The Navy's Networks, Information Assurance and Enterprise Services Program Office, PMW 160, provides the network fabric and services used by multiple shipboard tactical and business applications and systems. It also provides a common network infrastructure across multiple security domains and supports cross-domain and coalition operations.
PMW 160 is located in San Diego, Calif., and reports to the Navy's Program Executive Office for Command, Control, Communications, Computers and Intelligence (PEO C4I).
The Common PC Operating System Environment (COMPOSE) combines commercial-off-the-shelf (COTS) and government-off-the-shelf (GOTS) products to deliver directory services, e-mail, Web acceleration, office automation applications, collaboration tools and antivirus software for the Integrated Shipboard Network System (ISNS), Combined Enterprise Regional Information Exchange System (CENTRIXS), Sensitive Compartmented Information (SCI) networks, and Submarine Local Area Network (SubLAN).
COMPOSE delivers these services to the warfighter in a secure software bundle that aligns to the latest Defense Information Systems Agency (DISA) standards and guidelines. Typically delivered to the fleet in conjunction with a corresponding hardware refresh, COMPOSE is a key software component in the IT-21 vision for modernizing afloat networks.
COMPOSE, managed by PMW 160's Future Enterprise Networking Division, fulfills the fleet's requirement for a common, standardized client/server operating system. Its predecessor, GOTS Delta, was built on the Windows NT architecture and defined as the standard by the IT-21 initiative. It was the first version of PMW 160 baseline software fielded to the fleet.
Fielding for COMPOSE 2.0.3 began in April 2004. It introduced the Windows 2000 Server architecture into the fleet. It has been part of PMW 160's solution to the risk posed by Windows NT End-of-Life (EOL) and, as the first COMPOSE load, marked the beginning of a steady and deliberate progression away from GOTS toward COTS solutions. The security posture for this version of COMPOSE was built to the DISA Gold Standard — the standard at that time.
The latest version of COMPOSE is based on the Windows 2003 Server architecture, which supports Windows 2000 and XP client workstations. COMPOSE 3.0.0 development was accelerated in response to the urgent need to resolve the Windows NT EOL crisis per direction from the Naval Network Warfare Command (NETWARCOM) and the Department of the Navy Chief Information Officer.
PMW 160 obtained authorization to begin aggressively fielding this version of COMPOSE in February 2006 and conducted its first shipboard installation aboard the USS Antietam (CG 54) in March 2006. COMPOSE 3.0.0 was designed to meet DISA Platinum Security Technical Implementation Guidelines (STIG).
COMPOSE 2.0.3 has been fielded on more than 130 platforms, and version 3.0.0 has been fielded on more than 70 platforms. As anticipated, the most significant issue has been compatibility with applications that have not yet demonstrated interoperability with Windows 2003 Server and XP or have not yet aligned with the DISA Platinum STIG. While NETWARCOM and Commander Operational Test and Evaluation Force have mandated that application sponsor/owners are responsible for verifying compatibility with COMPOSE 3.0.0, it is PMW 160's responsibility to proactively track and publicize known application compatibility issues as they arise.
Along with a discussion on application compatibility during installation in-briefs, PMW 160 uses the Preferred Product List/System/Subsystem Interface List (PPL/SSIL) and the Critical and Non-Critical Application List to communicate these issues Navy-wide.
Typically, applications/systems that are included on the PPL/SSIL should not present unknown interoperability issues when installed in the COMPOSE environment that they were tested against.
Current status on all reported compatibility issues is provided in the Critical and Non-Critical Application List, which is updated on a weekly basis. These lists are available via the Naval Networks Web site at https://navalnetworks.spawar.navy.mil.
There are new builds planned for fiscal years 2007 and 2008, including COMPOSE 2.0.4, 3.0.1 and 3.1.0. Versions 2.0.4 and 3.0.1 will provide security updates, COTS service packs, and COTS application EOL updates. The security updates incorporated into version 2.0.3 will change its security standard from DISA Gold to Platinum.
COMPOSE 3.1.0 will leverage a COTS solution for software distribution and introduce Microsoft Vista Client software into the fleet to stay a step ahead of Windows XP EOL. PMW 160 is proactively working with Microsoft to test the beta version of Vista, Microsoft's next operating system against the current COMPOSE baseline.
The introduction of Vista will further enhance COMPOSE security because Microsoft is collaborating with DISA to define its default security settings for the new client software.
COMPOSE 3.1.0 will be designed to support fielding of DMS Proxy and information assurance tools such as Online Certificate Status Protocol (OCSP), Secure Configuration Compliance Validation Initiative (SSCVI), and Secure Compliance Remediation Initiative (SCRI).
Support for these information assurance tools is critical in helping the fleet meet mandated changes to the afloat environment, such as implementation of Public Key Infrastructure (PKI) /Cryptographic Log On Afloat (CLO).
COMPOSE 3.0.0 has paved the way for afloat networks to mitigate risks associated with Windows NT and Windows 2000 EOL, as well as to provide the warfighter with the latest software available.
Working closely with stakeholders, installers, engineers, and fleet representatives, PMW 160 and the COMPOSE Program Office are delivering robust capabilities to the fleet in a timely, cost effective manner.