Mission Planning Environment Engineering
Secure, Model-Based Systems Engineering
for Mission-Critical Operations
We support advanced Mission Planning Environment (MPE) engineering for complex aerospace and defense programs where operational readiness, secure data handling, requirements discipline, and cross-domain integration are mission-essential.
Our work focuses on helping program teams define, model, analyze, and validate the systems, software, data, and security architecture required to support mission planning, ground operations, training environments, and mission-system integration.
◤ What We Support
Systems engineering and digital engineering support across the full mission planning lifecycle:
- ▸Mission planning architecture & workflow definition
- ▸Ground security & trusted data-handling processes
- ▸System and software requirements development
- ▸Requirements decomposition & work packages
- ▸Data item dictionary development
- ▸Trusted file classification specifications
- ▸System & subsystem design documentation
- ▸Mission-system interface analysis
- ▸Customer / supplier technical interchange support
- ▸Software product evaluations
- ▸Software change board support
- ▸Defect investigation & root-cause analysis
- ▸Change impact analysis across mission domains
◤ Cross-Domain Mission Integration
MPEs rarely operate in isolation. We support impact analysis and architecture alignment across:
- ▸Mission Systems
- ▸Ground Support Systems
- ▸ALIS / sustainment & logistics
- ▸Training Systems
- ▸System Security Engineering
- ▸Software Engineering
- ▸Test & Verification teams
- ▸Customer & supplier engineering orgs
Ensures changes in one domain are properly assessed for downstream impacts to requirements, interfaces, software behavior, security constraints, operational workflows, and verification evidence.
◤ JMPS / Unique Planning Component Framework
F-35 mission planning extends the Joint Mission Planning System (JMPS) host with platform-specific Unique Planning Components (UPC / F-35 PC) layered over the PFPS heritage stack.
- ▸JMPS framework & host services
- ▸F-35 Unique Planning Component (UPC)
- ▸Common / shared planning components
- ▸PFPS legacy data product reuse
- ▸Component installer & version manifest
- ▸Plug-in interface contracts
- ▸Host ↔ UPC data exchange schemas
- ▸Component certification artifacts
◤ Mission Data Files & Mission Data Loads
The MDF/MDL pipeline drives sensor fusion, threat ID, and EW response. Reprogramming labs (USRL / ACURL) build, verify, and release theater-specific loads.
- ▸Threat library curation & signatures
- ▸EW reprogramming workflows
- ▸MDF build / compile / sign
- ▸Lab verification & regression
- ▸Theater-tailored MDL variants
- ▸MDL release & distribution control
- ▸Aircraft load verification feedback
- ▸Reprogramming change requests (RCR)
◤ DTC / PMBA Load Media & Aircraft Upload
- ▸Data Transfer Cartridge (DTC) formatting
- ▸Portable Memory Bus Adapter (PMBA) handling
- ▸Pre-flight load verification
- ▸Post-flight data offload
- ▸Media sanitization & chain of custody
- ▸Load failure diagnostics
◤ Sensors & Weapons Planning
- ▸AN/APG-81 AESA radar modes & plans
- ▸EOTS targeting & laser designation
- ▸DAS coverage & cueing setup
- ▸CNI / EW emitter management
- ▸AIM-120 / AIM-9X engagement zones
- ▸JDAM / SDB-I / SDB-II targeting
- ▸Weapon employment zones & ROE gates
- ▸Stores configuration & CG impacts
◤ Datalink & Crypto Planning
- ▸MADL network design & participant groups
- ▸Link-16 NPG / TSEC / time slot planning
- ▸VMF / SATCOM channelization
- ▸EKMS / KMI crypto key ordering
- ▸Key fill schedules & rollover
- ▸EMCON states & emission plans
- ▸IFF Mode 4/5 crypto configuration
◤ ALIS / ODIN Sustainment Interface
- ▸Sortie generation & tasking handoff
- ▸Health Reporting Code (HRC) ingest
- ▸PHM data correlation with mission plan
- ▸Squadron Operations Unit (SOU) workflows
- ▸ODIN migration & cloud-native data flows
- ▸Mission data ↔ sustainment reconciliation
◤ Debrief & Mission Reconstruction
- ▸ADR / MADL recording offload
- ▸Sensor & track reconstruction
- ▸Event timeline & shot validation
- ▸Lessons-learned capture loop
- ▸Feedback to MDF reprogramming
- ▸Training & TTP refinement products
◤ Coalition, Partner Releasability & FMS
- ▸Partner-nation MDF variants & releasability
- ▸Block 3F / Block 4 capability deltas per tail
- ▸ITAR / EAR technology control
- ▸FMS case data segregation
- ▸Multi-level security (MLS) handling
- ▸REL PARTNER-GROUP / DEMO-LIMITED marking discipline
- ▸Cross-domain solution (CDS) interfaces
◤ MBSE / CAMEO Architecture Development
We use Model-Based Systems Engineering practices and CAMEO/SysML modeling to improve clarity, traceability, and engineering decision-making.
