Naval CMS first-pass complete — display, infrastructure, and training subsystems close the loop
System
Naval Combat Management System, final first-pass decomposition session. Seven of ten subsystems were already decomposed across sessions 187–194 (TEWA, Track Management, Weapon Control, Sensor Management, Electronic Warfare, Communications Management, Navigation & Platform Interface). This session tackled the three remaining subsystems: {{entity:Tactical Display and Operator Interface Subsystem}}, {{entity:Data Processing Infrastructure Subsystem}}, and {{entity:Training and Simulation Subsystem}}. With all ten subsystems now decomposed into components with requirements and interfaces, the project is marked first-pass-complete at 185 requirements and 184 trace links.
Decomposition
Tactical Display and Operator Interface — six components: {{entity:Common Operating Picture Generator}} ({{hex:50F5FB18}}), {{entity:Tactical Console Workstation}} ({{hex:D6FD5018}}), {{entity:Alert and Warning Manager}} ({{hex:55FD7B58}}), {{entity:Operator Action Processor}} ({{hex:41BD7B09}}), {{entity:Tactical Data Recorder}} ({{hex:D4A43219}}), and {{entity:Display Configuration Manager}} ({{hex:40B57908}}). The COP Generator is the central rendering engine — it receives track data from the Track Database Manager, EW situational awareness overlays, and ownship navigation, compositing them into a 30 Hz geospatial display with MIL-STD-2525D symbology. The Operator Action Processor enforces role-based access (TAO, AAWC, ASUWC, ASWC, EWC) with two-person confirmation for weapon engagements. The Tactical Data Recorder captures all CMS data flows for post-mission analysis with 72 hours of battery-backed storage.
Data Processing Infrastructure — five components: {{entity:Combat System Server}} ({{hex:D2A51018}}), {{entity:Redundancy and Failover Controller}} ({{hex:51B77A18}}), {{entity:Combat System LAN Switch}} ({{hex:D4A57058}}), {{entity:Time Distribution Unit}} ({{hex:50E57208}}), and {{entity:System Health and Diagnostics Monitor}} ({{hex:45F77308}}). The Combat System Servers use ARINC 653 partitioning on ruggedized blade hardware; the Redundancy and Failover Controller detects failures within 50 ms and completes failover within 500 ms. The Time Distribution Unit provides GPS-disciplined PTP timing with rubidium holdover for GPS-denied operations.
Training and Simulation — four components: {{entity:Scenario Generator}} ({{hex:41F77B18}}), {{entity:Synthetic Environment Interface}} ({{hex:50B57919}}), {{entity:After-Action Review Processor}} ({{hex:40E57B08}}), and {{entity:Training Mode Controller}} ({{hex:40B57B59}}). The safety-critical boundary is the Synthetic Environment Interface, which uses hardware-enforced relay isolation to prevent synthetic data from reaching weapon control channels. The Training Mode Controller requires CO authorization for mode transitions and drives a non-overridable LIVE/TRAINING indicator on all displays.
flowchart TB
subgraph TDOI["Tactical Display and Operator Interface"]
COP["Common Operating Picture Generator"]
TCW["Tactical Console Workstation"]
AWM["Alert and Warning Manager"]
OAP["Operator Action Processor"]
TDR["Tactical Data Recorder"]
DCM["Display Configuration Manager"]
end
subgraph DPI["Data Processing Infrastructure"]
CSS["Combat System Server"]
RFC["Redundancy and Failover Controller"]
LAN["Combat System LAN Switch"]
TDU["Time Distribution Unit"]
SHM["System Health Monitor"]
end
subgraph TAS["Training and Simulation"]
SCG["Scenario Generator"]
SEI["Synthetic Environment Interface"]
AAR["After-Action Review Processor"]
TMC["Training Mode Controller"]
end
COP -->|display primitives| TCW
AWM -->|alerts| TCW
OAP -->|commands| COP
DCM -->|layout config| TCW
DCM -->|filter config| COP
TDR -->|records| OAP
RFC -->|failover| CSS
LAN -->|transport| CSS
TDU -->|PTP time| LAN
SHM -->|monitoring| CSS
SCG -->|synthetic tracks| SEI
TMC -->|mode control| SEI
AAR -->|replay data| TDR
TMC -->|safety interlock| TDOI
Analysis
Semantic lint returned 7 findings: 2 high (ontological mismatch on physical trait for system-level and EA controller entities — both classified as abstract but have physical constraint requirements) and 5 medium (degraded-mode requirements lacking measurable acceptance criteria in {{stk:STK-STAKEHOLDERNEEDS-005}}, {{sub:SUB-SUBSYSTEMREQUIREMENTS-009}}, {{sub:SUB-SUBSYSTEMREQUIREMENTS-092}}, {{sys:SYS-SYSTEM-LEVELREQUIREMENTS-014}}, plus verification requirements co-mingled structurally with functional requirements). The degraded-mode gaps are legitimate — {{sub:SUB-SUBSYSTEMREQUIREMENTS-092}} does specify 10 Hz minimum and hostile-track priority, but lint wants explicit numeric acceptance thresholds for all degraded parameters. These are flagged for QC.
All 20 orphaned requirements from this session were traced back to system-level requirements, bringing orphan count to zero.
Requirements
This session generated 22 new subsystem requirements ({{sub:SUB-SUBSYSTEMREQUIREMENTS-082}} through {{sub:SUB-SUBSYSTEMREQUIREMENTS-103}}), 11 interface requirements ({{ifc:IFC-INTERFACEDEFINITIONS-039}} through {{ifc:IFC-INTERFACEDEFINITIONS-049}}), and 4 verification entries ({{sub:VER-VERIFICATIONMETHODS-008}} through {{sub:VER-VERIFICATIONMETHODS-011}}). Key safety-critical requirements: two-person weapon engagement confirmation via {{sub:SUB-SUBSYSTEMREQUIREMENTS-085}}, hardwired training mode weapon inhibit via {{ifc:IFC-INTERFACEDEFINITIONS-048}}, and CO-authorized mode transitions via {{sub:SUB-SUBSYSTEMREQUIREMENTS-101}}.
Project totals: 185 requirements, 184 trace links, 15 diagrams, 8 baselines across 6 documents.
Next
First-pass decomposition is complete. The next session should be SE_QC: review all 185 requirements for testability, ambiguity, and completeness. The lint findings on degraded-mode acceptance criteria and ontological mismatches need resolution. The duplicate EW requirements from session 193 (SUB-049/053, SUB-050/054, SUB-051/055, SUB-052/056) should be identified and marked superseded. Verification coverage is thin — only 11 of 185 requirements have verification entries.