Upload
others
View
31
Download
2
Embed Size (px)
Citation preview
UNCLASSIFIED
UNCLASSIFIED
United States Cyber Command
Instruction (USCCI)
OPR: J8 USCCI 8100-02
DISTRIBUTION: A
Cyber Capabilities Integration and Development System
1. Purpose. This Instruction outlines how United States Cyber Command (USCYBERCOM) will
prioritize and validate joint Cyberspace Operations (CO) capability requirements within
USCYBERCOM and across the Department of Defense (DOD) cyberspace domain, in accordance with
(IAW) its Unified Command Plan (UCP) cyberspace mission responsibilities, and provisions of Title 10
United States Code (USC)§167b.
2. Supersedes/Cancellation. This is the first issuance.
3. Applicability. This Instruction applies to USCYBERCOM, Subordinate Command elements (Cyber
National Mission Force, Joint Force Headquarters Cyber, Joint Force Headquarters-DOD Information
Network(JFHQ-DODIN)), Services, Component Commands, Combatant Commands (CCMDs) and
DOD Agencies or organizations that engage in CO capability development.
4. Responsibilities. Responsibilities are outlined throughout Enclosure 2.
5. Procedures. Procedures are outlined in the Enclosures.
6. Releasability. Cleared for Public Release. This Instruction is approved for public release; distribution
is unlimited. DOD Components, other Federal agencies, and the public may obtain copies of this
instruction.
7. Effective Date. This instruction is effective immediately upon receipt.
ROSS A. MYERS
Rear Admiral, U.S. Navy
Chief of Staff
Enclosures:
Enclosure 1 - Cyber Capabilities Integration and Development System Process Overview
Enclosure 2 - Cyber Capabilities Integration and Development System Deliberate Process – Boards and
Working Groups
Attachment 1 - Glossary of References and Supporting Information
UNCLASSIFIED
USCCI 8100-02
UNCLASSIFIED
2
ENCLOSURE 1
1. CCIDS Process Overview.
1.1. Purpose.
1.1.1. The primary objective of the Cyber Capabilities Integration and Development System
(CCIDS) process is to manage, prioritize, endorse, and/or validate joint CO capability requirements
and ensure interoperability of CO equipment and forces as authorized in 10 USC§167b and as
implemented IAW the Joint Requirements Oversight Council Memorandum National Defense
Authorization Act for Fiscal Year 2017 Section 923 Delegation of Authority for Cyberspace
Capabilities to United States Cyber Command, (JROCM 038-18). Due to the rapidly changing and
complex cyberspace environment, this process consolidates subject matter experts at the operational
level to be more responsive to CO requirements validation, integration and development.
1.1.2. The CCIDS process ensures CO capability requirements directly support operational plans
and strategies to include, but not limited to, National Security Strategy, National Defense Strategy,
National and DOD Cyber Strategies, National Military Strategy, Joint Strategic Campaign Plans,
Joint Staff Global Campaign Plans, Combatant Command Operational Plans, cyberspace operating
concepts, core activity assessments, and capability and programming guidance. CCIDS informs other
processes and assessments to include the DOD Planning Programming Budgeting and Execution and
Defense Acquisition System to deliver quality operational capability solutions to the warfighter in a
timely and cost effective manner.
1.1.3. This Instruction establishes the Cyber Requirements Evaluation Board (CREB) as the
USCYBERCOM equivalent of a Joint Staff (JS) Joint Capabilities Board (JCB) to implement its
authorities as described in Chairman [of the] Joint Chiefs of Staff Instruction (CJCSI) 5123.01 Series,
Charter of the Joint Requirements Oversight Council (JROC) and Joint Capabilities Integration and
Development System (JCIDS) Implementation. The CREB reviews, validates, and prioritizes
requirement documents for CO capability requirements.
1.1.4. This Instruction also establishes the Cyber Capabilities Board (CCB) as the requirements
board equivalent to a JS Functional Capabilities Board (FCB), directly supporting the CREB in the
validation of CO capability requirements. Validated requirements address warfighter capability gaps
utilizing materiel, non-materiel or a combination of both capability solutions.
1.2. Policy.
1.2.1. The Commander (CDR) executes UCP cyberspace mission responsibilities, and under the
provisions of 10 USC§167b, subject to the authority, direction, and control of the Principal Cyber
Advisor (PCA), validates and prioritizes joint CO capability requirements and ensures
interoperability of CO equipment and forces. The CDR delegated this authority to the Deputy
Commander (DCDR).
1.2.2. IAW with JROCM 038-18, joint CO capability requirements, regardless of Sponsor, are
submitted to the JS Gatekeeper, who coordinates with the USCYBERCOM Gatekeeper to determine
the appropriate Joint Staffing Designator (JSD) and document staffing route (i.e., CCIDS or JCIDS).
CCIDS is the deliberate staffing process used for the review and validation of CO capability
requirements, including associated capability gaps, and proposed materiel and/or non-materiel
capability solutions. CCIDS supports cyberspace capability requirements for DODIN operations,
UNCLASSIFIED
USCCI 8100-02
UNCLASSIFIED
3
defensive cyberspace operations (DCO), and offensive cyberspace operations (OCO) as defined
below.
1.2.2.1. Per Joint Publication (JP) 3-12, Cyberspace Operations, CO is the employment of
cyberspace capabilities where the primary purpose is to achieve objectives in or through
cyberspace. All actions in cyberspace that are not cyberspace-enabled activities are taken as part
of one of three cyberspace missions: DCO, OCO, or DODIN operations. Ordinary business
operations in and through cyberspace are “cyberspace-enabled activities” that comprise those
non-intelligence and non-warfighting capabilities, functions, and actions used to support and
sustain DOD forces and components.
1.2.3. CO capability requirements with a JSD of JCB Interest or Joint Information and assigned
to USCYBERCOM follow the CCIDS process, and are staffed through the Joint Staff Knowledge
Management/Decision Support (KM/DS) system on the SECRET Internet Protocol Network
(SIPRNET) (or the Top Secret/Sensitive Compartmented Information (TS/SCI) extension on the Joint
Worldwide Intelligence Communications System (JWICS)). Upload completed CO capability
requirement documents and associated decision memoranda to KM/DS for recordkeeping and
archive.
