System Requirements Specification (SyRS) — ISO/IEC/IEEE 15289 — Specification | IEEE 29148 §6.2–6.4
Generated 2026-03-27 — UHT Journal / universalhex.org
| Standard | Title |
|---|---|
| DEF STAN 00-250 | — |
| DEF STAN 00-56 | Safety management requirements for defence systems |
| IEC 60529 | Degrees of protection provided by enclosures (IP Code) |
| IEC 60825-1 | — |
| IEC 61000-4-2 | — |
| IEC 61508 | Functional safety of electrical/electronic/programmable electronic safety-related systems |
| IEC 61508-3 | Functional safety of electrical/electronic/programmable electronic safety-related systems |
| IEC 61508-6 | Functional safety of electrical/electronic/programmable electronic safety-related systems |
| IEC 61800-7 | — |
| IEC 61810 | — |
| IEEE 754 | — |
| IEEE 802.3 | Standard for Ethernet |
| ISO 11898 | — |
| STANAG 3606 | — |
| STANAG 4059 | — |
| STANAG 4090 | — |
| STANAG 4347 | — |
| STANAG 4370 | — |
| STANAG 4472 | — |
| STANAG 4569 | — |
| STANAG 4586 | Standard interfaces of UAV control system for NATO UAV interoperability |
| STANAG 5048 | — |
| STANAG 5516 | — |
| Acronym | Expansion |
|---|---|
| ARC | Architecture Decisions |
| BMS | Tactical Data Link |
| CCCS | Completeness, Consistency, Correctness, Stability |
| CIU | Communications Interface Unit |
| EARS | Easy Approach to Requirements Syntax |
| FMEDA | Failure Modes Effects and Diagnostic Analysis |
| IFC | Interface Requirements |
| LRU | Replaceable Unit |
| MTBCF | Mean Time Between Critical Failures |
| MTTR | Mean Time To Repair |
| OEM | System Integrator |
| SSPC | State Power Controller |
| STK | Stakeholder Requirements |
| SUB | Subsystem Requirements |
| SYS | System Requirements |
| TDC | Turret Drive Controller |
| UHT | Universal Hex Taxonomy |
| VER | Verification Plan |
| WCI | Weapon Control Interface |
| Ref | Requirement | V&V | Tags |
|---|---|---|---|
| STK-REQ-001 | The Remote Weapon Station SHALL enable the Vehicle Commander to detect, identify, and engage targets from within the armoured vehicle without crew exposure above the hull line. Rationale: Vehicle Commander (RWS Operator), Urban Patrol Engagement scenario: the fundamental operational need is eliminating crew exposure during weapon operation, which is the leading cause of upper-body casualties in mounted operations. | Demonstration | stakeholder, stk-vc-operator, session-617, idempotency:stk-vc-operator-no-exposure-617 |
| STK-REQ-002 | The Remote Weapon Station SHALL provide stabilised electro-optical and thermal imaging sensors with minimum 0.3 mrad IFOV day-channel resolution and equivalent thermal imaging resolution, enabling positive target identification at ranges up to 1500m in day and 800m in night and obscured conditions. Rationale: Vehicle Commander (RWS Operator), Urban Patrol Engagement scenario: operator detects RPG threat on rooftop via thermal, confirms with day camera. Dual-mode sensor with PID range drives engagement decision quality and reduces friendly fire risk (H-004). | Test | stakeholder, stk-vc-operator, session-617, idempotency:stk-vc-operator-sensor-capability-617 |
| STK-REQ-003 | The Remote Weapon Station SHALL provide the Vehicle Commander with an automated target tracking capability to maintain weapon-target alignment during vehicle motion. Rationale: Vehicle Commander (RWS Operator), Urban Patrol Engagement scenario: auto-tracks target prior to firing 3-round burst at 200m. Manual tracking from a moving vehicle is impractical for the engagement timelines in urban asymmetric warfare. | Test | stakeholder, stk-vc-operator, session-617, idempotency:stk-vc-operator-auto-track-617 |
| STK-REQ-004 | The Remote Weapon Station SHALL support engagement authorization by the Tactical Commander via data link before weapon discharge is permitted. Rationale: Tactical Commander, Urban Patrol Engagement scenario: commander receives authorization before arming weapon. ROE compliance requires explicit engagement authority in the fire control chain. | Demonstration | stakeholder, stk-tac-cmdr, session-617, idempotency:stk-tac-cmdr-auth-617 |
