USGv6 Revision 1

The first version of the of the USGv6 standards profile was published in 2008 and the USGv6 test program became operational in 2009.   In the years since the USGv6 Program (as the effort is commonly known) has been referenced in Federal Acquisition Regulations, used as the basis for USG Agency strategic plans and acquisition policies and has resulted in the detailed documentation and test of IPv6 capabilities in a large number of commercial products.

In November 2020, OMB issued memorandum M-21-07 "Completing the Transition to Internet Protocol Version 6 (IPv6)",  which outlines the Federal government's strategic intent "to deliver its information services, operate its networks, and access the services of others using only IPv6".   The policy also instructed NIST to update and expand its USGv6 standards profile and test program to facilitate this government-wide initiative.

In anticipation of this request, NIST and its partners undertook a significant revision of the USGv6 Profile and Test Program to update their technical specifications and streamline their use in Federal procurement processes. USGv6-r1, the first major revision of the USGv6 Program, has several objectives:

1. To update the set of Internet Engineering Task Force (IETF) specifications that form the basis for the USGv6 profile to their latest published version.
2. To add new specifications for important IPv6 capabilities that have been developed since the publication of the first profile. 
   • Highlights of these additions include technologies to support emerging use cases such as the Internet of Things, new forms of IPv6 transition technologies, support for “IPv6-Only” environments, and better support for specification of IPv6 enabled applications.
3. To remove specifications for IPv6 capabilities included in the first version of the profile, but that have since failed to achieve significant support in commercial products and network deployments.
4. To simplify the means of expressing product IPv6 requirements and capabilities.  
   • The same concise Capability Summary String (CSS) notation is used for expressing product requirements and the results of product testing.
     • Example-Host = USGv6-r1:Host + IPv6-Only + Core + Addr-Arch + Multicast + DHCP-Client + TLS + Link=Ethernet
   • A concise summary of the technical definition of each named IPv6 capability is provided by the USGv6 Capabilities Table.
   • More detailed guidance is provided on recommended minimal requirements for products to be considered "USGv6 Capable".
5. To separate the definition of IPv6 Capability Profiles from their specific use in USG acquisition programs so as to permit other user groups to re-use the capability profiles and their aligned product testing programs.To achieve this last goal, we have refactored the original USGv6 profile into two distinct documents.  
   • The NIST IPv6 Profile defines a basic taxonomy of IPv6 capabilities defined in terms of IETF specifications, resulting in named capability sets for common network functions and usage scenarios.    
   • The USGv6 Profile, inherits from and refines the generic NIST IPv6 profile for use in Federal IT acquisitions.
6. To update and consolidate the description and operation of the USGv6 Test Program to reflect the lessons learned in the implementation of that program to date.
   • Highlights of these changes include a more concise and consistent notation for documenting IPv6 capabilities, better support for testing in IPv6-Only environments, and an improved and streamlined Supplier’s Declaration of Conformity (SDOC) for documenting test results.
   • This revision to the USGv6 Test Program strengthens the commitment to maintain synchronization with the industry driven IPv6 Ready Logo program so as to minimize testing requirements on vendors.

The USG move toward IPv6-only network environments dramatically increases the need to assure the quality, completeness and interoperability of the IPv6 capabilities in IT products and services.  While IPv6-only environments will greatly reduce the complexity of operating dual-stacked networks, it does imply that systems will not be able to rely on IPv4 as a fall back service.  This revision to the USGv6 Profile and Test Program is aimed at providing the tools that agencies can use to protect future investments in IPv6 enabled products and services.

Questions or comments about the USGv6 Program can be sent to the discussion list: usgv6-program [at] list.nist.gov (usgv6-program[at]list[dot]nist[dot]gov)

USGv6 Revision 1 Specifications:

NIST and its partners in the USGv6 Program have published the specifications below: 

Standards Profiles:

