- Requirements include any combination of Policies, Rules, and Specifications. Unless otherwise stated, all Requirements MUST be expressed as defined in RFC 2119.
- Machine-Testable Requirements are Requirements with which compliance can be verified using an automated test suite and appropriate scripting or testing software.
- Human-Auditable Requirements are Requirements with which compliance can only be verified by an audit of people, processes, and procedures.
- Policies are Human-Readable Requirements expressed as defined in RFC 2119.. For Policies, the full range of RFC 2119 keywords apply, i.e., "SHOULD", "MAY", and "RECOMMENDED" all have weight from an auditing perspective. An implementer MUST explain why a SHOULD or RECOMMENDED was not implemented and SHOULD explain why a MAY was implemented.
- Rules are Machine-Readable Requirements that can be processed by a Rules Engine. They are expressed in a structured rules language as specified by the GF.
- Specifications are documents containing any combination of Machine-Testable Requirements and Human-Auditable Requirements needed to produce technical interoperability. They are expressed as defined in RFC 2119.
|