| STK-REQ-005 | The Remote Weapon Station SHALL provide sensor imagery and target data to the Tactical Commander via the tactical data link for situational awareness and engagement decisions. Rationale: Tactical Commander, Urban Patrol Engagement scenario: tactical commander receives sensor imagery via data link to authorise engagement per ROE. Without shared imagery the commander cannot make informed fire decisions. | Test | stakeholder, stk-tac-cmdr, session-617, idempotency:stk-tac-cmdr-sa-617 |
| STK-REQ-006 | The Remote Weapon Station SHALL protect dismounted infantry from uncommanded turret motion by de-energising turret drives and engaging mechanical brakes within 500ms of any safety interlock trip or emergency stop activation. Rationale: Dismounted Infantry, Emergency Stop scenario: uncommanded motion detected, drives de-energised and braked within 200ms. Dismounted personnel in the turret danger zone are the highest-risk stakeholder for H-002 (crushing/striking). | Test | stakeholder, stk-dismounted, session-617, safety, idempotency:stk-dismounted-turret-safety-617 |
| STK-REQ-007 | The Remote Weapon Station SHALL prevent weapon discharge when a safety interlock is tripped, an E-STOP is activated, or the operator control link is lost. Rationale: Dismounted Infantry, IED Strike Control Loss and Emergency Stop scenarios: weapon must be safed immediately when control is compromised. Addresses H-001 (uncommanded discharge), H-006 (loss of control), and H-007 (software fault). | Test | stakeholder, stk-dismounted, session-617, safety, idempotency:stk-dismounted-no-discharge-617 |
| STK-REQ-008 | The Remote Weapon Station SHALL support barrel change and ammunition replenishment by a single maintainer within 15 minutes using standard tools, with the weapon confirmed clear and turret in maintenance mode. Rationale: Weapons System Maintainer, Field Maintenance Barrel Change scenario: armourer changes barrel in 15 min, inspects feed, reloads. Maintenance must be achievable in the field without specialist equipment. | Demonstration | stakeholder, stk-maintainer, session-617, idempotency:stk-maintainer-barrel-change-617 |
| STK-REQ-009 | The Remote Weapon Station SHALL enforce lockout-tagout safety interlocks during maintenance mode, preventing turret traverse beyond maintenance limits and weapon energisation while access panels are open. Rationale: Weapons System Maintainer, Field Maintenance scenario: safety interlocks enforced, no traverse past maintenance limits, access panels unlocked only in maintenance mode. Protects maintainer from H-002 (turret motion) while working in the hazard zone. | Test | stakeholder, stk-maintainer, session-617, safety, idempotency:stk-maintainer-lockout-617 |
| STK-REQ-010 | The Remote Weapon Station SHALL isolate the Vehicle Crew from recoil loads, excessive vibration, and acoustic overpressure during sustained weapon firing. Rationale: Vehicle Crew (Driver/Loader), Urban Patrol Engagement scenario: crew affected by recoil, vibration, noise. Recoil isolation prevents structural damage to crew station equipment and injury to occupants. | Test | stakeholder, stk-crew, session-617, idempotency:stk-crew-recoil-isolation-617 |
| STK-REQ-011 | The Remote Weapon Station SHALL enable the Loader to replenish ammunition and clear weapon stoppages from within the vehicle or from a protected position without entering the turret danger zone during engagement mode. Rationale: Vehicle Crew (Driver/Loader), Field Maintenance scenario: loader replenishes ammunition and clears stoppages. Ammunition handling must not require crew exposure during active operations. | Demonstration | stakeholder, stk-crew, session-617, idempotency:stk-crew-ammo-replenish-617 |