• "NIST IPv6 Profile",  NIST Special Publication (NIST SP) - 500-267Ar1, November 2020.
  • https://doi.org/10.6028/NIST.SP.500-267Ar1
•  "NISTv6 Capabilities Table", NIST Special Publication (NIST SP) - 500-267Ar1s, November 2020.
  • https://doi.org/10.6028/NIST.SP.500-267Ar1s
•  "USGv6 Profile",  NIST Special Publication (NIST SP) - 500-267Br1,   November 2020.
  • https://doi.org/10.6028/NIST.SP.500-267Br1
•  "USGv6 Capabilities Table", NIST Special Publication (NIST SP) - 500-267Br1s, November 2020.
  • https://doi.org/10.6028/NIST.SP.500-267Br1s

Test Program:

•  "USGv6 Test Program Guide", NIST Special Publication (NIST SP) - 500-281Ar1, November 2020.
  • https://doi.org/10.6028/NIST.SP.500-281Ar1
•  "USGv6 Suppliers Declaration of Conformity", NIST Special Publication (NIST SP) - 500-281Ar1s, November 2020.
  • https://doi.org/10.6028/NIST.SP.500-281Ar1s
• "USGv6 Test Methods: General Description and Validation", NIST Special Publication (NIST SP) - 500-281Br1, November 2020.
  • https://doi.org/10.6028/NIST.SP.500-281Br1

Additional supporting information:

• USGv6 Program: Revision 1 Update, Presentation to the Federal IPv6 Task Force, November 8, 2019.

USGv6-r1 Test Program

Registries of Tested Products

The USGv6 Program maintains one consolidated registry of tested products hosted by the University of New Hampshire Interoperability Laboratory (UNH-IoL).   Vendors wishing to publicly share a Supplier's Declaration of Conformity (SDOC) test report from an accredited laboratory, can opt to have the SDOC listed in the registry.

It is important to realize that this is a registry of tested products, not a registry of "approved products".   You must read the SDOCs to ensure that the product in question has the IPv6 capabilities required for your given use case.

• Products tested against 2020 USGv6 Revision 1 Profile.
• Products tested against the 2008 USGv6 Profile.

USGv6 Test Methods

A fundamental design goal of the USGv6 Test Program is to minimize burden on product vendors by leveraging to the maximum extent possible industry driven product test programs, only specifying USG specific test method deviations where USGv6 technical requirements differ from the industry driven profiles.

To achieve the above stated goal the NIST entered into an MOW with the IPv6 Forum to leverage the test  specifications from the IPv6 Read Logo Program as the primary source for test methods from the USGv6 Test Program.

• "Grant of Use Rights: IPv6 Test Specifications", MOU between NIST and the IPv6 Forum , April 2008.

To implement this approach the USGv6 Test Program uses Test Selection Tables that define USGv6 Test Methods by mapping and augmenting IPv6 Ready Logo test methods to match USGv6 Profile requirements.  

• USGv6-r1 Test Selection Tables:  

  • We are in the process of updating the USGv6 test selection tables for revision 1 of the profile.  The tests will appear below as they are published.  See previous version of USGv6 profile for tests that are yet to be updated.

    • NOTE:  The current set of conformance and interoperability test plans and methods are not designed to support the testing of virtualized components within cloud infrastructures. 

    • ​​​While the general applications / service test plan can be used to develop individual test methods for specific Software as a Service (SaaS) offerings, the development of general IPv6 conformance and interoperability tests methods suitable for testing Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) is still under development.

      • Users of the USGv6 program should not require conformance or interoperability test results from PaaS or IaaS services until such test plans have been published in the table below.

      • Cloud service providers interested in helping define additional tests methods for such environments are encouraged to contact the address below.

    • Note, despite the current lack of USGv6 test methods for IaaS and PaaS cloud offerings, agencies should still be developing detailed requirement statements for IPv6 capabilities in both the management and control interfaces and network services in cloud service procurement documents as required by the FAR.  These requirement statements should support the USG strategic intent to transition all USG networked information systems and their interfaces to external systems to use only IPv6.

    • When USGv6 test methods appropriate for cloud services emerge, agencies can require test results from a USGv6 accredited lab to provide additional confidence that vendor offerings meet the stated IPv6 procurement requirements.  Until that time, agencies will have to use other methods to validate vendor claims of compliance.