⟦ Context Diagrams ⟧
System boundaries, actors, external systems, interfaces.
⟦ Use Case Diagrams ⟧
Stakeholder interactions & mission planning scenarios.
⟦ Activity Diagrams ⟧
Operational workflows, data movement, validation steps.
⟦ State Machine Diagrams ⟧
Lifecycle states, transitions, approval & secure processing states.
⟦ Requirements Diagrams ⟧
Traceability from mission needs to verification.
⟦ Allocation Views ⟧
Functions ↔ components ↔ interfaces ↔ verification.
MBSE Capability Deep-Dive
F-35 MPE through Model-Based Systems Engineering
Eight capabilities — Clear Requirements, Model-Based Architecture, Secure Data Handling, Traceable Design Artifacts, Cross-Domain Impact Analysis, Stakeholder Coordination, Defect & Change Discipline, and Verification-Ready Outputs — examined as What, Why, How (MBSE), and When.
Requirements diagramsUse casesActivity diagramsState machinesIBDsParametric diagrams
⟦ What ⟧
- In MBSE, clear requirements are precise, testable, traceable statements that define what the system must do, how well it must perform, what constraints it must obey, and how it will be verified.
- For a Mission Planning Environment, requirements may cover: mission data preparation, file import/export, user authentication, trusted file classification, ground security constraints, interface behavior with Mission Systems / ALIS / Training / Security Engineering, error handling, software performance & availability, audit logging, and data integrity.
- Weak: 'The system shall securely process mission files.' Stronger: 'The MPE shall validate the classification marking, file integrity, source authorization, and destination authorization of each imported mission planning file before allowing the file to be processed.'
⟦ Why ⟧
- Mission planning systems are connected to sensitive operational workflows. Poor requirements create ambiguity, rework, security gaps, failed verification, and stakeholder disagreement.
- Clear requirements answer: What must the system do? Who needs it? What is inside vs. outside the boundary? What data is exchanged? What security rules apply? How will we know it works?
- In aerospace and defense, unclear requirements create downstream issues during SRR, PDR, CDR, TRR, software testing, cybersecurity review, and operational deployment.
⟦ How (MBSE) ⟧
- Requirements must not be written in isolation — they must connect to architecture, behavior, interfaces, verification, and risk.
Diagrams used
- Requirements Diagrams — parent-child decomposition & derived requirements.
- Use Case Diagrams — who uses the system and which mission scenarios drive requirements.
- Activity Diagrams — process flow and functional derivation.
- State Machines — Draft, Validated, Approved, Rejected, Transferred, Archived.
- Internal Block Diagrams — interfaces needing requirements.
- Parametric Diagrams — performance, timing, constraint capture.
Flow
- Capture stakeholder need → Define operational scenario → Model behavior (activity diagram) → Identify system functions → Allocate to system/software components → Derive system & software requirements → Attach verification method → Trace back to original mission need.