| STK-REQ-012 | When one sensor modality (EO or TI) has failed, the Remote Weapon Station SHALL continue to provide weapon engagement capability using the remaining sensor with a minimum engagement range of 200m against a 2m x 2m stationary target at Phit >= 0.5, alerting the operator to degraded accuracy via both visual and audible indication. Rationale: Vehicle Commander (RWS Operator), Degraded Sensor Operation scenario: thermal crossover renders TI ineffective, system falls back to day camera with manual tracking. Phit >= 0.5 at 200m represents minimum suppressive capability; below this threshold, the system cannot reliably neutralise an RPG threat. Quantified threshold derived from SYS-REQ-011 degraded engagement analysis. | Test | stakeholder, stk-vc-operator, session-617, idempotency:stk-vc-operator-degraded-ops-617 |
| STK-REQ-013 | The Remote Weapon Station SHALL automatically safe the weapon and alert the operator within 500ms when the control link between the operator control unit and the turret is lost. Rationale: Vehicle Commander (RWS Operator), IED Strike Control Loss scenario: IED damages cable harness, control link lost, hardware safety auto-safes weapon within 500ms. Addresses H-006 directly — armed weapon with no operator is catastrophic. | Test | stakeholder, stk-vc-operator, session-617, safety, idempotency:stk-vc-operator-link-loss-617 |
| STK-REQ-014 | The Remote Weapon Station SHALL be designed for modular LRU replacement enabling field-level corrective maintenance of any faulty subsystem within 60 minutes using standard military tool sets. Rationale: RWS System Integrator (OEM), Field Maintenance scenario and IED Strike scenario: LRU replacement needed after encoder fault or battle damage. Through-life supportability requires modular design with standard tooling. | Demonstration | stakeholder, stk-oem, session-617, idempotency:stk-oem-lru-replacement-617 |
| STK-REQ-015 | The Remote Weapon Station SHALL comply with IEC 61508 (Functional safety of E/E/PE safety-related systems) SIL 2 minimum for all safety functions, and SIL 3 for the weapon firing chain, to support the OEM safety case and DEF STAN 00-56 (Safety Management Requirements for Defence Systems) certification. Rationale: RWS System Integrator (OEM), regulatory stakeholder: hazard register identifies H-001, H-003, H-007 as SIL 3 (catastrophic uncommanded discharge, failure to safe, software fault) and H-002, H-004, H-005, H-006 as SIL 2. Certification requires demonstrated compliance. | Analysis | stakeholder, stk-oem, session-617, safety, regulatory, idempotency:stk-oem-sil-compliance-617 |
| STK-REQ-016 | The Remote Weapon Station SHALL operate across the full military temperature range of -46°C to +71°C and withstand vibration per MIL-STD-810H Method 514.8 Category 4/8 without degradation of safety or engagement functions. Rationale: Environment as stakeholder, operating constraints: temperature and vibration extremes define the envelope within which all functions must perform. Failure to operate at temperature extremes leaves vehicles without weapon capability in theatre. | Test | stakeholder, stk-environment, session-617, idempotency:stk-env-temp-vib-617 |
| STK-REQ-017 | The Remote Weapon Station SHALL achieve IP67 ingress protection for the turret assembly and IP54 for hull-mounted electronics to support operations in desert, tropical, and fording conditions. Rationale: Environment as stakeholder, Ingress Protection constraint: turret is exposed to rain, dust, mud, and temporary immersion during fording. Electronics failure from ingress causes loss of weapon capability in the field. | Test | stakeholder, stk-environment, session-617, idempotency:stk-env-ip-rating-617 |
| Ref | Requirement | V&V | Tags |
|---|---|---|---|
