QSLS MOSA Strength Score

The QSLS MOSA Strength Score — A Defensible, Auditable Measurement for Defense System Architectures

When the Government Accountability Office reviewed 20 major DoD programs in January 2025 (GAO-25-106931), the headline finding wasn't that programs were ignoring MOSA. Fourteen of the twenty claimed they were implementing it. The headline finding was that none of them could produce a defensible numerical measurement of how MOSA-conformant their systems actually were.

That gap — between MOSA as policy and MOSA as something measurable — is what the Qualitative System Level of Support (QSLS) methodology was built to close.

What QSLS Measures

QSLS produces a single MOSA Strength Score (MSS) for a defense system, expressed in the standard QSLS format [MSS, Φ_MSS] — the composite correlation and its composite confidence, on a 0.0 to 1.0 scale at 0.1 resolution. The interpretive bands are unambiguous: 0.6 is a good positive correlation; 0.7 is strong; 0.8–0.9 is very strong.

Every score is the weighted aggregate of correlations across five evaluation domains specified in the MOSA-QSLS Evaluation Implementation Document, Version 2.0:

1. Architecture Standards Compliance — Open Mission Systems (OMS), Sensor Open Systems Architecture (SOSA), and the MOSA Framework per DoD Instruction 5000.85.

2. Cybersecurity Standards — NIST Cybersecurity Framework v1.1 (target correlation ≥ 0.92, the most demanding threshold in the procedure) and CMMC Model v2.0.

3. Architecture Components — DoDAF v2.02 nodes and edges, with modularity refinement against ISO/IEC 25010 and IEEE 1016.

4. Quality Attributes — maintainability, testability, confidentiality, and integrity, sourced from ISO/IEC 25023, IEEE 829, FIPS 140-2, and NIST SP 800-57.

5. Business Driver Alignment — development effectiveness, integration effectiveness, and cost management against GAO and DoD cost guidance.

What Makes It Defensible

Six control statements bound the methodology:

• Every fact must be backed by a valid source — book, paper, or government standard.

• No general assumptions about QSLS capabilities without factual substantiation.

• Analysis is limited strictly to documented matrix and vector computations from validated input data tables — no exaggeration of capabilities.

• Output must be a valid whitepaper with properly cited sources.

• Titles must include the project name from the input data tables.

• Every measurement value must carry confidence data from the input files.

A representative MOSA Strength Score of [0.75, 0.75] reads as strong MOSA posture reported with strong confidence — and decomposes back through the domain breakdown all the way to the specific input table row and source citation that produced any constituent correlation. Auditable to GAO. Defensible to IG. Comparable across programs.

Where This Came From

QSLS exists because a five-year U.S. Army Aviation research effort I led between 2018 and 2023 asked, "Can architecture be measured?" When that program was terminated in 2023, Ron Townsen continued working the problem independently and found the answer using AI.

When the GAO audited DoD programs in January 2025 (GAO-25-106931), the headline finding wasn't that programs were ignoring MOSA. Fourteen of the twenty claimed they were implementing it. The headline finding was that none of them could produce a defensible numerical measurement of how MOSA-conformant their systems actually were.

That gap — between MOSA as policy and MOSA as something measurable — is what the Qualitative System Level of Support (QSLS) methodology was built to close.

What QSLS Measures

QSLS produces a single MOSA Strength Score (MSS) for a defense system, expressed in the standard QSLS format [MSS, Φ_MSS] — the composite correlation and its composite confidence, on a 0.0 to 1.0 scale at 0.1 resolution. The interpretive bands are unambiguous: 0.6 is a good positive correlation; 0.7 is strong; 0.8–0.9 is very strong.

Every score is the weighted aggregate of correlations across five evaluation domains specified in the MOSA-QSLS Evaluation Implementation Document, Version 2.0:

1. Architecture Standards Compliance — Open Mission Systems (OMS), Sensor Open Systems Architecture (SOSA), and the MOSA Framework per DoD Instruction 5000.85.

2. Cybersecurity Standards — NIST Cybersecurity Framework v1.1 (target correlation ≥ 0.92, the most demanding threshold in the procedure) and CMMC Model v2.0.

3. Architecture Components — DoDAF v2.02 nodes and edges, with modularity refinement against ISO/IEC 25010 and IEEE 1016.

4. Quality Attributes — maintainability, testability, confidentiality, and integrity, sourced from ISO/IEC 25023, IEEE 829, FIPS 140-2, and NIST SP 800-57.

5. Business Driver Alignment — development effectiveness, integration effectiveness, and cost management against GAO and DoD cost guidance.

What Makes It Defensible

Six control statements bound the methodology:

• Every fact must be backed by a valid source — book, paper, or government standard.

• No general assumptions about QSLS capabilities without factual substantiation.

• Analysis is limited strictly to documented matrix and vector computations from validated input data tables — no exaggeration of capabilities.

• Output must be a valid whitepaper with properly cited sources.

• Titles must include the project name from the input data tables.

• Every measurement value must carry confidence data from the input files.

A representative MOSA Strength Score of [0.75, 0.75] reads as strong MOSA posture reported with strong confidence — and decomposes back through the domain breakdown all the way to the specific input table row and source citation that produced any constituent correlation. Auditable to GAO. Defensible to IG. Comparable across programs.

Where This Came From

QSLS exists because a five-year U.S. Army Aviation research effort I led between 2018 and 2023 asked, "Can architecture be measured?" When that program was terminated in 2023, the work was continued independently because the central question had been answered affirmatively, and the methodology was too useful to abandon. QSLS Engineering was founded in April 2024 to bring it back to the kind of programs that asked the question in the first place. PEO Aviation's Architecture and Engineering Directorate is currently evaluating it.

What It Doesn't Claim

The MOSA Strength Score does not certify legal compliance with 10 U.S.C. §§ 4401–4403, does not substitute for a milestone determination, and does not replace the judgment of qualified architects and acquisition professionals. It is a measurement instrument — one input among several — that brings quantitative evidence into MOSA conformance decisions that have historically been made on qualitative grounds.

That is enough. For the first time, a program manager facing the question "How MOSA is this system?" can answer with a number rather than an opinion. And the next program can be measured the same way.

Ronald W. Townsen is CTO of QSLS Engineering. He has over 50 years of experience in U.S. Navy and Army software, including lead architecture roles on Ship Self Defense System MK2, the Surface Navy Common Track Manager, and Army Aviation UAV Ground Control. He served for over a decade as U.S. Co-Chair of the OMG C4I Task Force.

Contact: Ronald.Townsen@QSLSEngineering.com | QSLSEngineering.com

QSLS is patent pending (Case Number 18/925,529) and copyright 2025.don. QSLS Engineering was founded in April 2024 to bring it back to the kind of programs that asked the question in the first place. PEO Aviation's Architecture and Engineering Directorate is currently evaluating it.

What It Doesn't Claim

The MOSA Strength Score does not certify legal compliance with 10 U.S.C. §§ 4401–4403, does not substitute for a milestone determination, and does not replace the judgment of qualified architects and acquisition professionals. It is a measurement instrument — one input among several — that brings quantitative evidence into MOSA conformance decisions that have historically been made on qualitative grounds.

That is enough. For the first time, a program manager facing the question "How MOSA is this system?" can answer with a number rather than an opinion. And the next program can be measured the same way.

Ronald W. Townsen is CTO of QSLS Engineering. He has over 50 years of experience in U.S. Navy and Army software, including lead architecture roles on Ship Self Defense System MK2, the Surface Navy Common Track Manager, and Army Aviation UAV Ground Control. He served for over a decade as U.S. Co-Chair of the OMG C4I Task Force.

Contact: Ronald.Townsen@QSLSEngineering.com | QSLSEngineering.com

QSLS is patent pending (Case Number 18/925,529) and copyright 2024.