⟦ When ⟧
- At the beginning of system definition
- During requirements decomposition
- Before design review milestones (SRR/PDR/CDR)
- When new stakeholder needs are introduced
- When defects reveal ambiguous behavior
- When security, interface, or data-handling rules are unclear
- Before writing test procedures
- During Agile backlog refinement
References
⟦ SysML Snippet — Requirements decomposition (SysML req tree) ⟧
◤ MBSE Capability Summary Matrix
| Capability | MBSE Purpose | SysML / CAMEO Artifacts | Main Benefit |
|---|---|---|---|
| Clear Requirements | Define what the system must do | Requirements diagrams, use cases, activities | Reduces ambiguity |
| Model-Based Architecture | Represent structure, behavior, interfaces | BDD, IBD, activities, states, context diagrams | Improves system understanding |
| Secure Data Handling | Control sensitive file / data lifecycle | Data flows, activities, state machines, requirements | Reduces security & classification risk |
| Traceable Design Artifacts | Connect needs to design and verification | satisfy, deriveReqt, verify, refine, allocate | Enables impact analysis |
| Cross-Domain Impact Analysis | Understand effects of change across systems | Traceability views, interface models, requirement links | Prevents downstream failures |
| Strong Stakeholder Coordination | Align customers, suppliers, engineering teams | Viewpoints, views, use cases, context diagrams | Reduces miscommunication |
| Defect & Change Discipline | Manage issues and controlled changes | Defect links, change impact views, state/activity models | Protects baseline integrity |
| Verification-Ready Outputs | Prepare requirements & models for proof | Test cases, verify links, activity/state models | Supports acceptance & review readiness |
◤ Executive Synthesis
In an MBSE approach, I would not treat requirements, architecture, security, defects, and verification as separate activities — I would connect them through the model. Clear requirements define what the system must do. Model-based architecture shows how the system is structured and behaves. Secure data handling defines how mission data and trusted files move through controlled workflows. Traceable design artifacts connect stakeholder needs to system functions, interfaces, software components, and verification cases. Cross-domain impact analysis uses those relationships to understand how changes affect Mission Systems, ALIS, Training, and Security Engineering. Strong stakeholder coordination ensures every team works from a shared technical baseline. Defect and change-management discipline protects the configuration baseline, and verification-ready outputs ensure the system can be tested, accepted, and maintained with confidence.
◤ Cameo / SysML Architecture Plan
How We Architect the F-35 MPE Model in Cameo Enterprise Architect
A complete, repository-ready breakdown of every diagram class, level, and modeling convention used to express the Mission Planning Environment in CAMEO/SysML — engineered for traceability from enterprise context (L0) down to class/object (L6).
SysML 1.6UAFTeamwork CloudDocGenCameo Simulation ToolkitCameo Requirements Modeler
◤ Cameo Project Structure
Top-Level Model Packages
The .mdzip is organized into 12 fixed top-level packages. Each diagram listed below lives in exactly one package, giving every artifact a deterministic home.
⟦ SysML Snippet — 📦 F35_MPE_Model.mdzip — package layout ⟧
◤ Diagram Catalog
Logical, Structural, Behavioral, Analytical & Context Diagrams
The complete diagram inventory grouped by SysML category.
⟦ Context ⟧
- ▸L0 Enterprise Context Diagram
- ▸Operational Context Diagram (per mission phase)
- ▸External Systems Context (JMPS, ALIS/ODIN, KMI, NGA)
- ▸Boundary IBD (system black box)
⟦ Logical ⟧
- ▸Logical Architecture BDD
- ▸Logical Decomposition Tree
- ▸Logical Block Definition per Capability
- ▸Logical Interface Diagrams
- ▸Logical Data Model (Class / Block diagrams)
⟦ Structural ⟧
- ▸BDD L0–L6 (system → class)
- ▸IBD L0–L6 (interconnections at each tier)
- ▸Package Diagram (model organization)
- ▸Profile / Stereotype Diagram
- ▸Deployment Diagram (HW/SW nodes, enclaves)
⟦ Behavioral ⟧
- ▸Use Case Diagrams (per package)
- ▸Activity Diagrams with Swimlanes (operational flow)
- ▸Sequence Diagrams (interface choreography)
- ▸State Machine Diagrams (lifecycle objects)
- ▸Timing Diagrams (latency budgets)
⟦ Analytical ⟧
- ▸Parametric Diagrams (constraint blocks)
- ▸Trade Study Matrices
- ▸Sensitivity / Margin Analyses
⟦ Cross-Cutting ⟧
- ▸Requirements Diagrams (Derive/Satisfy/Verify)
- ▸Allocation Matrices
- ▸Traceability Matrices
- ▸Dependency Matrices
- ▸Generic Tables (req, test, interface registers)
◤ BDDs L0 → L6
Block Definition Diagram Tiering
Each tier owns a stable scope. L0 frames the enterprise; L6 captures implementation-level value types and enumerations.