1.2.4. The USCYBERCOM Gatekeeper acts as the single collection point for internal
USCYBERCOM capability requirements and CO capability requirements assigned to
USCYBERCOM for document staffing.
1.2.5. The JS Gatekeeper may consider assigning a JSD of JROC Interest to initial and successor
documents authored by USCYBERCOM, when validation is expected to assign responsibility to a
Service. Staff CO capability requirement documents assigned a JSD of JROC Interest IAW the
JCIDS process.
1.2.6. All mandatory JCIDS certifications and endorsements for document packages assigned a
JSD of JROC Interest or JCB Interest are performed by the existing JS organizations assigned that
responsibility in CJCSI 5123.01 and the JCIDS Manual, Manual for the Operation of the Joint
Capabilities Integration and Development System (JCIDS). The document Sponsor is responsible for
the certifications and endorsements for Joint Information document packages.
1.2.7. Requirement Validation Boards.
1.2.7.1. The Cyber Requirements Evaluation Board (CREB) is the USCYBERCOM
equivalent of, and executes with the same authority as, a JS JCB when executing its authorities to
validate and prioritize CO capability requirements. The CREB supports the CDR’s
responsibilities to prioritize CO capability requirements and to ensure interoperability of the
cyberspace mission, and ensures that ongoing and future capability development efforts build the
capacity necessary to meet Commander’s Intent and align to operational plans and strategy. The
DCDR serves as the CREB Chair. The CREB reviews, validates, and prioritizes CO capability
requirements submitted from the subordinate USCYBERCOM led CCB.
1.2.7.2. The Cyber Capabilities Board (CCB) is the USCYBERCOM equivalent of, and
performs the same function as, a JS FCB when executing its responsibilities to review and
endorse CO capability requirements. The CCB operates one level below the CREB and advises
the CREB on CO capability requirements, and performs other activities at the direction of the
CREB Chair. The CCB reviews and provides recommendation to the CREB for higher-level
validation. Additionally, the CCB maintains awareness of progress toward satisfying validated
UNCLASSIFIED
USCCI 8100-02
UNCLASSIFIED
4
CO capability requirements and ensures requirement document changes and updates are
submitted in a timely manner. The Director of Capability and Resources Integration (J8) serves
as the CCB Chair.
1.2.7.3. The Cyber Capabilities Working Group (CCWG) operates one level below the
CCB and advises the CCB on CO capability requirements, and performs other activities at the
direction of the CCB Chair. The CCWG supports the initial review and assessment of CO
capability requirement documents and adjudicates any issues prior to review by the CCB. The
Chief, Cyber Requirements and Portfolio Management Division, J81, serves as the CCWG
Chair.
Note: See Enclosure 2 for the roles, responsibilities and functional detail of the CREB,
CCB, and CCWG.
1.3. Process Overview.
1.3.1. The CCIDS process starts with a Service, CCMD, Component Command, or Defense
Agency (Requirement/Document Sponsor) submission of a CO capability requirement document
package (herein document package) into the Joint Staff KM/DS system for endorsement and/or
validation (IAW JCIDS guidance). The USCYBERCOM Gatekeeper supports the JS Gatekeeper
initial document review and JSD assignment. The USCYBERCOM Gatekeeper is the point of entry
to coordinate CO capability requirements assigned for staffing through the CCIDS process. The
USCYBERCOM Gatekeeper supports and facilitates the entire document review and staffing process,
ensuring stakeholder visibility and transparency of CO capability requirements, documents and
issues. Once a requirement is validated through the CCIDS process, the USCYBERCOM Gatekeeper
provides the final version of the document package and associated validation memorandum to the JS
Gatekeeper, via KM/DS, to facilitate transparency across the Joint community.
Note: CO needs in support of existing or soon to be named operations, whose lack of a solution
would result in critical mission failure or loss of life, will be handled by the existing Joint Urgent
Operational Needs (JUON)/Joint Emerging Operational Needs (JEON) process of the JS.
1.4. Process Detail.
1.4.1. Requirement Initiation and CCIDS Process Entry.
1.4.1.1. CO capability requirement identification begins prior to entering the CCIDS
process outlined in Figure 1 below. The requirement Sponsor (USCYBERCOM, Service
Components, Cyber Mission Force Teams, Services, CCMDs, other DOD Components and
Agencies) conducts various types of assessments, to include if necessary, Capabilities-Based
Assessments or other studies to assess needs/requirements, associated capability gaps and risks.
Lessons learned, as identified as part of the Joint Lessons Learned Program, may also serve to
identify requirements and associated capability gaps. In the case of urgent or emergent
operational needs, the scope of the assessment may be reduced to process the requirements in a
timely manner.
1.4.1.2. CO capability requirements must be traceable to an organization’s roles,
responsibilities and missions, Service and Joint concepts, and described in terms of tasks,
standards, and conditions. Associated capability gaps must be assessed relative to capabilities
fielded or in development across the Joint Force, and not just those organic to an organization.
UNCLASSIFIED
USCCI 8100-02
UNCLASSIFIED
5
Figure 0. CCIDS Process Overview
1.4.1.3. Sponsors submit document packages into KM/DS. For document packages
developed by USCYBERCOM or submitted to USCYBERCOM, the USCYBERCOM
Gatekeeper coordinates transfer of the document package into KM/DS to initiate document
review and JSD assignment.
1.4.2. Gatekeeper Review.
1.4.2.1. The document review and staffing process ensures stakeholders have visibility
into proposed new CO capability requirements or changes to previously validated CO capability
requirements, and can track the status of requirements through the validation process. This
visibility enables Sponsors to benefit from stakeholder inputs as they refine their CO capability
requirements, ensuring that new or modified CO capability requirements are compatible with,
and collectively provide the best value to, the Joint Cyber Force.
1.4.2.2. The JS and USCYBERCOM Gatekeepers review the document package for
compliance with JCIDS formats and inclusion of applicable supporting content. The JS or
USCYBERCOM Gatekeeper may coordinate with the Sponsor for corrections or required
information prior to staffing. The Gatekeeper may update documents with easily corrected
discrepancies or allow the document to enter staffing as written, if the discrepancy is a minor
formatting error.
