Joint Military Operations

Command, control, communications, computers, and intelligence (C4I) systems relay critical information to U.S. forces during joint operations. For these joint operations to succeed, C4I systems must be "interoperable"--capable of exchanging information and operating effectively together. To ensure interoperability, the Defense Information Systems Agency in 1992 established the current certification process, which the armed services are required to use to test and certify existing and newly developed systems for interoperability. This report discusses (1) whether Defense Department organizations are complying with interoperability testing and certification requirements and (2) what actions, if any, are needed to improve the current certification process. GAO also identifies initiatives that affect interoperability.

GAO noted that: (1) DOD does not have an effective process for certifying existing, newly developed, and modified C4I systems for interoperability; (2) many C4I systems have not been certified for interoperability and, in fact, DOD does not know how many require certification; (3) improvements to the certification process are needed to provide DOD better assurance that C4I systems critical to effective joint operations are tested and certified for interoperability; (4) DOD organizations are not complying with the current interoperability testing and certification process for existing, newly developed, and modified C4I systems; (5) according to Test Command officials, many C4I systems that require interoperability testing have not been certified or have not received a waiver from the requirement; (6) the extent of this noncompliance could have far-reaching effects on the use of such systems in joint operations; (7) noncompliance with interoperability testing and certification stems from weaknesses in the certification process itself; (8) while DOD guidance requires that all new systems be certified or obtain a waiver from certification testing before they enter production and fielding, systems proceed to these latter acquisition stages without being certified; (9) this occurs, in part, because Defense Information Systems Agency (DISA) Joint Interoperability Test Command officials lack the authority to compel DOD organizations to submit their C4I systems for testing; (10) although DOD guidance spells out a specific interoperability certification requirement, many DOD organizations are unaware of it; (11) others simply ignore the requirement because it is not strictly enforced or because they do not adequately budget for such testing; (12) another fundamental weakness in the process is the lack of a complete and accurate listing of C4I systems requiring certification and a plan to prioritize systems for testing; (13) as a result, the Test Command may not be focusing its limited resources on certifying the most critical systems first; (14) prioritization is important since the Command has reviewed only about 100 systems per year, and a requirement for recertification of modified systems continually adds to the number of systems requiring certification; and (15) the process does not include notifying the services about interoperability problems, and the Test Command has only recently begun to contact the services regarding the noted problems.

Recommendations

Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.

Director: Team: Phone: