Research Artifact · Validation Report

Multi-Jurisdictional Emergency Operations Validation

AriaOS EOC Dashboard module · NIMS Incident Command Console · concurrent multi-incident, multi-jurisdiction operation under DDIL.

§1 Validation Metadata

Validation date2026-05-02
System under testEOC Dashboard module of AriaOS · v1.0.0
Distribution markingDistribution Statement A · Approved for public release
AudienceDARPA PM · AFRL evaluator · Cal OES technical lead

§2 Abstract

This artifact documents validation of AriaOS as the substrate for a NIMS-compliant, multi-jurisdictional emergency operations console. The system under test — the EOC Dashboard module of AriaOS — demonstrates concurrent management of four heterogeneous incidents (wildfire, earthquake, flood, hazmat) under a single Common Operating Picture, with bidirectional standards-native exchange to CalEOC and federal alerting infrastructure.

A dual-tier AI architecture (sovereign edge plus FedRAMP-High cloud) is gated by a pre-LLM compliance layer and Human-In-The-Loop approval. Resilience under network partition (DDIL) is exercised end-to-end with cryptographic audit-chain continuity verification.

§3 System Under Test

The EOC Dashboard module is a single-page application backed by a service layer that mediates between AriaOS and standards-native exchange channels. AriaOS supplies decision-agent execution, audit-chain integrity, and the pre-LLM compliance gate. The system operates in two modes: an evaluator mode with an in-memory AriaOS simulation, and a production mode connected to a live AriaOS instance.

§4 Jurisdiction Coverage

The console enumerates 15 jurisdictions across federal, FEMA region, state, and city tiers. Each jurisdiction binds an EM agency, a list of platforms, a hazard profile, an NWS area filter, and a NIFC state filter. Switching jurisdiction re-themes the console and reloads incident state.

LevelJurisdictionEM AgencyPrimary Platform(s)NWS AreaHazard Profile
federalFEMA HeadquartersFEMAIPAWS-OPEN, WebEOC (NRCC), EMAP, NIMS Nationalall UShurricane, wildfire, earthquake, flood, masscasualty, cbrne
fema-regionFEMA Region IIFEMA R-IIIPAWS-OPEN, WebEOC (NRCC), NYSOEM CIMSNYhurricane, flood, masscasualty, cbrne
fema-regionFEMA Region IVFEMA R-IVIPAWS-OPEN, WebEOC, FDEM SERTFLhurricane, tornado, flood, wildfire
fema-regionFEMA Region VIFEMA R-VIIPAWS-OPEN, WebEOC (TDEM), STARTXhurricane, tornado, wildfire, oilgas
fema-regionFEMA Region XFEMA R-XIPAWS-OPEN, WebEOC (WA EMD), NWWarnWAearthquake, wildfire, volcanic, flood, maritime
stateCaliforniaCal OESCalEOC (WebEOC), OASIS, SEMS, CalWAS, IPAWS-OPENCAwildfire, earthquake, flood, hazmat
stateTexasTDEMWebEOC (TDEM), STAR, EM-WIN, IPAWS-OPENTXhurricane, tornado, oilgas, wildfire
stateFloridaFDEMWebEOC (FDEM), EMConstellation, SERT, IPAWS-OPENFLhurricane, flood, wildfire, sinkhole
stateNew YorkNYSOEMNY-Responds (WebEOC), CIMS, NY-Alert, IPAWS-OPENNYhurricane, flood, masscasualty, cbrne, severe-weather
stateWashingtonWA EMDWebEOC (WA EMD), NWWarn, WA-Alerts, IPAWS-OPENWAearthquake, wildfire, volcanic, flood, maritime
citySan FranciscoSF DEMWebEOC (SF DEM), CalEOC (state), AlertSF, IPAWS-OPENCAearthquake, wildfire-interface, masscasualty, maritime
cityLos AngelesLA EMDWebEOC (LA EMD), CalEOC (state), NotifyLA, IPAWS-OPENCAwildfire-interface, earthquake, hazmat, masscasualty
cityNew York CityNYC EMCIMS (NYC), NY-Responds (state), Notify NYC, IPAWS-OPENNYmasscasualty, cbrne, severe-weather, maritime
cityHoustonHouston OEMWebEOC (Houston), WebEOC (TDEM state), AlertHouston, IPAWS-OPENTXhurricane, flood, oilgas, masscasualty
cityMiamiMiami DEMWebEOC (Miami-Dade), EMConstellation (state), iAlert Miami, IPAWS-OPENFLhurricane, flood, sea-level-rise, masscasualty

Federal and FEMA Region jurisdictions roll up incident state from member jurisdictions. Sample incidents under exercise total 35 across the ten incident-bearing jurisdictions. Full coverage matrix with bounding boxes, map centers, and per-jurisdiction incident counts: jurisdiction-matrix.html.