UNCLASSIFIED
USCCI 8100-02
UNCLASSIFIED
6
1.4.2.3. The USCYBERCOM Gatekeeper coordinates with the JS Gatekeeper to obtain a
JSD of JCB Interest or Joint Information and assignment of the document package to
USCYBERCOM.
1.4.3. CCIDS Staffing Process.
1.4.3.1. The CCIDS process encompasses CO capability requirements that are: a) not
fulfilled within the scope of the current year funds execution; b) naturally aligned to existing
programs of record, which do not have requirement(s) documented in existing approved JCIDS
documents; or c) will naturally flow into traditional JCIDS defined capability development.
Close collaboration between requirements and acquisition communities is key to leveraging
knowledge gained early in the process to enable the development of achievable, risk informed,
capability requirements as well as effective decision making about effective cost, performance,
schedule, and quantity trade-offs.
1.4.3.2. Identification of significant capability gaps typically leads to the development of a
JCIDS defined document (i.e., Initial Capabilities Document (ICD); Information System ICD
(IS-ICD); Capability Development Document; and/or Doctrine, Organization, Training, materiel,
Leadership and Education, Personnel, Facilities, and Policy ((DOTmLPF-P) Change Request
(DCR)) that can then drive development of capability solutions that are materiel, non-materiel, or
a combination of both. When assigned to USCYBERCOM, these traditional JCIDS defined
document packages will be staffed through the CCIDS process following the construct and
staffing timelines outlined in JCIDS to include staffing, review and validation, enabling tradeoffs
and prioritization within or between capability requirement portfolios.
1.4.3.3. For document packages assigned to USCYBERCOM, the USCYBERCOM
Gatekeeper coordinates with the CCWG Chair to assign the document package to a
USCYBERCOM Action Officer (AO) who coordinates review and formal staffing with the
CCWG members and Subject Matter Experts (SMEs) as required. Document staffing will be
coordinated via KM/DS, and the USCYBERCOM Workflow Management System (WMS),
when Command SME engagement is required. The AO provides the Sponsor with CCWG
comments for adjudication and document revision as appropriate. The AO verifies comment
adjudication, ensure all required certifications and endorsements for document packages have
been provided or are on track, and prepare the CCWG brief.
1.4.3.4. The CCWG reviews revised documents and Sponsor’s adjudication of comments.
The CCWG is the forum for identifying and discussing divergent stakeholder views. While
consensus is not required to recommend a requirement proceed forward to the next level of
review, all dissenting views will be captured and briefed to inform the CCB. The CCWG assists
the Chair in reaching a recommendation for the CCB.
1.4.3.5. The CCB evaluates, endorses, prioritizes, and validates (subject to CREB
delegation) CO capability requirements. The CCB considers the CCWG recommendations as
well as any unresolved dissenting stakeholder views or issues. The CCWG AO introduces the
CO capability requirement and the Sponsor SME presents the requirement to the CCB.
1.4.3.6. Document packages that require further review and validation are forwarded to the
CREB. The CCB Chair briefs the CREB with any related comments for discussion, along with a
recommendation for validation. The Sponsor or delegated SME may be present to answer
UNCLASSIFIED
USCCI 8100-02
UNCLASSIFIED
7
questions of a technical nature but do not brief assessments, issues, or recommendations on
behalf of the CCB Chair.
1.4.3.7. The CREB reviews and validates CO capability requirements, and provides
assessment of reviews /adjustments on decisions from the CCB. The CREB supports the CDR’s
responsibilities to prioritize capability requirements and ensure the interoperability of the CO
force. Note: The Sponsor is responsible for addressing interoperability IAW JCIDS guidance.
1.4.3.8. The CREB Chair participates in JCB and JROC reviews when CO capability
requirements are assigned a JSD of JROC Interest. The Vice Chairman of the Joint Chiefs of
Staff serves as the JROC Chair.
1.4.3.9. Output. After document package review and validation, a USCYBERCOM
requirement validation memorandum is prepared for the CREB Chair (CCB Chair if authority
delegated by the CREB Chair) documenting the final validation decision to include any follow-
on actions and recommendations. The USCYBERCOM Gatekeeper retains the final version of
the CO capability requirement documentation, briefings and associated validation
memorandums. The USCYBERCOM Gatekeeper uploads a copy of the final document package
(including associated supporting content and validation memorandum) to KM/DS for records
management and facilitate transparency across the Joint community.
UNCLASSIFIED
USCCI 8100-02
UNCLASSIFIED
8
ENCLOSURE 2
2. Boards and Working Groups.
2.1. Cyber Requirements Evaluation Board (CREB).
2.1.1. Role. The CREB is the USCYBERCOM equivalent of, and performs the same authority
as, a JCB, IAW independent validation authorities identified in CJCSI 5123.01 Series.
2.1.1.1. The CREB is the validation authority for CO capability requirement documents
(document packages) assigned to USCYBERCOM with a JSD of JCB Interest or Joint
Information; and reviews and endorses document packages and adjudication of lower level issues
prior to validation.
2.1.1.2. The CREB advises the CDR and serves as the CCIDS process owner and
regulatory council to the validation authority for CO capability requirements. The CREB is
responsible for managing and approving CO capability requirements and provides validation
that:
2.1.1.2.1. Requirements and proposed capability time lines for CO capability
solutions meet the needs of the cyber force.
2.1.1.2.2. Requirements address the priorities of the joint force and do not
represent unnecessary redundancy in capabilities.
2.1.1.2.3. Capability solutions have had appropriate consideration of tradeoffs
between life cycle costs, schedule, risk, and performance and production quantities.
2.1.1.2.4. Estimated total cost of resources required to satisfy the CO capability
requirement are consistent with the priority of the capability requirement.
2.1.1.2.5. Requiring organizations have adequately addressed DOTmLPF-P issues
that could affect the requirement.
2.1.2. Chair. The DCDR serves as the CREB Chair and validation authority for CO capability
requirements. CREB Chair duties include, but are not limited to the following:
2.1.2.1. Validates document packages assigned to USCYBERCOM with a JSD of JCB
Interest or Joint Information.
2.1.2.2. Attends or designates a representative to JROC meetings with topics related to CO
capability requirements.
