Verification Plan (SVP) — ISO/IEC/IEEE 15289 — Plan | IEEE 29148 §6.6
Generated 2026-03-27 — UHT Journal / universalhex.org
| Ref | Requirement | Method | Tags |
|---|---|---|---|
| VER-VERIFICATIONMETHODS-001 | The Weapon Safety Interlock Manager authorization sequence SHALL be verified by test demonstrating that weapon release is inhibited when any of the three authorization levels is not satisfied, including single-point failure injection of each interlock channel. | — | verification, weapon-control, safety, session-191 |
| VER-VERIFICATIONMETHODS-002 | The CIWS no-fire sector enforcement SHALL be verified by test with the CIWS in autonomous mode, confirming that targets within defined no-fire sectors are not engaged across all sector boundary conditions. | — | verification, weapon-control, ciws, session-191 |
| VER-VERIFICATIONMETHODS-003 | The Weapon Safety Interlock Manager fail-safe behaviour SHALL be verified by test injecting communication failures on each weapon data bus and confirming weapon-safe state is achieved within 100 milliseconds for all weapon types. | — | verification, weapon-control, safety, session-191 |
| VER-VERIFICATIONMETHODS-004 | The Fire Control Computer firing solution update cycle time SHALL be verified by analysis of timing measurements over 1000 consecutive cycles under maximum engagement load (8 simultaneous channels) confirming 99th percentile completion within 100 milliseconds. | — | verification, weapon-control, fire-control, session-191 |
| VER-VERIFICATIONMETHODS-005 | The Tactical Data Link Processor message throughput (SUB-REQS-063) SHALL be verified by test using a Link-16 network simulator generating J-series traffic at maximum rate while measuring internal distribution latency with instrumented message timestamps. | — | verification, comms, tdl, session-194 |
| VER-VERIFICATIONMETHODS-006 | The COMSEC emergency zeroization (SUB-REQS-070) SHALL be verified by demonstration using test key material loaded into all connected crypto devices, executing the emergency zeroize command, and confirming key destruction within the 10-second threshold via device status query. | — | verification, comms, comsec, session-194 |
| VER-VERIFICATIONMETHODS-007 | The network failover time (SUB-REQS-071) SHALL be verified by test, injecting a link failure on the primary combat system LAN path and measuring switchover time to the redundant path using network analyser capture with microsecond resolution. | — | verification, comms, network, session-194 |
| VER-VERIFICATIONMETHODS-008 | The COP Generator 30 Hz refresh rate (SUB-SUBSYSTEMREQUIREMENTS-082) SHALL be verified by test, measuring actual frame delivery rate under peak track load of 1500 simultaneous targets with all overlay layers active. | — | verification, display, cop, session-195 |
| VER-VERIFICATIONMETHODS-009 | The Redundancy and Failover Controller failover time (SUB-SUBSYSTEMREQUIREMENTS-094) SHALL be verified by test, injecting hardware fault signals into each combat system server and measuring time from fault detection to application resumption on the backup node. | — | verification, infra, failover, session-195 |
| VER-VERIFICATIONMETHODS-010 | The Training Mode Controller weapon inhibit (SUB-SUBSYSTEMREQUIREMENTS-102) SHALL be verified by demonstration, activating training mode and confirming that all weapon discharge circuits are physically interrupted and that no weapon engagement command is accepted by the Weapon Control Subsystem. | — | verification, training, safety, session-195 |
| VER-VERIFICATIONMETHODS-011 | The Time Distribution Unit synchronization accuracy (SUB-SUBSYSTEMREQUIREMENTS-096) SHALL be verified by test, comparing PTP-distributed time at each CMS node against an independent calibrated reference clock over a 24-hour period including simulated GPS denial. | — | verification, infra, timing, session-195 |
| VER-VERIFICATIONMETHODS-012 | The system-level degraded mode capability (SYS-SYSTEM-LEVELREQUIREMENTS-014) SHALL be verified by test, progressively disabling processing nodes to 70 percent capacity and measuring track capacity, sensor-to-display latency, and engagement capability in each warfare domain against the specified thresholds. | — | verification, degraded-mode, qc-fix, session-196 |