| SYS-REQ-001 | The Remote Weapon Station SHALL achieve a first-round hit probability of not less than 0.7 against a stationary 2m x 2m target at 200m from a vehicle moving at 15 km/h, using stabilised fire control. Rationale: Derived from STK-REQ-001 and STK-REQ-003. Urban engagement scenario requires high first-round hit probability at typical urban combat ranges from a moving platform. 0.7 Phit is the minimum for effective suppression against an RPG threat. | Test | system, performance, session-617, idempotency:sys-engagement-accuracy-617 |
| SYS-REQ-002 | The Remote Weapon Station SHALL complete the sequence from target detection to first round fired in not more than 8 seconds when the system is in Surveillance mode and the weapon is loaded. Rationale: Derived from STK-REQ-001. Urban Patrol Engagement scenario: short engagement timelines in asymmetric warfare require rapid transition from surveillance to engagement. 8s is derived from typical RPG engagement timelines. | Test | system, performance, session-617, idempotency:sys-engagement-time-617 |
| SYS-REQ-003 | The Remote Weapon Station SHALL provide continuous 360° azimuth traverse and -20° to +60° elevation coverage with a slew rate of not less than 60°/s in azimuth and 40°/s in elevation. Rationale: Derived from STK-REQ-001. Omnidirectional threat environment in urban warfare requires full-hemisphere coverage. Slew rates derived from engagement timeline: 180° worst-case traverse in 3s to meet 8s detection-to-fire budget. | Test | system, performance, session-617, idempotency:sys-traverse-coverage-617 |
| SYS-REQ-004 | The Remote Weapon Station SHALL provide day-channel imaging with minimum 0.3 mrad IFOV and thermal imaging with minimum NETD of 50 mK at 30°C, with dual-FOV (wide 18° and narrow 3°) on both channels. Rationale: Derived from STK-REQ-002. PID at 1500m (day) and 800m (night) requires 0.3 mrad IFOV per Johnson criteria (6 cycles on a 0.5m feature at 1500m). 50 mK NETD ensures thermal detection through moderate obscurants. | Test | system, performance, session-617, idempotency:sys-sensor-performance-617 |
| SYS-REQ-005 | The Remote Weapon Station SHALL include a laser rangefinder with range accuracy of ±5m at ranges from 200m to 3000m, eye-safe to NATO STANAG 3606. Rationale: Derived from STK-REQ-002. Ballistic computation requires accurate range data. ±5m accuracy at 3000m ensures fire control solution error is dominated by other factors (wind, propellant temperature), not range measurement. | Test | system, performance, session-617, idempotency:sys-lrf-performance-617 |
| SYS-REQ-006 | The Remote Weapon Station SHALL maintain automatic target tracking with a tracking error of not more than 0.5 mrad RMS on a crossing target moving at 30 km/h at 500m range. Rationale: Derived from STK-REQ-003. Auto-tracking accuracy must keep the weapon within the target silhouette for the burst duration. 0.5 mrad RMS at 500m is 0.25m displacement — within a personnel target width. | Test | system, performance, session-617, idempotency:sys-tracking-accuracy-617 |
| SYS-REQ-007 | The Remote Weapon Station SHALL implement a two-action weapon arming sequence requiring explicit operator ARM command followed by independent authorization confirmation before enabling the firing circuit. Rationale: Derived from STK-REQ-004 and STK-REQ-007. Engagement mode transition requires two-action authorization per concept. Prevents accidental arming and supports ROE compliance chain. Addresses H-001 and H-007. | Test | system, safety, sil-3, session-617, idempotency:sys-two-action-arm-617 |
| SYS-REQ-008 | The Remote Weapon Station SHALL provide a hardware firing interlock independent of the fire control software that physically prevents weapon discharge when any safety condition is active (E-STOP, interlock trip, maintenance mode, or control link loss). Rationale: H-001, H-003, H-007 drive SIL 3. Software alone cannot achieve SIL 3 PFD targets. A hardware interlock independent of the FCS software provides a diverse second channel that prevents discharge regardless of software state. | Test | system, safety, sil-3, session-617, idempotency:sys-hw-firing-interlock-617 |