2.1.2.3. Coordinates oversight of the CCIDS process.
2.1.2.4. Nominates CO capability requirements and other issues requiring JCB or JROC
review.
2.1.3. Secretary. The Director, J8 serves as the CREB Secretary. Duties include, but are not
limited to the following:
2.1.3.1. Serves as principal advisor to the CREB on requirements, resources, and strategic
assessment issues.
UNCLASSIFIED
USCCI 8100-02
UNCLASSIFIED
9
2.1.3.2. Supports the CREB Chair in executing CREB responsibilities, including liaison
with the CDR, USCYBERCOM directorates, JS J-8, the Services, DOD agencies, Service
Components.
2.1.3.3. Approves topics for CREB consideration and advises on issues requiring CREB
review.
2.1.3.4. Directs analysis of unresolved issues identified by CCB members for presentation
and adjudication by the CREB Chair.
2.1.3.5. Conducts CREB pre-briefs to ensure topics presented facilitate robust discussion
and CREB decision making.
2.1.3.6. Provides necessary continuity and point of contact to the JS for CREB matters.
2.1.3.7. Elevates, as required, CO capability requirements eligible for or requiring JCB or
JROC review.
2.1.4. Members.
2.1.4.1. The CREB is comprised of general or flag officers, or government civilian
equivalents, from the Services, selected Office of the Secretary of Defense (OSD) directorates,
the JS, and selected DOD Agencies (see Table 1).
2.1.4.2. CREB members are designated by their respective organization. These
individuals should be representatives with significant decision-making authorities over
requirements and can speak on behalf of their respective organization with respect to resources
associated with CO capability requirements validated at the JCB level.
2.1.4.3. CREB membership is by position and may be delegated to individuals authorized
by the CREB member to speak on their behalf.
2.1.4.4. CREB Members participate in all CREB activities.
2.1.4.5. In addition to requests by the CREB Chair, CCMD representatives are highly
encouraged to participate in the CREB when matters related to the area of responsibility or
function of that command will be under consideration by the CREB. Commanders of the
respective CCMDs designate their representative to the CREB.
2.1.5. Members Responsibilities.
2.1.5.1. Advise and assist the CREB Chair on issues within assigned area of
responsibilities and expertise for each document package submitted for CREB review.
2.1.5.2. Review recommendations, endorsements and comment or issue adjudication from
the CCB to assist the CREB Chair in reaching a decision or recommendation.
2.1.5.3. Nominate topics for consideration and advises on issues requiring JCB or JROC
review.
2.1.5.4. Establish priorities for CO capability requirements. Ensure interoperability of
equipment.
2.1.5.5. Perform other duties as assigned to support CREB Chair.
UNCLASSIFIED
USCCI 8100-02
UNCLASSIFIED
10
Board Members Board Advisors
USCYBERCOM DCDR, Chair USCYBERCOM
Air Force OSD/Policy
Army OSD/Intelligence
Navy OSD/Acquisition & Sustainment (A&S)
Marine Corp OSD/Research & Engineering (R&E)
Coast Guard OSD/Comptroller
DIA OSD/Cost Assessment and Program Evaluation
(CAPE)
DISA DOD/CIO
NSA CCMD Representatives
PCA AFCYBER
Joint Staff ARCYBER
FLTCYBER
MARFORCYBER
CGCYBER
National Guard Bureau
Table 1. CREB Members and Advisors
2.1.6. Advisors. CREB Advisors (see Table 1) contribute expertise on issues that address
present or future joint warfighting capabilities. Expertise from outside the CREB membership is
essential to robustly review and validate capability requirements. Organizations are encouraged to
provide their advice to the CREB through delegates from their respective organizations.
2.1.7. Secretariat. The Cyber Requirements Process Management Branch, J812, serves as the
CREB Secretariat, and performs CREB administrative duties as directed by the CREB Secretary.
Duties include, but are not limited to the following:
2.1.7.1. Develops the agenda and calls the CREB meetings, organizes CREB work,
provides protocol support, and ensures prompt prosecution of CREB business.
2.1.7.2. Updates the Joint Staff KM/DS system with CREB schedules and presentations.
2.1.7.3. Releases CREB agenda and read-ahead materials not less than 72 hours prior to
the scheduled meeting.
2.1.7.4. Coordinates the actions of the CREB members in their support to the CREB
Chair.
2.1.7.5. Schedules briefings by Services, CCMDs, and other DOD components on issues
that may require CREB resolution or recommendation.
2.1.7.6. Appoints a CREB recorder to document and maintain CREB minutes for
historical records.
2.1.7.7. Posts CREB meeting minutes and actions no later than five (5) business days after
scheduled CREB meeting.
2.1.7.8. Documents decisions and recommendations through CREB memorandums.
2.1.7.9. Develops and establishes CREB administrative procedures.
UNCLASSIFIED
USCCI 8100-02
UNCLASSIFIED
11
2.1.8. Battle Rhythm. Scheduled not less than monthly, or more frequently as needed to
accomplish objectives.
2.1.9. Information Availability and Releasability.
2.1.9.1. The CREB Secretary is the approval authority for release of all official
information and documents associated with CREB recommendations and decisions to the JS J8
in response to Congressional defense committees, as needed, or in response to a Government
Accountability Office (GAO) or DOD Inspector General inquiry.
2.1.9.2. Sponsors shall not release a CO capability requirement document or any other
product resulting from execution of the USCYBERCOM CCIDS process in support of GAO
inquiry or in response to a request from a Congressional committee. Sponsors should forward all
GAO, DOD IG, or Congressional committee requests for information to the USCYBERCOM J8
who will coordinate with USCYBERCOM Legislative Affairs when required.
2.1.9.3. The CREB Secretariat maintains all minutes, presentations and memoranda
associated with CREB activities. CREB minutes will be accessible via KM/DS and the
USCYBERCOM CCIDS web portal (website urls referenced in Attachment 1).
2.1.9.4. Validated CREB document packages classified at the level of SECRET or below
are available through KM/DS on SIPRNET. Contact the JS Gatekeeper for access to validated
CREB document packages classified above SECRET or protected by Special Access
Program/Special Access Required (SAP/SAR).