| VER-VERIFICATIONMETHODS-013 | The EMCON Manager emission suppression (SUB-SUBSYSTEMREQUIREMENTS-057) SHALL be verified by test using calibrated RF receivers at all ship emission points, commanding EMCON transitions at each restriction level, and confirming that all controlled emitters cease transmission within 2 seconds with zero unauthorized emissions detected over a 30-minute monitoring period. | — | verification, emcon, qc-fix, session-196 |
| VER-VERIFICATIONMETHODS-014 | The network intrusion detection and cross-domain security (SYS-SYSTEM-LEVELREQUIREMENTS-011) SHALL be verified by test using a red-team penetration test against all CMS network interfaces with attack vectors including network scanning, protocol exploitation, and cross-domain data leakage attempts, confirming zero unauthorized access to classified data and weapon control functions. | — | verification, cybersecurity, qc-fix, session-196 |
| VER-VERIFICATIONMETHODS-015 | The torpedo launch safety interlock (SUB-SUBSYSTEMREQUIREMENTS-109) SHALL be verified by demonstration, confirming that torpedo launch commands are inhibited unless Weapons Officer authorization is present, and that all interlock states are correctly reported on the safety console display. | — | verification, asw, weapon-control, session-197, validation |
| VER-VERIFICATIONMETHODS-016 | The degraded mode performance criteria (SYS-SYSTEM-LEVELREQUIREMENTS-016) SHALL be verified by test, progressively disabling processing nodes to 70 percent capacity and measuring track capacity, sensor-to-display latency, COP refresh rate, and confirming single-warfare-area engagement capability under controlled scenario conditions. | — | verification, degraded-mode, session-197, validation |
| VER-VERIFICATIONMETHODS-017 | The physical distribution requirement (SYS-SYSTEM-LEVELREQUIREMENTS-015) SHALL be verified by inspection of equipment installation drawings and analysis of compartment separation against ship survivability standards, confirming that loss of any single compartment preserves degraded-mode combat operations. | — | verification, survivability, session-197, validation |
| Requirement | Verified By | Description |
|---|---|---|
| SYS-SYSTEM-LEVELREQUIREMENTS-011 | VER-VERIFICATIONMETHODS-014 | |
| SUB-SUBSYSTEMREQUIREMENTS-092 | VER-VERIFICATIONMETHODS-016 | |
| SUB-SUBSYSTEMREQUIREMENTS-109 | VER-VERIFICATIONMETHODS-015 | |
| SUB-SUBSYSTEMREQUIREMENTS-057 | VER-VERIFICATIONMETHODS-013 | |
| SUB-SUBSYSTEMREQUIREMENTS-107 | VER-VERIFICATIONMETHODS-012 | |
| SUB-SUBSYSTEMREQUIREMENTS-096 | VER-VERIFICATIONMETHODS-011 | |
| SUB-SUBSYSTEMREQUIREMENTS-102 | VER-VERIFICATIONMETHODS-010 | |
| SUB-SUBSYSTEMREQUIREMENTS-094 | VER-VERIFICATIONMETHODS-009 | |
| SUB-SUBSYSTEMREQUIREMENTS-082 | VER-VERIFICATIONMETHODS-008 | |
| SUB-REQS-071 | VER-METHODS-007 | |
| SUB-REQS-070 | VER-METHODS-006 | |
| SUB-REQS-063 | VER-METHODS-005 | |
| SUB-SUBSYSTEMREQUIREMENTS-022 | VER-VERIFICATIONMETHODS-004 | |
| SUB-SUBSYSTEMREQUIREMENTS-034 | VER-VERIFICATIONMETHODS-003 | |
| SUB-SUBSYSTEMREQUIREMENTS-030 | VER-VERIFICATIONMETHODS-002 | |
| SUB-SUBSYSTEMREQUIREMENTS-033 | VER-VERIFICATIONMETHODS-001 |
| Ref | Document | Requirement |
|---|---|---|
| IFC-INTERFACEDEFINITIONS-031 | interface-requirements | The interface between the Tactical Data Link Processor and the Track Management Subsystem SHALL exchange track data usin... |
| IFC-INTERFACEDEFINITIONS-032 | interface-requirements | The interface between the Tactical Data Link Processor and the Threat Evaluation and Weapon Assignment Subsystem SHALL t... |
| IFC-INTERFACEDEFINITIONS-033 | interface-requirements | The interface between the Message Distribution Server and the Tactical Display and Operator Interface Subsystem SHALL de... |
| IFC-INTERFACEDEFINITIONS-034 | interface-requirements | The interface between the COMSEC Key Management Module and the Tactical Data Link Processor SHALL support KGV-11 key loa... |
| IFC-INTERFACEDEFINITIONS-035 | interface-requirements | The interface between the Network Management Controller and the Data Processing Infrastructure Subsystem SHALL provide S... |
| IFC-INTERFACEDEFINITIONS-036 | interface-requirements | The interface between the Ownship Data Fusion Processor and the Track Management Subsystem SHALL provide ownship positio... |
| IFC-INTERFACEDEFINITIONS-037 | interface-requirements | The interface between the Ownship Data Fusion Processor and the Weapon Control Subsystem SHALL provide ownship kinematic... |
| IFC-INTERFACEDEFINITIONS-038 | interface-requirements | The interface between the Platform Systems Gateway and the Tactical Display and Operator Interface Subsystem SHALL prese... |