| SYS-REQ-009 | When the operator control link is lost, the Remote Weapon Station SHALL safe the weapon firing circuit and de-energise turret drives within 500ms of link loss detection. Rationale: Derived from STK-REQ-013. H-006 (loss of operator control while armed, SIL 2). IED Strike scenario: 500ms is the maximum acceptable time for an armed weapon to remain active without operator control. Hardware watchdog timer drives this independently of software. | Test | system, safety, sil-2, session-617, idempotency:sys-link-loss-safing-617 |
| SYS-REQ-010 | When Emergency Stop is activated, the Remote Weapon Station SHALL de-energise all turret drive motors and engage mechanical brakes on both azimuth and elevation axes within 200ms. Rationale: Derived from STK-REQ-006. H-002 (uncommanded turret motion, SIL 2). Emergency Stop scenario specifies 200ms brake engagement. Spring-applied brakes ensure fail-safe — loss of power results in braking, not free rotation. | Test | system, safety, sil-2, session-617, idempotency:sys-estop-brake-617 |
| SYS-REQ-011 | While in Degraded Operation mode with thermal imager failed, the Remote Weapon Station SHALL maintain engagement capability using the day camera with manual tracking, at a minimum engagement range of 200m against a stationary target. Rationale: Derived from STK-REQ-012. Degraded Sensor Operation scenario: single sensor failure must not render the system combat-ineffective. 200m minimum range with day camera and manual tracking provides last-ditch engagement capability. | Test | system, performance, session-617, idempotency:sys-degraded-engagement-617 |
| SYS-REQ-012 | The Remote Weapon Station SHALL complete Built-In Test of all safety-critical functions (servo drives, safety interlocks, firing circuit, sensor BIT) within 90 seconds of power application at -46°C. Rationale: Derived from STK-REQ-016. Initialization/BIT mode specifies 30-90s. Cold-start at -46°C is the worst case — lubricant viscosity, sensor warm-up, and electronics stabilisation are slowest. 90s ceiling ensures tactical readiness. | Test | system, performance, session-617, idempotency:sys-bit-time-617 |
| SYS-REQ-013 | The Remote Weapon Station SHALL transmit sensor video, target data, and system status to the Battle Management System via MIL-STD-6016 compatible tactical data link at a minimum rate of 1 Hz for position reports and 15 fps for video. Rationale: Derived from STK-REQ-005. Tactical Commander needs real-time sensor imagery for engagement authorization. 15 fps minimum for situational awareness; 1 Hz position updates for blue force tracking integration. | Test | system, interface, session-617, idempotency:sys-datalink-rate-617 |
| SYS-REQ-014 | The Remote Weapon Station SHALL withstand 25kN peak recoil load from sustained firing of the mounted weapon without structural yielding or loss of boresight alignment exceeding 1 mrad. Rationale: Derived from STK-REQ-010. Host vehicle interface specifies 25kN recoil load. Structural integrity and boresight retention under recoil are fundamental — loss of alignment during a burst makes subsequent rounds miss. | Test | system, structural, session-617, idempotency:sys-recoil-structural-617 |
| SYS-REQ-015 | The Remote Weapon Station SHALL support barrel change by a single maintainer in not more than 15 minutes with the system in Maintenance mode, and shall return to operational status within 5 minutes of maintenance completion via automated boresight verification. Rationale: Derived from STK-REQ-008. Field Maintenance scenario: 15-min barrel change, BIT confirms fix. The 5-min return-to-service includes boresight/calibration mode re-alignment after barrel change. | Demonstration | system, maintainability, session-617, idempotency:sys-barrel-change-time-617 |