2.2. Cyber Capabilities Board (CCB).
2.2.1. Role. The CCB is the USCYBERCOM equivalent of, and having the same authority as, a
FCB IAW independent validation authorities identified in the CJCSI 5123.01 Series.
2.2.1.1. The CCB operates one level below the CREB and advises the CREB on issues
within and across the CO capability requirement portfolio. The CCB reviews and endorses
document packages assigned to USCYBERCOM with a JSD of JCB Interest or Joint Information
prior to review by the CREB, reviews and validates document packages with a JSD of Joint
Information, and reviews and assesses document packages and adjudication of issues from the
CCWG.
2.2.1.2. The CCB evaluates and prioritizes CO capability requirements based on existing
and anticipated CO capability gaps. The CCB, and other stakeholders, maintain awareness of
progress toward satisfying validated CO capability requirements and assess potential changes to
programs or timelines for their impact to the CO capability portfolio.
2.2.1.3. The CCB is the forum for identifying and discussing divergent stakeholder views.
IAW JCIDS, adjudicate comments pertaining to documents with a JSD of JCB Interest assigned
to CCIDS to the satisfaction of the CCB Chair (on behalf of the validation authority- CREB).
Note: Complete comment adjudication related to joint certifications and endorsements to
the satisfaction of the certifying or endorsing organization. Additionally, at any time the JROC
can elevate the adjudication of a comment that pertains to a performance requirement if the
Chairman of the Joint Chiefs of Staff determines it should be reviewed IAW 10 USC§181(b)(5).
UNCLASSIFIED
USCCI 8100-02
UNCLASSIFIED
12
2.2.2. Chair. The Director, J8 serves as the CCB Chair. CCB Chair duties include, but are not
limited to the following:
2.2.2.1. Supports the CREB in executing CREB responsibilities, including liaison with the
Services, CCMDs, and other DOD Components.
2.2.2.2. Speaks for the CCB and provides CCB recommendations and portfolio
assessments to the CREB, and other departmental forums.
2.2.2.3. Conducts CREB pre-briefs to ensure topic presented facilitate robust discussion
and CREB decision making.
2.2.2.4. Participates in FCB General Officer/Flag Officer Integration Group meetings.
2.2.2.5. Participates in FCB meetings with CO capability requirement topics on the agenda
to ensure USCYBERCOM and CCIDS equities are expressed.
2.2.2.6. Maintains awareness of SAP/SAR protected efforts that affect the CO capability
requirements portfolio.
2.2.2.7. Determines CCWG composition.
2.2.2.8. Determines additional CCB membership when/if necessary, and ensures
appropriate SMEs from JS and stakeholder organizations have reviewed and provided input on
topics prior to review by the CCB.
2.2.2.9. Recommends alternative requirements to provide best value to the CO capability
portfolio.
2.2.3. Secretary. The Chief, J81 serves as the CCB Secretary. Duties include, but are not
limited to the following:
2.2.3.1. Serves as principal advisor to CCB on requirements, resources, and strategic
assessment issues.
2.2.3.2. Supports the CCB Chair in executing CCB responsibilities, including liaison with
the DCDR, JS J-8, the Services, DOD agencies, Service Components.
2.2.3.3. Approves topics for CCB consideration and advises on issues requiring CCB
review.
2.2.3.4. Directs analysis of unresolved issues identified by CCWG members for
presentation and adjudication by the CCB Chair.
2.2.3.5. Conducts CCB pre-briefs to ensure topic presented facilitates robust discussion
and CCB decision making.
2.2.3.6. Elevates, as required, CO capability requirement documents eligible for or
requiring CREB review.
2.2.4. Members.
2.2.4.1. The CCB is comprised of representatives in the grade of O-6, or government
civilian equivalent, from the Services, selected OSD directorates, the JS, and selected DOD
Agencies (see Table 2).
UNCLASSIFIED
USCCI 8100-02
UNCLASSIFIED
13
2.2.4.2. CCB members are designated by their respective organization. These individuals
should be representatives with significant decision-making authorities over requirements and can
speak on behalf of their respective organization with respect to resources associated with CO
capability requirement validated at the FCB level.
2.2.4.3. CCB membership is by position and may be delegated to individuals authorized
by the CCB member to speak on their behalf.
2.2.4.4. CCB Members participate in all CCB activities.
2.2.4.5. In addition to requests by the CCB Chair, CCMD representatives are highly
encouraged to participate in the CCB when matters related to the area of responsibility or
function of that command will be under consideration by the CCB. Commanders of the
respective command designate their CCMD representative to the CCB.
2.2.5. Members Responsibilities.
2.2.5.1. Advise and assist the CCB Chair on issues within assigned area of responsibilities
and expertise for each CO capability requirement document submitted for CCB review.
2.2.5.2. Assist the CCB Chair in reaching a recommendation for the CREB.
2.2.5.3. Advise and assist Sponsors during review, validation, and if necessary revision of
document packages within assigned area of responsibilities and expertise.
2.2.5.4. Review and assesse document packages and adjudication of lower level issues.
2.2.5.5. Support and assign appropriate subject matter expertise to assist with CCB
reviews.
2.2.5.6. Perform other duties as assigned to support CCB Chair and CCIDS
execution/implementation.
2.2.6. Advisors. CCB Advisors (see Table 2) contribute expertise on issues that address present
or future joint warfighting capabilities. Expertise from outside the CREB membership is essential to
robustly review and validate capability requirements. Organizations are encouraged to provide their
advice to the CREB through delegates from their respective organizations.
2.2.7. Secretariat. The J812 serves as the CCB Secretariat, and performs CCB administrative
duties as directed by the CCB Secretary. Duties include, but are not limited to the following:
2.2.7.1. Develops the agenda and calls the CCB meetings, organizes CCB work, and
ensures prompt prosecution of CCB business.
2.2.7.2. Updates KM/DS with CCB schedules and presentations.
2.2.7.3. Releases CCB agenda and read-ahead materials not less than 72 hours prior to the
scheduled meeting.
2.2.7.4. Coordinates the actions of the CCB members in their support to the CCB Chair.
2.2.7.5. Schedules briefings by Services, CCMDs, and other DOD components on issues
that may require CREB resolution or recommendation.
