Key, which is a symmetric encryption key, pre-positioned in a cryptographic unit. Note: SCIP is depending on the FIPS 186-2 Digital Signature Standard. This standard is superseded by FIPS 186-4, which is the applicable standard in the Service Instructions for Digital Certificates. FIPS 186-2 is only allowed within the confinement of SCIP-based secure voice solutions on the mission network.

Communications Services

Conditional

When PPK is applied for the Secure Communications Interoperability Protocol (SCIP), the following standards need to be followed.

FMN Spiral 4.0 SCIP X.509 Profile

The X.509 standard is used in cryptography to define the format of public key certificates, which are used in many Internet protocols. One example is the use in Transport Layer Security (TLS) / Secure Sockets Layer (SSL), which is the basis for HTTPS, the secure protocol for browsing the web. Public key certificates are also used in offline applications, like electronic signatures. An X.509 certificate contains a public key and an identity (a hostname, or an organization, or an individual), and is either signed by a certificate authority or self-signed. When a certificate is signed by a trusted certificate authority, or validated by other means, someone holding that certificate can rely on the public key it contains to establish secure communications with another party, or validate documents digitally signed by the corresponding private key. Besides the format for certificates themselves, X.509 specifies certificate revocation lists as a means to distribute information about certificates that are no longer valid, and a certification path validation algorithm, which allows for certificates to be signed by intermediate Certificate Authority (CA) certificates, which are in turn signed by other certificates, eventually reaching a trust anchor. Note: SCIP is depending on the FIPS 186-2 Digital Signature Standard. This standard is superseded by FIPS 186-4, which is the applicable standard in the Service Instructions for Digital Certificates. FIPS 186-2 is only allowed within the confinement of SCIP-based secure voice solutions on the mission network.

Communications Services

Conditional

When X.509 is applied for the Secure Communications Interoperability Protocol (SCIP), the following standards need to be followed.

FMN Spiral 4.0 Secure Voice Profile

The Secure Voice Profile provides standards and guidance for the facilitation of secure telephony and other protected audio-based collaboration on federated mission networks.

Audio-based Communication Services

Mandatory

SCIP Secure Applications.

Mandatory

SCIP Network Standards for operation over VoIP Real-time Transport Protocol (RTP).

Mandatory

SCIP Signaling Plan and Negotiation.

Conditional

SCIP Network Standards for operation over other network types.

AComP-5068 Secure Communications Interoperability Protocol (SCIP) Edition A Version 1provides further guidance for the implementation of SCIP specifications.

FMN Spiral 4.0 Text-based Collaboration Standards Profiles

Service Standard Implementation Guidance

FMN Spiral 4.0 Text-based Collaboration Services Metadata Labelling Profile

The Text-Based Collaboration Services Metadata Labelling Profile describes how to apply standard Confidentiality Metadata to Text-Based Collaboration Services.

Text-based Communication Services

Mandatory

The Allied Data Publication and associated binding profiles describe the syntax and mechanisms for applying Confidentiality Metadata.

The structure of the binding is defined in ADatP-4778.The labelling values shall be based on the security policy defined for the mission.

FMN Spiral 4.0 Text-based Collaboration Data Forms Profile

The Text-based Collaboration Forms Profile provides standards and guidance to use (define, discover, fetch and submit) the data forms for use by XMPP entities.

Text-based Communication Services

Mandatory

FMN Spiral 4.0 Text-based Collaboration Chatroom Profile

The Text-based Collaboration Chatroom Profile provides standards and guidance to host chatrooms to support persistent near-real time text-based group collaboration capability (chat) for time critical reporting and decision making in military operations.

Text-based Communication Services,

Presence Services

Mandatory

XMPP Services hosting the shared chatrooms must comply with the following additional extensions.

FMN Spiral 4.0 Text-based Collaboration Profile

The Text-based Collaboration Profile provides standards and guidance to establish a basic near-real time text-based group collaboration capability (chat) for time critical reporting and decision making in military operations.

Text-based Communication Services,

Presence Services

Mandatory

The following standards are the base IETF protocols for interoperability of chat services.

Mandatory

The following standards are required to achieve compliance for an XMPP Server and an XMPP Client dependent upon the categorisation of presenting a core or advanced instant messaging service interface.

FMN Spiral 4.0 Video-based Collaboration Standards Profiles

Service Standard Implementation Guidance

FMN Spiral 4.0 Video-based Collaboration Profile

The Video-based Collaboration Profile provides standards and guidance for the implementation and configuration of video teleconferencing (VTC) systems and services in a federated mission network.

Video-based Communication Services

Mandatory

The following standards are required for video coding in VTC.

Conditional

Use of the BFCP is conditional to that VTC conferencing services are used with the shared content like presentations and/or screen sharing, whose control needs to be shared among participants.

Mandatory

The following standards are required for audio coding in VTC.

It Is recommended that dynamic port ranges are constrained to a limited and agreed number. This is an activity that needs to be performed at the mission planning stage. Different vendors have different limitations on fixed ports. However, common ground can always be found.As a minimum G.722.1 is to be used. Others are exceptions and need to be agreed by the mission network's administrative authority for video calls.

FMN Spiral 4.0 Informal Messaging Standards Profiles

Service Standard Implementation Guidance

FMN Spiral 4.0 Content Encapsulation Profile

The Content Encapsulation Profile provides standards and guidance for content encapsulation within bodies of internet messages, following the Multipurpose Internet Mail Extensions (MIME) specification.

Informal Messaging Services

Mandatory

Media and content types.

Mandatory

MIME encapsulation.

FMN Spiral 4.0 Informal Messaging Profile

The Informal Messaging Profile provides standards and guidance for settings of Simple Mail Transfer Protocol (SMTP).

Informal Messaging Services

Mandatory

These standards are mandated for interoperability of e-mail services within the mission network.

TLS with mutual authentication is mandatory for all SMTP communications. Detailed TLS protocol requirements are specified in the 'Service Interface Profile for Transport Layer Security'.

FMN Spiral 4.0 Informal Messaging Services Metadata Labelling Profile

The Informal Messaging Services Metadata Labelling Profile describes how to apply standard Confidentiality Metadata to Informal Messaging Services.

Informal Messaging Services

Mandatory

The Allied Data Publication and associated binding profiles describe the syntax and mechanisms for applying Confidentiality Metadata.

The structure of the binding is defined in ADatP-4778.The labelling values shall be based on the security policy defined for the mission.

FMN Spiral 4.0 Calendaring and Scheduling Standards Profiles

Service Standard Implementation Guidance

FMN Spiral 4.0 Calendaring Exchange Profile

The Calendaring Exchange Profile provides standards and guidance for the exchange meeting requests, free/busy information as well as calendar sharing implemented by common user access (CUA) software. The focus of this profile is on the exchange of the aforementioned information items and does not cover other typical features found in collaboration software.

Calendaring and Scheduling Services

Mandatory

RFC 5545 is required in order to allow a vendor independent representation and exchange of calendaring and scheduling information such as events, to-dos, journal entries, and free/busy information, independent of any particular calendar service or protocol.RFC 5546 defines the scheduling methods that permit two or more calendaring systems to perform transactions such as publishing, scheduling, rescheduling, responding to scheduling requests, negotiating changes, or canceling.RFC 6047 defines how calendaring entries defined by the iCalendar Object Model (iCalendar) are wrapped and transported over SMTP. Authentication, Authorization and Confidentiality with S/MIME (section 2.2 of RFC 6047) is not applicable for this profile.