| Level | Diagram Name | Purpose | Typical Contents |
|---|---|---|---|
| L0 | Enterprise / Mission Context BDD | Frame the MPE inside the joint warfighting enterprise. | F-35 Air System, JMPS Enterprise, ALIS/ODIN, USRL/ACURL, Coalition Partners, NSA KMI, NGA. |
| L1 | MPE System-of-Systems BDD | Show MPE as a SoS peer to Air Vehicle, Sustainment, Training, Ground Security. | Mission Planning Environment, Air Vehicle, ALIS/ODIN, TR/SIM, SSE, Reprogramming Labs. |
| L2 | MPE System BDD | Decompose MPE into top-level systems. | Mission Host, Avionics Planning Computer, Data Pipeline, Crypto/Comms Planner, Nav/Chart Service, Transfer/Backup Service, Debrief. |
| L3 | Segment BDD (per system) | Break each system into segments / major CIs. | UPC = Mission Builder + Weapon Planner + Sensor Planner + Threat Mgr + Output Builder. |
| L4 | Subsystem BDD | Subsystems and their owned blocks. | Weapon Planner → AIM-120 Engager, JDAM Targeter, SDB-II Router, Stores CG Model. |
| L5 | Assembly / Component BDD | Software CSCIs, services, libraries, data stores. | Threat Library Service, MDF Compiler, Signing Service, EKMS Adapter, Crypto Key Store. |
| L6 | Part / Class BDD | Implementation-level classes, value types, enumerations. | ThreatRecord, EmitterSignature, MDLPackage, KeyMaterial, ClassificationMarking enum. |
◤ IBDs L0 → L6
Internal Block Diagram Tiering
IBDs mirror the BDD tier and express connectors, ports, and item flows at each abstraction level.
| Level | Diagram Name | Purpose | Typical Contents |
|---|---|---|---|
| L0 | Enterprise Context IBD | External actors and flows crossing the MPE boundary. | Pilot, MPC Operator, ALIS, USRL, KMI, NGA — flows: MDL, DTC image, key fill, DAFIF, debrief. |
| L1 | MPE Boundary IBD | Ports/interfaces of the MPE as a black box. | Input ports (JMPS Host API, KMI feed, NGA feed); output ports (DTC, MDL, Debrief). |
| L2 | MPE Internal IBD | Connectors between top-level systems inside MPE. | JMPS Host ↔ UPC ↔ MDF Pipeline ↔ Crypto Planner ↔ Output Builder. |
| L3 | System IBD (e.g., UPC) | Internal connectors between segments of one system. | Mission Builder ↔ Sensor Planner ↔ Weapon Planner ↔ Threat Mgr. |
| L4 | Subsystem IBD | Subsystem internal flow ports & item flows. | Weapon Planner internal: Engagement Solver ↔ Stores Mgr ↔ ROE Gate. |
| L5 | Component / Service IBD | Service-to-service interface contracts. | MDF Compiler ↔ Threat Library ↔ Signing Service ↔ Distribution Adapter. |
| L6 | Class / Object IBD | Object-level association and data structure wiring. | MDLPackage holds ThreatRecord[], SignatureBlock, ReleaseMetadata. |
◤ Activity Diagrams (Swimlanes)
Operational & Engineering Activity Flows
Every activity diagram uses partitions (swimlanes) tied to organizational actors or system blocks so responsibilities and hand-offs are explicit.
| Activity | Swimlanes (Partitions) | Purpose |
|---|---|---|
| Mission Plan Build & Release | Mission Planner │ JMPS Host │ F-35 UPC │ Security Officer │ Debrief | End-to-end plan authoring, classification, approval, DTC write. |
| MDF Reprogramming Cycle | RCR Owner │ USRL/ACURL │ MDF Compiler │ Verification Lab │ Distribution | RCR → threat lib update → build/sign → lab verify → theater release. |
| Trusted File Import | Operator │ Ground Security │ Trusted Importer │ Audit │ UPC | Source validation, classification, integrity check, accept/reject. |
| Crypto Key Ordering & Fill | Crypto Officer │ EKMS/KMI Adapter │ Key Store │ DTC Service │ Aircraft | Key order → receipt → fill schedule → DTC pack → aircraft fill. |
| Datalink Plan (MADL/Link-16) | Comm Planner │ Datalink Planner │ Crypto Planner │ Output Builder | Participant groups, NPGs, time slots, crypto bindings, emit plan. |
| Sensor & Weapons Plan | Planner │ Sensor Planner │ Weapon Planner │ Stores/CG Model | Radar/EOTS/DAS setup; weapon pairing; ROE & EZ checks. |
| DTC/PMBA Load Cycle | Crew Chief │ DTC Service │ Security │ Aircraft │ Debrief | Write → verify → upload → fly → offload → sanitize. |
| ALIS/ODIN Sync | MPE │ ALIS/ODIN │ Sustainment │ Coalition Gateway | Mission data ↔ sustainment exchange and releasability filters. |
| Change Impact Analysis | CCB │ Systems │ Software │ Security │ V&V | Engineering change request fan-out across domains. |
| Defect Lifecycle | Reporter │ Triage │ Engineering │ V&V │ CCB | Open → triage → root-cause → fix → verify → close. |
| RMF / ATO Evidence Build | ISSE │ Engineering │ Security Control Assessor │ AO | Control implementation → assessment → POA&M → authorization. |
◤ State Machines
Lifecycle State Machines
One state machine per long-lived object whose lifecycle is governed by approvals, releases, or security events.