UNCLASSIFIED
USCCI 8100-02
UNCLASSIFIED
14
Board Members Board Advisors
USCYBERCOM Dir J8, Chair USCYBERCOM
Air Force OSD/Policy
Army OSD/Intelligence
Navy OSD/A&S
Marine Corp OSD/R&E
Coast Guard OSD/Comptroller
DIA OSD/Cost Assessment and Program Evaluation
(CAPE)
DISA DOD/CIO
NSA CCMD Representatives
PCA AFCYBER
Joint Staff ARCYBER
FLTCYBER
MARFORCYBER
CGCYBER
National Guard Bureau
Table 2. CCB Members and Advisors
2.2.7.6. Appoints a CCB recorder to document and maintain CCB minutes for historical
records.
2.2.7.7. Posts CREB meeting minutes and actions not later than five (5) business days
after scheduled CREB meeting.
2.2.7.8. Documents decisions and recommendations through CCB memorandums.
2.2.7.9. Develops and establishes CCB administrative procedures.
2.2.7.10. Provides records management and archiving of all CCIDS Boards minutes and
validated document packages and revisions.
2.2.8. Battle Rhythm. Scheduled not less than twice monthly, or more frequently as needed to
accomplish objectives.
2.2.9. Information Availability and Releasability.
2.2.9.1. The CCB Secretariat maintains all minutes, presentations and memoranda
associated with CCB activities. CCB minutes will be accessible via KM/DS and the
USCYBERCOM CCIDS web portal (website urls referenced in Attachment 1).
2.2.9.2. Validated CCB documents classified at the level of SECRET or below are
available through the KM/DS on SIPRNET. Contact the JS Gatekeeper for access to validated
CCB document packages classified above SECRET or protected by SAP/SAR.
2.3. Cyber Capability Working Group (CCWG).
2.3.1. Role. The CCWG operates one level below the CCB and advises the CCB on issues
within the CO capability portfolio. Establishment of the CCWG is at the discretion of the CCB Chair
to carry out the responsibilities of the CCB. The CCWG provides initial review and assessment of
CO capability requirements and issues prior to review by the CCB.
UNCLASSIFIED
USCCI 8100-02
UNCLASSIFIED
15
2.3.2. Chair. The Chief J81 serves as the CCWG Chair and is the review and endorsement
authority for CO deliberate capability requirements. CCWG Chair duties include, but are not limited
to the following:
2.3.2.1. Supports the CCB in executing CCB and CREB responsibilities.
2.3.2.2. Assists the CCB Chair in managing the CO capability requirements portfolio.
2.3.2.3. Oversees CCWG meetings and coordinates working group actions.
2.3.2.4. Maintains awareness of SAP/SAR protected efforts that affect the CO capability
requirements portfolio.
2.3.2.5. Conducts CCB pre-briefs to ensure topic presented facilitates robust discussion
and CCB decision making.
2.3.2.6. Determines CCWG composition.
2.3.2.7. Determines additional CCWG membership when/if necessary, and ensuring
appropriate SME from stakeholder organizations have reviewed and provided input on topics
under review by the CCB.
2.3.2.8. Assigns an AO to lead review/staffing of the document package.
2.3.2.9. Participates in FCB O-6 Integration Group meetings.
2.3.3. Members.
2.3.3.1. The CCWG is comprised of military, civilian, or contractor support SMEs in the
grade of O5-O6 or government civilian equivalent, from the Services, CCMDs, selected OSD
directorates, JS, and selected DOD Agencies with equities in the CO capability requirement
portfolio.
2.3.3.2. CCWG members are designated by their respective organization. Each
organization ensures its respective representative has subject matter expertise on matters brought
before the CCWG. These individuals should be authorized by their CCB member to speak on
behalf of their respective organization.
2.3.3.3. CCWG Members participate in all CCWG activities.
2.3.3.4. SMEs from USCYBERCOM or other stakeholder organizations may be requested
to participate in documentation review.
2.3.4. Members Responsibilities.
2.3.4.1. Advise and assist the CCWG Chair on issues within assigned area of
responsibilities and expertise for each CO capability requirement document submitted for
CCWG review.
2.3.4.2. Provide initial review and assessment of document packages and issues prior to
review by the CCB.
2.3.4.3. Support and assign appropriate subject matter expertise to assist with CCWG
reviews.
UNCLASSIFIED
USCCI 8100-02
UNCLASSIFIED
16
2.3.4.4. Perform other duties as assigned to support CCB Chair and CCIDS
execution/implementation.
2.3.5. Action Officer.
2.3.5.1. Advises and assists Sponsors during review, validation, and if necessary revision
of CO capability requirement documents within assigned area of responsibilities and expertise.
2.3.5.2. Coordinates CCWG document-staffing actions, to include verification of
comment adjudication, and ensures required document package certifications and endorsement
(e.g., mandatory Key Performance Parameters, minimum threshold values) have been provided
or are on track.
2.3.5.3. Provides the Sponsor with CCWG comments, including those of appropriate
SMEs, for adjudication and document revision as appropriate.
2.3.5.4. Confirms CCWG context briefings and sponsor issue presentations are reviewed
and prepared appropriately for the CCWG and CCB.
2.3.6. Secretariat. The J812 serves as the CCWG Secretariat, and performs CCWG
administrative duties as directed by the CCWG Chair. Duties include but are not limited to the
following:
2.3.6.1. Develops the agenda and calls the CCWG meetings, organizes CCWG work, and
ensures prompt prosecution of CCWG business.
2.3.6.2. Coordinates the actions of the CCWG members in their support to the CCWG
Chair.
2.3.6.3. Appoints a CCWG recorder to document and maintain CCWG minutes for
historical records.
2.3.6.4. Documents decisions and recommendations through CCWG minutes.
2.3.6.5. Develops and establishes CCWG administrative procedures.
2.3.7. Battle Rhythm. Scheduled weekly or more frequently as needed to accomplish
objectives.
2.4. Gatekeeper.
2.4.1. Gatekeeper Role. The Gatekeeper’s assigned day-to-day coordination of CO capability
requirements and provides the single point of entry into and release from the CCIDS process as
outlined in this Instruction. The Chief, J81 implements the responsibilities of the Gatekeeper.