§5 Standards Compliance Matrix

StandardVersionSurfaceEvidence
NIMS Resource Typing2017Resources roster; type and kind on every recordFigure 5
ICS Forms201, 202, 203, 204, 205Incident Action Plan Builder; auto-populated from incident stateFigures 3, 4
SEMS5-tierExchange layer; OA → Region → State coordinationFigure 9
OASIS Emergency Data Exchange Language Distribution Element (EDXL-DE)2.0All inter-agency message envelopesFigure 9
OASIS EDXL Resource Messaging (EDXL-RM)1.0Resource ordering formFigure 5
OASIS Common Alerting Protocol (CAP)1.2Public alerts; gateway to IPAWS-OPENFigure 9
OASIS EDXL-SitRep1.04-hour SOC pushes; auto-generated SitRep at op-period boundaryFigure 6
National Information Exchange Model — Emergency Management (NIEM-EM)5.0Cross-jurisdiction situational dataFigure 9
IPAWS-OPENcurrentCAP gateway to WEA, EAS, NWRFigure 9
NIST AI Risk Management Framework1.0Pre-LLM compliance gate; HITL approvalFigure 7
NFPA 16002024Continuity, emergency, and crisis managementReport-wide

§6 Architecture Overview

The console operates as a thin presentation layer over AriaOS. AriaOS supplies the audit chain, the pre-LLM compliance gate, the Human-In-The-Loop decision queue, and the dual-tier AI runtime; the console mediates jurisdiction state, incident state with ICS-form enrichment, and the standards-native exchange channels.

The pre-LLM compliance gate sits in front of every AI invocation regardless of tier. Output from either tier enters the HITL Decision Queue and cannot execute until an operator approves it. Approval is itself an audit-chain event. A behavioral overview of each subsystem is available at architecture.

§7 AI Tier Validation

AriaOS runs a sovereign edge tier in parallel with a cloud augmentation tier. The cloud tier is preferred under healthy network conditions; the local tier is the unconditional default under degraded, disconnected, intermittent, or limited (DDIL) conditions and during recovery. Tier selection is automatic; operators do not toggle it.

TierRuntimePrimary ModelLatency p50 / p95DDIL-safeCertifications
Local sovereign NVIDIA Jetson AGX Orin · 64 GB ResilientMind 8B · INT4 412 ms / 980 ms Yes FIPS 140-3 cryptomodule, air-gappable, no outbound telemetry
Cloud augmentation FedRAMP-High sovereign cloud ResilientMind X · extended context 1240 ms / 3800 ms No (auto-fallback to local) FedRAMP High, IL5, CJIS-compatible config, HIPAA BAA

Every AI output carries provenance metadata including redaction status, policy compliance attestation, and an audit-chain anchor. HITL approval is required before any AI-proposed action executes.

Local tier capabilities include situation summarization, NIMS-typed resource matching, terse IAP / SitRep / CAP drafts, START / SALT triage scoring, and retrieval over the local IAP / AAR / SOP corpus. Cloud tier capabilities include multi-modal incident analysis (imagery, radio, text), long-form cross-period AAR synthesis, plume drift forecasting, aftershock probability modeling, and CAP translation across multiple languages. When cloud is unavailable, capabilities degrade to their local-tier substitutes without operator intervention.

§8 Resilience Validation

Five chaos scenarios exercise process termination, memory pressure, CPU saturation, network partition, and disk I/O failure. DDIL transitions buffer events during outage and replay them on recovery. All scenarios complete with audit-chain integrity preserved end-to-end. Zero audit entries are dropped. Zero unauthorized AI executions occur during partition.

§9 Audit Chain

The audit chain uses SHA-256 chained hashing with sequential integrity verification. Each entry links cryptographically to its predecessor. Verification reconstructs hashes across the chain and confirms integrity on demand. The seed chain at startup logs kernel boot, compliance engagement, and subsystem activation events.

§10 Reproducibility

See the Reproducibility sub-page for evaluator access to build and verification documentation.

§11 Screenshot Index

Captures from a running build under exercise. Each caption documents what is visible and the operational claim it supports.

Figure 1. Common Operating Picture displaying four concurrent incidents (wildfire, earthquake, flood, hazmat) under unified command. Roster cards drive map recentering and the topbar primary-incident state. Capture pending re-shoot.
Operational Map showing California with four live federal-data overlays and the I-80 Chlorine Tanker Spill as primary incident.
Figure 2. Operational Map. Live federal overlays from NWS active alerts, USGS earthquake feed, and NIFC WFIGS. Sixteen markers, refreshed sixteen seconds prior to capture; primary-incident card pinned to the I-80 Chlorine Tanker Spill (CA-CHP-HZ-2026-0501).
Incident Action Plan Builder rendering an ICS 201 draft from the local sovereign AI tier.
Figure 3. Incident Action Plan Builder. Operational Period 2 IAP for the I-80 Chlorine Tanker Spill (CA-CHP-HZ-2026-0501). Local sovereign tier drafted in 434 ms; the audit-chain entry id is shown alongside the draft and pending HITL approval before publication.
ICS Form 204 Division Assignment Lists showing Type 3 strike teams committed to Sonoma County divisions.
Figure 4. ICS 204 Division Assignment Lists. Auto-populated per branch with Type 3 strike teams (ST-100 through ST-106) under DIVS D. Marquez (Sonoma County) and BC R. Wong (Sonoma County north). Reporting times in PDT.
Resources page showing eighteen NIMS-typed records with status, location, and committed time.
Figure 5. Resources, NIMS-typed. Eleven committed, three en route, three staging, one pending request awaiting Cal OES SOC. Each record carries NIMS Resource Type (Type 1, 2, 3) and Kind (Strike Team Engine, Hand Crew IHC / IA, Helicopter Med Lift). Bidirectional ordering against Cal OES via EDXL-RM 1.0.
After Action Report draft for the Vineyard Complex Fire showing audit-chained key decisions.
Figure 6. After Action Report · Vineyard Complex Fire (CA-LNU-005842, operational periods 1–12). Auto-drafted from incident state, audit chain, and ICS forms. Each key decision references an audit-chain entry and the approving operator. Cross-period synthesis runs on the cloud tier when online and falls back to the local sovereign tier under DDIL.
HITL Decision Queue showing fourteen pending decisions with tier provenance and approval controls.
Figure 7. HITL Decision Queue. Fourteen pending, zero approved or rejected at capture. Each proposed action displays the proposing AI tier (LOCAL sovereign or CLOUD augmented), confidence, pre-LLM compliance attestations, and the standards channel that fires on approval (EDXL-RM, CAP, EDXL-DE, TASKING). Approval extends the audit chain.
AI Augmentation page rendering local sovereign and cloud augmentation tiers side by side with model, latency, and certification details.
Figure 8. AI Augmentation. Dual-tier architecture rendered side-by-side: local sovereign tier (ResilientMind 8B) on Jetson AGX Orin and cloud augmentation tier (ResilientMind X) on FedRAMP-High sovereign cloud. Tier health, latencies, throughput, GPU utilization, and certifications shown alongside each tier.
Exchange Layer page showing six standards-native channels active with status indicators.
Figure 9. Exchange Layer. Six channels active: EDXL-DE 2.0 (envelope), EDXL-RM 1.0 (resource messaging), CAP 1.2 (public alerts), EDXL-SitRep 1.0 (situation reports), NIEM-EM 5.0 (situational data, schema-validated), and IPAWS-OPEN (CAP gateway to WEA / EAS / NWR, authenticated).
Switch Jurisdiction modal listing federal, FEMA region, and state options.
Figure 10. Switch Jurisdiction modal. Hierarchical picker grouping FEMA Headquarters under FEDERAL, FEMA Regions II / IV / VI / X under FEMA REGION, and California / Texas / Florida / New York / Washington under STATE (city tier scrolls below the visible cut). Selecting a jurisdiction re-themes the console and reloads incident state.

§12 Distribution and Inquiry

Distribution Statement A — Approved for public release. Source repository link pending public release; evaluators requesting a live walkthrough, staged validation against their own infrastructure, or pre-release source access should submit an inquiry below. Replies come from a member of the validation team.

Last verified: 2026-05-02 · v1.0.0

Sub-Pages

Architecture Jurisdiction Matrix Reproducibility All Research Artifacts