- ⟦ MissionPlan ⟧Draft → Review → Approved → Released → Archived
- ⟦ MDLPackage ⟧Built → Signed → LabVerified → Released → Superseded
- ⟦ TrustedFile ⟧Received → Validated → Classified → Accepted / Rejected
- ⟦ CryptoKey ⟧Ordered → Received → Loaded → Active → Zeroized
- ⟦ DTCImage ⟧Authored → Written → Verified → Uploaded → Offloaded → Sanitized
- ⟦ Defect ⟧New → Triaged → Assigned → Fixed → Verified → Closed
- ⟦ RequirementBaseline ⟧Proposed → Approved → Baselined → Changed → Superseded
- ⟦ RMFPackage ⟧Categorized → Selected → Implemented → Assessed → Authorized → Monitored
◤ Use Cases & Context
Use Case Packages and Context Diagrams
Use cases are partitioned by mission/engineering domain. Each package has its own UC diagram, actor catalog, and traceability into the requirements model.
- ▸Mission Planning (UC-MP-*)
- ▸Sensor & Weapons Planning (UC-SW-*)
- ▸Datalink & Crypto Planning (UC-DC-*)
- ▸Navigation, Charts & GPS Keying (UC-NV-*)
- ▸MDF Reprogramming (UC-MDF-*)
- ▸DTC/PMBA Load Operations (UC-DTC-*)
- ▸ALIS/ODIN Sustainment Exchange (UC-AO-*)
- ▸Debrief & Reconstruction (UC-DB-*)
- ▸Coalition & Releasability (UC-CR-*)
- ▸Ground Security Administration (UC-GS-*)
- ▸Configuration & Change Management (UC-CM-*)
- ▸RMF / Continuous Monitoring (UC-RMF-*)
◤ Requirements & Parametrics
Requirements Diagrams and Constraint Models
Requirements are captured in SysML Requirements Diagrams with Derive/Refine/Satisfy/Verify links. Parametrics express engineering budgets and constraints.
⟦ Requirements Views ⟧
- ▸Stakeholder Needs Diagram (capabilities → mission outcomes)
- ▸System Requirements Diagram (L1 SyRS)
- ▸Subsystem / Software Requirements Diagram (L2 SRS, L3 SSDD)
- ▸Derive / Refine / Satisfy / Verify relationships
- ▸Requirements Containment Trees per CI
- ▸Interface Requirements (IRS) Diagrams per ICD
- ▸Security Requirements Diagram aligned to NIST SP 800-53 controls
⟦ Parametric Diagrams ⟧
- ▸Stores & CG Constraints
- ▸Weapon Engagement Zone (EZ) computation
- ▸Fuel / Range / Loiter parametrics
- ▸Datalink Time Slot / Throughput budget
- ▸Crypto Key Lifetime / Rollover budget
- ▸MDF Build Latency budget
- ▸Threat Reaction Timeline budget
◤ Allocations & Matrices
Allocation / Traceability / Dependency Matrices
Matrices are first-class artifacts in Cameo — they convert relationships in the model into reviewable, exportable tables.
- ▸Requirements ↔ Blocks (Satisfy matrix)
- ▸Requirements ↔ Test Cases (Verify matrix)
- ▸Functions ↔ Components (Allocation matrix)
- ▸Use Cases ↔ Activities (Refine matrix)
- ▸Blocks ↔ Interfaces (Port realization)
- ▸Security Controls ↔ Components (NIST 800-53)
- ▸Hazards ↔ Mitigations (Safety matrix)
- ▸Stakeholders ↔ Needs ↔ Requirements (Trace matrix)
◤ Modeling Conventions
Profiles, Naming, Baselines & Validation
Standards every contributor follows so the model stays clean, mergeable, and audit-ready.