| SYS-REQ-016 | The Remote Weapon Station SHALL achieve a Mean Time Between Critical Failures (MTBCF) of not less than 400 operating hours for safety-critical functions, and a Mean Time To Repair (MTTR) of not more than 60 minutes at field level. Rationale: Derived from STK-REQ-014. Operational availability requirement for deployed weapon systems. 400h MTBCF provides acceptable mission reliability over a 30-day deployment cycle. 60-min MTTR per STK-REQ-014 LRU replacement target. | Analysis | system, reliability, session-617, idempotency:sys-reliability-617 |
| SYS-REQ-017 | The Remote Weapon Station SHALL comply with MIL-STD-461G RE102/RS103 electromagnetic emissions and susceptibility limits and shall not cause interference with the host vehicle communication systems. Rationale: Derived from STK-REQ-016. EMC/EMI constraint: operation near radio transmitters and ECM. H-001 identifies EMI as a potential cause of uncommanded discharge — EMC compliance is safety-critical for the firing chain. | Test | system, environmental, session-617, idempotency:sys-emc-compliance-617 |
| SYS-REQ-018 | The Remote Weapon Station SHALL achieve positive target identification of a NATO standard target (2.3m x 2.3m wheeled vehicle) at a range of not less than 1500m in daylight conditions and not less than 800m in night or obscured conditions using the dual-mode EO/TI sensor suite. Rationale: Derived from STK-REQ-002. The Johnson criteria for positive identification require 6 cycles on the critical target dimension at the stated range. At 1500m, 6 cycles on 0.5m feature requires <=0.3 mrad IFOV (addressed by SYS-REQ-004). Stating the PID range explicitly in SYS ensures the sensor specification is traceable to the operational engagement requirement rather than only to a derived resolution metric. STK-REQ-002 identified that dual-mode sensors drive engagement decision quality and reduce friendly fire risk (H-004). | Test | session-635, qc, sensors, idempotency:qc-635-sys-req-018-pid-range |
| Source | Target | Type | Description |
|---|---|---|---|
| STK-REQ-002 | SYS-REQ-018 | derives | STK-REQ-002 operational PID range flows to SYS-REQ-018 explicit range requirement |
| STK-REQ-017 | SYS-REQ-016 | derives | IP67 ingress protection requirement contributes to MTBCF reliability specification |
| STK-REQ-011 | SYS-REQ-015 | derives | Loader replenishment need drives single-maintainer accessibility requirement |
| STK-REQ-009 | SYS-REQ-007 | derives | LOTO maintenance safety requirement drives two-action arming and interlock specification |
| STK-REQ-016 | SYS-REQ-017 | derives | Environmental hardening drives EMC compliance |
| STK-REQ-016 | SYS-REQ-012 | derives | Temperature range drives cold-start BIT time |
| STK-REQ-015 | SYS-REQ-008 | derives | SIL 3 compliance drives hardware interlock |
| STK-REQ-014 | SYS-REQ-016 | derives | LRU design drives MTTR target |
| STK-REQ-013 | SYS-REQ-009 | derives | Link loss auto-safe drives 500ms safing |
| STK-REQ-012 | SYS-REQ-011 | derives | Degraded ops drives single-sensor engagement |
| STK-REQ-010 | SYS-REQ-014 | derives | Crew isolation drives recoil structural requirement |
| STK-REQ-008 | SYS-REQ-015 | derives | Maintainability drives barrel change time |
| STK-REQ-007 | SYS-REQ-008 | derives | Discharge prevention drives hardware interlock |
| STK-REQ-006 | SYS-REQ-010 | derives | Dismounted safety drives E-STOP response |
| STK-REQ-005 | SYS-REQ-013 | derives | Tactical SA drives data link rate |
| STK-REQ-004 | SYS-REQ-007 | derives | Engagement authorization drives two-action arm |
| STK-REQ-003 | SYS-REQ-006 | derives | Auto-tracking need drives tracking accuracy |
| STK-REQ-002 | SYS-REQ-005 | derives | Target identification drives LRF spec |
| STK-REQ-002 | SYS-REQ-004 | derives | Sensor resolution need drives IFOV and NETD |
| STK-REQ-001 | SYS-REQ-003 | derives | No-exposure engagement drives traverse coverage |
| STK-REQ-001 | SYS-REQ-002 | derives | Crew protection drives engagement timeline |
| STK-REQ-001 | SYS-REQ-001 | derives | Crew protection drives engagement accuracy |