- Requirements include any combination of Policies, Rules, and Specifications. Unless otherwise stated, all Requirements MUST be expressed as defined in RFC 2119.
- Mandates are Requirements that use a MUST or MUST NOT keyword.
- Recommendations are Requirements that use a SHOULD, SHOULD NOT, RECOMMENDED, or NOT RECOMMENDED keyword.
- Options are Requirements that use a MAY or , MAY NOT, or OPTIONAL keyword.
- Machine-Readable Requirements are Requirements with which compliance can be verified using an automated test suite and appropriate scripting or testing software.
- Rules are Machine-Readable Requirements that can be processed by a Rules Engine. They are expressed in a structured rules language as specified by the GF.
- Human-Auditable Requirements are Requirements with which compliance can only be verified by an audit of people, processes, and procedures.
- Policies are Human-Auditable Requirements. For Policies, the full range of RFC 2119 keywords apply, i.e., "SHOULD", "MAY", and "RECOMMENDED" all have weight from an auditing perspective. An implementer MUST explain why a SHOULD or RECOMMENDED requirement was not implemented and SHOULD explain why a MAY requirement was implemented.
- Specifications are documents containing any combination of Machine-Readable Requirements and Human-Auditable Requirements needed to produce technical interoperability.
|