- ▸SysML 1.6 profile + UAF profile for DoDAF/MODAF viewpoints
- ▸Custom Mission Planning profile (stereotypes: «MissionPlan», «MissionData», «TrustedFile», «CryptoKey»)
- ▸Naming: <Tier>_<Domain>_<Artifact> (e.g., L3_UPC_WeaponPlanner_IBD)
- ▸ID scheme: SyRS-#### / SRS-#### / IRS-#### / UC-### / TC-####
- ▸Baselines via Teamwork Cloud branches (Trunk, Release-x.y, Hotfix)
- ▸Locking & merge policy aligned with CCB cadence
- ▸Validation suites enabled (SysML well-formedness, custom MPE rules)
- ▸DocGen templates: SyRS, SRS, SSDD, ICD, V&V Plan, ATO evidence pack
◤ Role → MBSE Coverage Matrix
F-35 MPE System/Software Design Engineer — Full MBSE Coverage
Every responsibility of the MPE System/Software Design Engineer — requirements work packages, the data item dictionary, trusted file classification, the SSDD, internal and external collaboration, software product evaluations and SCCB, defect investigation, and cross-domain impact review for Mission Systems / ALIS / Training / SSE — is executed through Model-Based Systems Engineering in Cameo Enterprise Architect. The mapping below ties each duty to the SysML artifacts, Cameo diagrams, and generated documents that satisfy it.
⟦ SysML Snippet — Responsibility → MBSE Artifact → Cameo Diagram → Baseline → Generated Document → Stakeholder Feedback ⟧
◤ Responsibility 1
Develop Requirements Work Packages
⟦ MBSE Artifacts ⟧
- ▸SysML Requirements Diagrams (SyRS → SRS → SSDD)
- ▸Derive / Refine / Satisfy / Verify links
- ▸Containment trees per CI / work package
- ▸Requirement stereotypes («functional», «performance», «interface», «security»)
⟦ Cameo Diagrams & Matrices ⟧
- ▸Requirements Diagram per work package
- ▸Requirements Containment Tree
- ▸Satisfy / Verify Matrices
- ▸DocGen template → SyRS / SRS PDF
⟦ Outputs / Evidence ⟧
- ▸Work-package scoped requirement set
- ▸Bidirectional trace report
- ▸Baseline ID + CCB record
◤ Responsibility 2
Data Item Dictionary (DID)
⟦ MBSE Artifacts ⟧
- ▸Value Types, Units, Enumerations in 12_Library package
- ▸Block properties typed against Library entries
- ▸«DataItem» stereotype + classification tag
- ▸Interface Block ports referencing typed signals
⟦ Cameo Diagrams & Matrices ⟧
- ▸Class / BDD (L6) of data items
- ▸Generic Table: DID Register (name, type, units, range, classification, source, consumer)
- ▸Dependency Matrix: DID ↔ Interfaces ↔ Components
⟦ Outputs / Evidence ⟧
- ▸Single authoritative DID exported via DocGen
- ▸Type-checked usage across the model
◤ Responsibility 3
Trusted File Classification Specifications
⟦ MBSE Artifacts ⟧
- ▸«TrustedFile» stereotype with classification, releasability, handling caveats
- ▸State Machine: Received → Validated → Classified → Accepted/Rejected
- ▸Activity: Trusted File Import (swimlanes: Operator, Ground Sec, Trusted Importer, Audit, UPC)
- ▸Security Requirements Diagram linked to NIST 800-53 controls
⟦ Cameo Diagrams & Matrices ⟧
- ▸State Machine — TrustedFile lifecycle
- ▸Activity Diagram — Trusted File Import
- ▸Allocation Matrix: Trusted Files ↔ Security Controls
⟦ Outputs / Evidence ⟧
- ▸Trusted File Classification Specification (TFCS)
- ▸Control evidence for ATO package
◤ Responsibility 4
System / Subsystem Design Document (SSDD)
⟦ MBSE Artifacts ⟧
- ▸BDD L2–L5 (system → component) and matching IBDs
- ▸Sequence Diagrams for interface choreography
- ▸Deployment Diagram (HW/SW nodes, enclaves)
- ▸Parametric Diagrams for engineering budgets
⟦ Cameo Diagrams & Matrices ⟧
- ▸BDD / IBD per subsystem
- ▸Sequence + State Machine per CI
- ▸DocGen template → SSDD
⟦ Outputs / Evidence ⟧
- ▸Auto-generated SSDD synchronized with the model
- ▸Interface descriptions traceable to IRS/ICD
◤ Responsibility 5
Internal & External Collaboration / Customer & Supplier TIMs
⟦ MBSE Artifacts ⟧
- ▸UAF Operational & Organizational views (actors, roles, responsibilities)
