- Requirements include any combination of Policies, Rules, and Specifications. Unless otherwise stated, all Requirements MUST be expressed as defined in RFC 2119.
- Mandates are Requirements that use a MUST, MUST NOT, SHALL, SHALL NOT or REQUIRED keyword.
- Recommendations are Requirements that use a SHOULD, SHOULD NOT, or RECOMMENDED keyword.
- Options are Requirements that use a MAY or OPTIONAL keyword.
- Machine-Readable Testable Requirements are Requirements with which compliance can be verified using an automated test suite and appropriate scripting or testing software.
- Rules are Machine-Readable Testable Requirements that are written in a Machine-Readable language and can be processed by a Rules Engine. They are expressed in a structured rules language as specified by the GF.
- Human-Auditable Requirements are Requirements with which compliance can only be verified by an audit of people, processes, and procedures.
- Policies are Human-Auditable Requirements written using standard terms for conformance and auditing. For Policies using in ToIP Governance Frameworks, the full range of RFC 2119 keywords apply, i.e., "SHOULD", "MAY", and "RECOMMENDED" all have weight from an auditing perspective. An implementer MUST explain why a SHOULD or RECOMMENDED requirement was not implemented and SHOULD explain why a MAY requirement was implemented.
- Specifications are documents containing any combination of Machine-Readable Requirements and Human-Auditable Requirements needed to produce technical interoperability.
|