2.4.2. Gatekeeper Assignment. The Chief, J81 assigns the AO to lead and manage the
USCYBERCOM Gatekeeper function.
2.4.3. Gatekeeper Responsibilities.
2.4.3.1. Serves as the single point of entry for coordination of CO capability requirement
documents to include revisions that require CCIDS endorsement, validation, or coordination
IAW this Instruction.
UNCLASSIFIED
USCCI 8100-02
UNCLASSIFIED
17
2.4.3.2. Facilitates communications and coordination with the JS Gatekeeper, Sponsor and
stakeholder principals.
2.4.3.3. Coordinates requests for assignment of JSD with the JS Gatekeeper.
2.4.3.4. Coordinates the staffing of JS delegated CO capability requirement documents via
KM/DS.
2.4.3.5. Submits validated document packages and revisions (including associated
supporting content and validation memorandum) to KM/DS within 14 days of validation.
2.4.3.6. Monitors progress of efforts toward fielding capability solutions.
2.4.3.7. Coordinates with JS Gatekeeper for status on progress of efforts towards fielding
CO capability solutions for JUONs and JEONs with USCYBERCOM equities and
communicates that status to organizations with equities within USCYBERCOM.
2.4.3.8. Manages requirements dashboard and associated J8 portal sites used to support the
CCIDS process and associated board and working group activities.
2.4.3.9. Generates metrics related to CCIDS processes and incorporates into requirements
dashboard. Conducts annual review of DCR implementation.
UNCLASSIFIED
USCCI 8100-02
UNCLASSIFIED
18
ATTACHMENT 1
Glossary of References and Supporting Information
References
10 USC§167b, Unified combatant command for cyber operations
10 USC§181, Joint Requirements Oversight Council
Department of Defense Dictionary of Military and Associated Terms, November 2018
DODD 5113.13, Assistant Secretary of Defense for Homeland Defense and Global Security
(ASD(HD&GS)), 23 March 2018
DODI 8330.01, Interoperability of Information Technology (IT), Including National Security Systems
(NSS), 21 May 2014
JP 3-0, Joint Operations, 17 January 2017, incorporating Change 1, 22 Oct 2018
JP 3-12, Cyberspace Operations, 8 June 2018
JP 6-0, Joint Communications System, 10 June 2015
CJCSI 5123.01H, Charter of the Joint Requirements Oversight Council (JROC) and Joint Capabilities
Integration and Development System (JCIDS) Implementation, 31 August 2018
Joint Requirements Oversight Council Memorandum (JROCM) 038-18, National Defense Authorization
Act for Fiscal Year 2017 Section 923 Delegation of Authority for Cyberspace Capabilities to United
States Cyber Command, 20 April 2018
JCIDS Manual, Manual for the Operation of the Joint Capabilities Integration and Development System
(JCIDS), 31 August 2018
Websites
KM/DS web portal url. On SIPRNET – https://jroc.mdsbpm.js.smil.mil/bizflow/bizindex.jsp
USCYBERCOM CCIDS web portal url.
On SIPRNET – https://intelshare.intelink.sgov.gov/sites/uscybercom/ccids/sitepages/home.aspx
On JWICS – https://uscybercom.sp.web.nsa.ic.gov/sites/cybernet/j8/ccids/sitepages/home.aspx
UNCLASSIFIED
USCCI 8100-02
UNCLASSIFIED
19
Acronyms
AO Action Officer
CCIDS Cyber Capabilities Integration & Development System
CCB Cyber Capabilities Board
CCMD Combatant Command
CCWG Cyber Capabilities Working Group
CDR Commander
CJCSI Chairman Joint Chiefs of Staff Instruction
CO Cyberspace Operations
CREB Cyber Requirements Evaluation Board
DCDR Deputy Commander
DCR DOTmLPF-P Change Requests
DOD Department of Defense
DODD Department of Defense Directive
DODI Department of Defense Instruction
DODIN Department of Defense Information Network
DOTmLPF-P Doctrine, Organization, Training, Materiel, Leadership and Education,
Personnel, Facilities, and Policy
FCB Functional Capabilities Board
GAO Government Accountability Office
IAW in accordance with
ICD Initial Capabilities Documents
JEON Joint Emergent Operational Needs
JP Joint Publication
JROC Joint Requirements Oversight Council
JROCM Joint Requirements Oversight Council Memorandum
JS Joint Staff
JSD Joint Staffing Designator
JUON Joint Urgent Operational Needs
JWICS Joint Worldwide Intelligence Communications System
KM/DS Knowledge Management/Decision Support
OSD Office of the Secretary of Defense
PCA Principal Cyber Advisor
SAP Special Access Program
SAR Special Access Required
SME Subject Matter Expert
USC United States Code
USCYBERCOM United States Cyber Command
Definitions
Capability. The ability to complete a task or execute a course of action under specified conditions and
level of performance. (SOURCE: DOD Dictionary of Military and Associated Terms)
Capability Gap. The inability to meet or exceed a capability requirement, resulting in an associated
operational risk until closed or mitigated. The gap may be the result of no fielded capability, lack of
UNCLASSIFIED
USCCI 8100-02
UNCLASSIFIED
20
proficiency or sufficiency in a fielded capability solution, or the need to replace a fielded capability
solution to prevent a future gap. (SOURCE: CJCSI 5123.01H)
Capability Requirement. A capability required to meet an organization’s roles, functions, and
missions in current or future operations. To the greatest extent possible, capability requirements are
described in relation to tasks, standards, and conditions IAW the Universal Joint Task List or equivalent
DOD component task list. If a capability requirement is not satisfied by a capability solution, then there
is also an associated capability gap. A requirement is considered to be “draft” or “proposed” until
validated by the appropriate authority. (SOURCE: CJCSI 5123.01H)
Capability Requirements Document. Any document used to articulate either deliberate or
urgent/emergent capability requirements and associated information pertinent to review and validation.
(SOURCE: CJCSI 5123.01H)
Capability Solution. A materiel solution or non-materiel solution to satisfy one or more capability
requirements and reduce or eliminate one or more capability gaps. (SOURCE: CJCSI 5123.01H)
Cyberspace. A global domain within the information environment consisting of the interdependent
networks of information technology infrastructures and resident data, including the Internet,
telecommunications networks, computer systems, and embedded processors and controllers. (SOURCE:
JP 3-12).
Cyberspace Capability. A device or computer program, including any combination of software,
firmware, or hardware, designed to create an effect in or through cyberspace. (SOURCE: JP 3-12)
Cyberspace Operations (CO). The employment of cyberspace capabilities where the primary purpose
is to achieve objectives in or through cyberspace. [Note: CO are categorized as either cyberspace-
enabled activities, which are the routine uses of cyberspace to accomplish assigned military duties, or
one of three CO missions: DODIN operations, defensive cyberspace operations (DCO), offensive
cyberspace operations (OCO), categorized by the intent of the commander issuing the mission order.]
(SOURCE: JP 3-12)
Document Sponsor. The organization submitting a capability requirement document. Solution
sponsors for successor documents-Capability Development Documents (CDDs), Information Systems –
CDDs (IS-CDDs), and Joint DOTmLPF-P Change Recommendations (Joint DCRs) - may be different
from the Requirement Sponsors for initial documents- Initial Capabilities Documents (ICDs),
Information Systems – ICDs (IS-ICDs), Urgent Operational Needs (UONs), Joint UONs (JUONs), and
Joint Emergent Operational Needs (JEONs). Different Sponsors for requirements and solutions can
occur when the initial document Sponsor does not have acquisition authority and a different organization
is designated to develop and field a capability solution, or when one Sponsor elects to leverage a
validated document generated by a different Sponsor. (SOURCE: JCIDS Manual)
Interoperability.
1. The ability to act together coherently, effectively, and efficiently to achieve tactical, operational, and
strategic objectives. (JP 3-0)
2. The condition achieved among communication-electronics systems or items of communications-
electronics equipment when information or services can be exchanged directly and satisfactorily
between them and/or their users. (JP 6-0)
UNCLASSIFIED
USCCI 8100-02
UNCLASSIFIED
21
3. The ability of systems, units, or forces to provide data, information, materiel, and services to, and
accept the same from, other systems, units, or forces, and to use the data, information, materiel, and
services exchanged to enable them to operate effectively together. Information Technology
interoperability includes both the technical exchange of information and the end-to-end operational
effectiveness of that exchange of information as required for mission accomplishment. Interoperability
is more than just information exchange. It includes systems, processes, procedures, organizations, and
mission over the life cycle and must be balanced with cybersecurity (formerly Information Assurance).
(DODI 8330.01)
Joint. Connotes activities, operations, organizations, etc., in which elements of two or more Military
Departments participate. (SOURCE: DoD Dictionary of Military and Associated Terms) [Note that
this definition of “joint” is applicable to capability requirements documents and capability solutions,
which apply to more than one DoD component. (SOURCE: CJCSI 5123.10H)]
Joint Staffing Designator (JSD). Sets the staffing path and timeline for a requirement document and
identifies the validation authority. To maximize speed and flexibility in the JCIDS process, JSDs will be
set at the lowest level in which the joint equities are addressed. JSDs may be changed during active
staffing, but will not be revisited for a subsequent submission of the same document unless the lead FCB
submits a request for JSD change to the Joint Staff Gatekeeper. (SOURCE: JCIDS Manual)
Materiel (Capability Solution). All items (including ships, tanks, self-propelled weapons, aircraft, etc.,
and related spares, repair parts, and support equipment, but excluding real property installations, and
utilities) necessary to equip, operate, maintain, and support military activities without distinction as to its
application for administrative or combat purposes. (SOURCE: DoD Dictionary of Military and
Associated Terms)
materiel (Capability Solution). The letter “m” in the acronym is usually lower case since Joint DCRs
do not advocate new materiel development, but rather advocate identification of materiel items, systems,
or equipment needed to support the required capability increased quantities, modifications,
improvements, or alternate applications of existing materiel or the purchase of Commercial Off-The-
Shelf (COTS), Government Off-The-Shelf (GOTS), or Non-Development Items (NDI). Sometimes
referred to as “little m” materiel, the materiel (DOTmLPF-P) consideration is everything necessary to
equip DoD forces to operate effectively. Materiel includes ships, tanks, self-propelled weapons, aircraft,
related spares, repair parts, and support equipment, but excludes real property, installations, and utilities.
(SOURCE: JCIDS Manual)
Non-materiel (Capability Solution). Changes to doctrine, organization, training, (fielded) materiel,
leadership and education, personnel, facilities, and/or policy, implemented to satisfy one or more
capability requirements (or needs) and reduce or eliminate one or more capability gaps, without the need
to develop or purchase new materiel capability solutions. (SOURCE: DoD Dictionary of Military and
Associated Terms)
Principal Cyber Advisor (PCA). The Principal Cyber Advisor (PCA) for USCYBERCOM, designated
by the Secretary of Defense, provides direction and control for the administration and support of
USCYBERCOM, including matters related to readiness and organization of assigned forces, equipment
and resources peculiar to cyber operations and civilian personnel consistent with Section 923 of NDAA
2014, and 10 USC§167b. (SOURCE: DODD 5113.13).
Requirement. See Capability Requirement.
Requirement Sponsor. See Document Sponsor.
UNCLASSIFIED
USCCI 8100-02
UNCLASSIFIED
22
Solution Sponsor. See Document Sponsor.
Sponsor. See Document Sponsor.
Validation. The review and approval of capability requirement documents by a designated validation
authority. The JROC is the ultimate validation authority for capability requirements unless otherwise
delegated to a subordinate board or to a designated validation authority in a Service, CCMD, or other
DOD component. (SOURCE: CJCSI 5123.01H) NOTE: The CREB serves as the CCIDS regulatory
council to the validation authority for CO deliberate capability requirements within USCYBERCOM.
(SOURCE: CJCSI 5123.01H)
Validation Authority. The designated authority for validation of JCIDS capability requirement
documents. The JROC is the ultimate validation authority for capability requirements unless otherwise
delegated to a subordinate board or to a designated validation authority in a Service, CCMD, or other
DOD component. The validation authority is dependent on the JSD of the document. (SOURCE: JCIDS
Manual) NOTE: The DCDR is the validation authority for capability requirements within
USCYBERCOM.