- ▸Use Case packages per stakeholder domain (UC-MP, UC-AO, UC-CR, UC-GS …)
- ▸Interface Control Documents (ICD) as Interface Blocks + IRS diagrams
- ▸Teamwork Cloud branches per supplier baseline
⟦ Cameo Diagrams & Matrices ⟧
- ▸Context Diagram (L0) showing customer / supplier actors
- ▸Use Case Diagrams per package
- ▸Interface Block + IRS Requirements Diagram
- ▸Allocation Matrix: Stakeholder ↔ Need ↔ Requirement
⟦ Outputs / Evidence ⟧
- ▸Shared model views for TIMs (read-only Cameo Collaborator)
- ▸ICD deltas auto-diffed between baselines
◤ Responsibility 6
Software Product Evaluation Reviews & SCCB
⟦ MBSE Artifacts ⟧
- ▸Verify matrix (Requirements ↔ Test Cases)
- ▸Defect & Change stereotypes on impacted model elements
- ▸Activity: Change Impact Analysis (swimlanes: CCB, Systems, SW, Sec, V&V)
- ▸Baseline tags on Teamwork Cloud (Trunk / Release-x.y / Hotfix)
⟦ Cameo Diagrams & Matrices ⟧
- ▸Activity Diagram — Change Impact Analysis
- ▸Dependency Matrix — Change ↔ Affected Blocks / Reqs / Tests
- ▸DocGen template → SCCB package
⟦ Outputs / Evidence ⟧
- ▸Evaluation report + SCCB decision artifact
- ▸Updated baseline with traceable delta
◤ Responsibility 7
Investigate & Correct System Defects
⟦ MBSE Artifacts ⟧
- ▸«Defect» stereotype linked to Requirement, Block, Test Case
- ▸State Machine: New → Triaged → Assigned → Fixed → Verified → Closed
- ▸Activity: Defect Lifecycle (swimlanes: Reporter, Triage, Eng, V&V, CCB)
- ▸Root-cause linked via Derive to originating requirement gap
⟦ Cameo Diagrams & Matrices ⟧
- ▸State Machine — Defect lifecycle
- ▸Activity Diagram — Defect Lifecycle
- ▸Trace Matrix — Defect ↔ Requirement ↔ Test
⟦ Outputs / Evidence ⟧
- ▸Root-cause record with corrective + preventive action
- ▸Regression test linked back to original defect
◤ Responsibility 8
Review Mission Systems / ALIS / Training / SSE Domain Reqs for MPE Impact
⟦ MBSE Artifacts ⟧
- ▸Cross-domain Allocation Matrices (MPE ↔ Mission Systems / ALIS / TR-SIM / SSE)
- ▸Dependency Matrix on Interface Blocks
- ▸Impact propagation via Derive / Refine links
- ▸UAF Systems-of-Systems view
⟦ Cameo Diagrams & Matrices ⟧
- ▸L1 SoS BDD
- ▸Allocation Matrix: External Requirement ↔ MPE Block / Requirement
- ▸Dependency Matrix: ICD ↔ MPE Subsystems
⟦ Outputs / Evidence ⟧
- ▸Impact assessment memo per external change
- ▸Cross-domain CCB input
◤ Responsibility 9
Execute All of the Above via MBSE
⟦ MBSE Artifacts ⟧
- ▸Single source of truth: F35_MPE_Model.mdzip in Teamwork Cloud
- ▸SysML 1.6 + UAF + custom F-35 MPE profile
- ▸Validation suites enforce well-formedness & MPE rules
- ▸DocGen produces every downstream document
⟦ Cameo Diagrams & Matrices ⟧
- ▸Every artifact above lives in one of the 12 top-level packages
- ▸Baselines, branches, and merges replace document-version churn
⟦ Outputs / Evidence ⟧
- ▸Verifiable, traceable, audit-ready engineering baseline
◤ Requirements Development & Decomposition
- ▸Capture operational intent & stakeholder needs
- ▸Define system functions & MP workflows
- ▸Decompose system → subsystem → software
- ▸Identify interface, data, security, performance constraints
- ▸Establish verification methods early
- ▸Maintain traceability across artifacts
- ▸Support Agile backlog refinement with acceptance criteria
◤ Ground Security & Trusted File Classification
- ▸Trusted / untrusted file handling
- ▸File provenance & source validation
- ▸Classification marking & rules
- ▸Secure import / export workflows
- ▸Data integrity checks
- ▸Access control & user authorization
- ▸Audit logging & accountability
- ▸Rejection handling for invalid files
- ▸Security requirements traceability
- ▸Alignment with SSE / RMF processes
◤ Cybersecurity & RMF
- ▸RMF ATO artifact development
- ▸DISA STIG compliance & hardening
- ▸Cross-domain solution (CDS) integration
