Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  • Requirements include any combination of Policies, Rules, and Specifications. Unless otherwise stated, all Requirements MUST be expressed as defined in RFC 2119
  • Machine-Testable Readable Requirements are Requirements with which compliance can be verified using an automated test suite and appropriate scripting or testing software.
  • Human-Auditable Requirements are Requirements with which compliance can only be verified by an audit of people, processes, and procedures.
  • Policies are Human-Readable Auditable Requirements. For Policies, the full range of RFC 2119 keywords apply, i.e., "SHOULD", "MAY", and "RECOMMENDED" all have weight from an auditing perspective. An implementer MUST explain why a SHOULD or RECOMMENDED requirement was not implemented and SHOULD explain why a MAY requirement was implemented.
  • Rules are Machine-Readable Requirements that can be processed by a Rules Engine. They are expressed in a structured rules language as specified by the GF.
  • Specifications are documents containing any combination of Machine-Testable Readable Requirements and Human-Auditable Requirements needed to produce technical interoperability.