| SUB-SUBSYSTEMREQUIREMENTS-063 | subsystem-requirements | The Tactical Data Link Processor SHALL transmit and receive Link-16 J-series messages at the full JTIDS terminal rate of... |
| SUB-SUBSYSTEMREQUIREMENTS-064 | subsystem-requirements | The Tactical Data Link Processor SHALL maintain simultaneous participation in up to 3 Link-16 networks and 1 Link-22 mul... |
| SUB-SUBSYSTEMREQUIREMENTS-065 | subsystem-requirements | The SATCOM Interface Controller SHALL maintain at least one beyond-line-of-sight communication channel with 99.5% availa... |
| SUB-SUBSYSTEMREQUIREMENTS-066 | subsystem-requirements | The Radio Circuit Manager SHALL support simultaneous management of at least 30 radio circuits across HF (2-30 MHz), VHF ... |
| SUB-SUBSYSTEMREQUIREMENTS-067 | subsystem-requirements | The Message Distribution Server SHALL route at least 500 formatted messages per minute across all precedence levels (Fla... |
| SUB-SUBSYSTEMREQUIREMENTS-068 | subsystem-requirements | When a Flash precedence message is received, the Message Distribution Server SHALL preempt lower-precedence message proc... |
| SUB-SUBSYSTEMREQUIREMENTS-069 | subsystem-requirements | The COMSEC Key Management Module SHALL manage at least 200 concurrent Type-1 cryptographic keys across all communication... |
| SUB-SUBSYSTEMREQUIREMENTS-070 | subsystem-requirements | When an emergency zeroize command is issued, the COMSEC Key Management Module SHALL destroy all stored key material acro... |
| SUB-SUBSYSTEMREQUIREMENTS-071 | subsystem-requirements | The Network Management Controller SHALL maintain combat system LAN availability of at least 99.99% through dual-redundan... |
| SUB-SUBSYSTEMREQUIREMENTS-072 | subsystem-requirements | The Network Management Controller SHALL enforce VLAN-based classification domain separation between UNCLASSIFIED, SECRET... |
| SUB-SUBSYSTEMREQUIREMENTS-073 | subsystem-requirements | When EMCON condition is set, the Communications Management Subsystem SHALL suppress all RF transmissions on tactical dat... |
| SUB-SUBSYSTEMREQUIREMENTS-074 | subsystem-requirements | The Radio Circuit Manager SHALL support automatic link establishment on HF circuits per MIL-STD-188-141B with link setup... |
| SUB-SUBSYSTEMREQUIREMENTS-075 | subsystem-requirements | The Ownship Data Fusion Processor SHALL provide a fused ownship state vector (position, velocity, heading, attitude) to ... |
| SUB-SUBSYSTEMREQUIREMENTS-076 | subsystem-requirements | When GPS signal is lost, the Ownship Data Fusion Processor SHALL continue providing ownship position using INS-only dead... |
| SUB-SUBSYSTEMREQUIREMENTS-077 | subsystem-requirements | The Inertial Navigation System Interface SHALL receive attitude data (roll, pitch, heading) at 50 Hz via MIL-STD-1553B w... |
| SUB-SUBSYSTEMREQUIREMENTS-078 | subsystem-requirements | The GPS Receiver Interface SHALL detect loss of GPS integrity via RAIM and report GPS-denied condition to the Ownship Da... |
| SUB-SUBSYSTEMREQUIREMENTS-079 | subsystem-requirements | The Platform Systems Gateway SHALL receive and distribute ship platform status including propulsion plant state, electri... |
| SUB-SUBSYSTEMREQUIREMENTS-080 | subsystem-requirements | The Autopilot and Helm Interface SHALL enforce safety interlocks preventing CMS-commanded course changes that would resu... |
| SUB-SUBSYSTEMREQUIREMENTS-081 | subsystem-requirements | The Ownship Data Fusion Processor SHALL detect and exclude faulty navigation sensor inputs within 2 seconds of fault ons... |
| SUB-SUBSYSTEMREQUIREMENTS-112 | subsystem-requirements | The Torpedo Fire Control Processor SHALL compute torpedo launch solutions for lightweight and heavyweight torpedoes with... |
| VER-VERIFICATIONMETHODS-005 | verification-plan | The Tactical Data Link Processor message throughput (SUB-REQS-063) SHALL be verified by test using a Link-16 network sim... |
| VER-VERIFICATIONMETHODS-006 | verification-plan | The COMSEC emergency zeroization (SUB-REQS-070) SHALL be verified by demonstration using test key material loaded into a... |
| VER-VERIFICATIONMETHODS-007 | verification-plan | The network failover time (SUB-REQS-071) SHALL be verified by test, injecting a link failure on the primary combat syste... |
| VER-VERIFICATIONMETHODS-017 | verification-plan | The physical distribution requirement (SYS-SYSTEM-LEVELREQUIREMENTS-015) SHALL be verified by inspection of equipment in... |