- ▸Boundary protection & enclave design
- ▸Audit, logging & continuous monitoring
- ▸Vulnerability scan triage (ACAS)
- ▸POA&M tracking & remediation
◤ Configuration Management
- ▸Block 3F vs Block 4 increment deltas
- ▸TR-2 / TR-3 hardware baseline tracking
- ▸MDF version control per squadron / theater
- ▸UPC component manifests & dependencies
- ▸Engineering change proposals (ECP)
- ▸Baseline audits (FCA / PCA)
◤ Verification, Validation, SIL & HWIL
- ▸Software-in-the-Loop (SIL) test design
- ▸Hardware-in-the-Loop (HWIL) integration
- ▸Pilot-in-the-loop simulator verification
- ▸Flight test instrumentation tie-in
- ▸Requirements-to-test traceability
- ▸Regression suites for MDF / UPC releases
- ▸Anomaly capture & resolution loop
◤ Design Documentation & Technical Reviews
- ▸System & subsystem design descriptions
- ▸Requirements work packages
- ▸Interface & data-flow descriptions
- ▸Data item dictionaries
- ▸Trusted file classification specs
- ▸Mission-planning workflow models
- ▸Change impact assessments
- ▸Defect investigation summaries
- ▸TIM materials & SWE review inputs
- ▸Change board decision-support artifacts
◤ Agile Systems Engineering Support
- ▸Translate capabilities → features → stories
- ▸Define system-level acceptance criteria
- ▸Maintain traceability during iteration
- ▸Support sprint planning & backlog refinement
- ▸Evaluate increments vs. system requirements
- ▸Investigate defects, assess impacts
- ▸Participate in software change boards
◤ Security Clearance & Defense Program Readiness
Experience supporting defense and aerospace environments requiring disciplined engineering practices, secure collaboration, controlled technical data handling, and U.S. government security clearance eligibility. We work within program security boundaries with professionalism, precision, and accountability.
◤ MPE Lifecycle — Plan ▸ Brief ▸ Fly ▸ Debrief ▸ Reprogram
▸ PLAN
Route, threats, loadout, datalink, crypto, MDL selection.
▸ BRIEF
OMS products, kneeboards, SPINS, ROE, contingency cards.
▸ FLY
DTC/PMBA load, in-flight datalink, sensor fusion, MADL net.
▸ DEBRIEF
ADR offload, reconstruction, shot validation, lessons learned.
▸ REPROGRAM
Threat updates → MDF rebuild → lab verify → MDL release.
◤ Glossary — Key Acronyms
MPEMission Planning Environment
JMPSJoint Mission Planning System
UPCUnique Planning Component
PFPSPortable Flight Planning Software
MDFMission Data File
MDLMission Data Load
USRLU.S. Reprogramming Laboratory
ACURLAustralia/Canada/UK Reprogramming Lab
DTCData Transfer Cartridge
PMBAPortable Memory Bus Adapter
OMSOff-board Mission Support
ADRAirborne Data Recorder
MADLMultifunction Advanced Data Link
DASDistributed Aperture System
EOTSElectro-Optical Targeting System
CNICommunications, Navigation & Identification
EKMS / KMIElectronic Key Mgmt / Key Mgmt Infrastructure
SAASMSelective Availability Anti-Spoofing Module
ALIS / ODINAutonomic Logistics IS / Operational Data Integrated Net
SIL / HWILSoftware / Hardware-in-the-Loop
RMF / ATORisk Management Framework / Authority to Operate
MBSEModel-Based Systems Engineering
CDSCross-Domain Solution
FMSForeign Military Sales
◢ Why This Matters
A small gap becomes a downstream impact across every connected domain.
Our capability helps program teams reduce risk by bringing structure to complex systems through clear requirements, model-based architecture, secure data handling, traceable design artifacts, cross-domain impact analysis, strong stakeholder coordination, and verification-ready engineering outputs.
◤ Core Capability Summary
Mission PlanningGround SecurityMBSE / CAMEOSysMLRequirements DecompositionSystem / Software DesignTrusted File ClassificationData Item DictionariesAgile Systems EngineeringSoftware Change BoardsDefect InvestigationCross-Domain Impact Analysis