Questions or comments about the USGv6 Program can be sent to the discussion list: usgv6-program [at] list.nist.gov (usgv6-program[at]list[dot]nist[dot]gov)

​​​​​​

USGv6 Laboratory Accreditation

The USGv6 program requires the use of accredited test labs that are periodically assessed and audited for compliance with ISO/IEC-17025 “General requirements for the competence of testing and calibration laboratories” and proficiency tested on the execution of specific USGv6 test methods.  

In addition to 3rd party accreditation, USGv6 test labs are required to participate in periodic interlaboratory comparisons in which accredited labs exchange detailed (packet level) traces from executing specific test methods against a chosen, common implementation under test. Through this process the laboratories ensure that their specific implementations of test methods and test verdicts are consistent.

For more details on the requirements and processes for laboratory accreditation, see:

• USGv6 Test Methods: General Description and Validation, NIST Special Publication 500-281B revision 1

Individual laboratories are not required to provide all test methods defined in the USGv6 Test Program.  The set of USGv6 specific test methods that a lab has been accredited to perform defines their scope of accreditation.    The USGv6 program defines individual test methods that span all tests for specific sets of defined IPv6 capabilities.  The list below outlines the defined USGv6 conformance, interoperability and functional test methods (see NIST SP 500-281Br1 for details).

• F1 - Core Capabilities
• F2 - Stateless Address Auto-configuration
• F3 - IPv6 Neighbor Discovery over Low Power
• F4 - DHCPv6
• F5 - Addressing Capabilities
• F6 - Cryptographically Generated Address, Secure Neighbor Discovery
• F7 - DNS
• F8 - Network Support
• F9 - Routing Protocols
• F10 - Routing Protocols Customer Edge
• F11 - Security
• F12 - Transition Mechanism Capabilities
• F13 - Network Management Capabilities
• F14 - Multicast Capabilities
• F15 - Quality of Service Capabilities
• F16 - Link Specific Capabilities
• F17 - Switch Capabilities
• F18 - Network Protection Capabilities
• A1 - Application and Service
• A2 - IPv6 Only

Each USGv6 test laboratory will have an explicit scope of accreditation that lists which USGv6 test methods the lab has been accredited to provide.

USGv6 Accredited Test Labs:

• University of New Hampshire Interoperability Laboratory (UNH IOL)
  • USGv6 Test Program
  • USGv6 Scope of accreditation: 

    • NIST SP 500-281Br1 Test Methods:

      • Conformance: F1, F2, F4, F5, F10, F11, F18
      • Interoperability: I1, I2, I4, I5, I9, I10, I11, I14
      • Functional: A2
  • USGv6 Lab Accreditation Scope (A2LA)
    • See: ISO-IEC-17025 Testing and Calibration Laboratories

• Criterion Network Labs (CNLabs)

  • USGv6 Scope of accreditation: 

    • NIST SP 500-281Br1 Test Methods:

    • Interoperability: I1, I2, I5
    • Conformance: F1,F2, F5
    • Functional: A2
  • USGv6 Lab Accreditations
    • ISO-IEC-17025 Accreditation
    • USGv6 Lab Accreditation Scope (NABL)

USGv6 Test Method Validation:

• 2022 Inter-laboratory Comparison Requirements.
  • Implementation to test: Ubuntu Linux Desktop v 20.04.2
  • Capabilities to test: 2022-interlab-css := USGv6-r1:Host+Core+SLAAC+Addr_Arch+Link=Ethernet
  • Artifacts to produce:
    • Conformance test Traces
    • Interoperability test Traces
    • Resulting SDOC for the tests above.
  • UNH-IOL inter-laboratory comparison trace file.
    • IOL-USGv6r1-Ubuntu_Interlab_Results.zip
  • CNLabs  inter-laboratory comparison trace file.
    • USGv6r1-Host+Core+SLAAC+Addr_Arch+Link=Ethernet.rar.zip

• 2019 Inter-laboratory Comparison Requirements:
  • Implementation to test:   Ubuntu Linux Desktop 18.04.3
  • Capabilities to test:  2019-interlab-css := USGv6-r1:Host + Core.
    • UNH-IOL Inter-laboratory comparison trace file.

Questions or comments about the USGv6 Program can be sent to the discussion list: usgv6-program [at] list.nist.gov (usgv6-program[at]list[dot]nist[dot]gov)