State of Federal Information Technology
January 2017 The State of Federal IT SOFIT-2 THE STATE OF FEDERAL IT FEDERAL OF STATE THE STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE
the IT Dashboard. the IT evaluation of publicly available agency IT strategy documents such as Information Information such as documents strategy IT agency available publicly of evaluation such as IT on Federal reports/data public of plans, and review Management Resource To carry out their research, the teams conducted more than 45 interviews with than 45 interviews more conducted the teams research, out their carry To numerous and CISO and DCISO, and Federal CIO and DCIO, the Federal CIOs, agency analysis, policy rigorous was these interviews Underpinning leaders. IT Federal other leading practices from organizations outside the Federal space. Federal the outside organizations from leading practices The first team of REI Systems, Inc., and Incapsulate, LLC, focused on the perspectives focused on the perspectives LLC, Incapsulate, Inc., and Systems, REI of team first The second The landscape. policy the current of analysis and a detailed agencies Federal of lessons learned and leverage to on how research their focused Inc. Gartner, team, relevant artifacts and to facilitate the research for the report. the for research the facilitate to and artifacts relevant the report. for content create to teams contractor two support of the enlisted CIOC The environment. The CIOC and OGP provided the core project management team and team management project the core provided CIOC and OGP The environment. data and provide to CIO Federal of the the Office from a liaison the support of enlisted The State of Federal IT report represents more than six months of work by the Federal Federal the by work of than six months more represents report IT Federal of State The Policy Government-wide of Office with GSA’s in partnership (CIOC), CIO Council IT Federal the current of analysis comprehensive an independent, provide to (OGP), About the Report the About The State of Federal IT SOFIT-3 THE STATE OF FEDERAL IT FEDERAL OF STATE THE STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE Laura Szakmary, GSA OGP GSA Szakmary, Laura Grimes, OMB OFCIO Justin Jonathan Kraden, GSA OGP GSA Kraden, Jonathan OGP GSA Levit, Mindy Trey Kennedy, CIO Council Kennedy, Trey
for large portions of this report. this of portions large for Team Project Federal IT Federal of State IT leaders who provided their candid perspectives. And a special thanks to Eagle Hill Eagle to thanks And a special candid perspectives. their who provided leaders IT and design formatting final the together in pulling efforts invaluable their for Consulting This report would not be possible without the tireless efforts of REI Systems, Inc; Inc; Systems, of REI efforts the tireless without be possible not would report This the of the staff content; the report’s developed who Inc. and Gartner, LLC; Incapsulate, other CIOs and and the contributions; and feedback their for CIO Federal of the Office Acknowledgements The State of Federal IT
SOFIT-1
— Federal CIO Tony Scott Tony CIO — Federal POLICY PAPERS POLICY Management of Change Conference, May 2016 May Conference, Change of Management THE STATE OF FEDERAL IT FEDERAL OF STATE THE
STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE any of those things, but in my head I could imagine those kinds of imagine those kinds of head I could in my those things, but of any point. It was going to be disruptive and painful, and filled with hard hard with and filled painful, and be disruptive to going was It point. challenges along the way. I had no idea that OPM would happen or happen or would OPM I had no idea that way. along the challenges We were at or about to enter a critical inflection point not only with with not only point inflection a critical enter about to or at were We problems were things that would come up. As I was talking to folks, I folks, talking to was As I up. come would things that were problems was told if you are interested in this field and wanted to work on hard on hard work to wanted in this field and interested are you if told was IT, but with the Federal government as a whole. It was this digitization this digitization was whole. It as a government the Federal with but IT, problems, this is the right place. You will be successful or it will kill you. kill will it or will be successful You place. right this is the problems,
report will help illuminate a path forward for the CIO Council in the coming years. in the coming the CIO Council for forward a path illuminate will help report member CIOs, their opinions do not necessarily represent a government-wide consensus a government-wide represent necessarily opinions do not their CIOs, member from this and findings recommendations The vary. experiences position - individual agency landscape, illuminates the problems, and provides potential solutions. In addition, it provides it addition, In solutions. potential provides and problems, the illuminates landscape, While the IT. Federal to improve order in initiatives of variety on a recommendations Council’s the of interviews part, from based, in report are in this and analysis observations The CIO Council’s State of Federal Information Technology (SOFIT) report frames thereport frames (SOFIT) Technology Information Federal of State CIO Council’s The these challenges and embrace these opportunities will determine the effectiveness of our of effectiveness the will determine these opportunities and embrace these challenges progress has been significant the last decade, there Over come. to years for government effort. an ongoing this remains However, the government. across IT Federal improving towards We’re at a crossroads - opportunities abound, but so do challenges and outside threats. but so do challenges - opportunities abound, a crossroads at We’re torespond we and how operations government supports all aspects of infrastructure IT Our 2002, serves as a forum for agency CIOs to share leading information technology (IT) technology leading information share to CIOs agency for as a forum 2002, serves IT leaders. Federal for recommendations and develop practices On January 20, 2017, the new administration and its appointees assume office. Among Among office. assume and its appointees administration 20, 2017, the new January On (agency members the CIO Council’s of one-third approximately are these appointees of Act the E-Government by codified CIO Council, The and the Chairperson. CIOs) Introduction “
Report The State of Federal IT Federal of State The The State of Federal IT
SOFIT-2 Computer Chaos (1994)¹ Computer — commercially available products.” available commercially government spends too much time much too spends government “Compared to the private sector, the sector, the private to “Compared and effort developing unique software software unique developing and effort programs and hardware rather than buying than buying rather hardware and programs THE STATE OF FEDERAL IT FEDERAL OF STATE THE Computer Computer STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE , identified examples of agenciesof examples , identified
the rest of an agency’s leadership, need to play a key role in driving this transformation. role a key play need to leadership, an agency’s of the rest agency leadership perceives the role of IT. We’ve reached a point where we need to invest invest need to we where a point reached We’ve IT. of the role perceives leadership agency government. we do business in the way the to transform necessary the time and money and unsustainable. CIOs, increasingly to become continue will path current our Otherwise, a holistic look at how agencies approach IT - there are significant challenges that need need that challenges to significant are - there IT approach agencies at how a holistic look and how managing acquisitions, workforce, the right in hiring and retaining be overcome The speed of today’s technology enables us to make decisions about improving processes processes decisions about improving make enables us to technology today’s speed of The requires however, this change, all of Accomplishing impossible. thought previously ways in modern technological solution and a digital-focused business process, we can harness true business process, solution and a digital-focused modern technological of these improvements. the benefits leverage and fully change transformational built upon one another over the years, creating a gap between the business process and the business process a gap between creating years, the over built upon one another to take agencies for and an inability in inefficiencies resulted This available. the technology with a systems these legacy replacing By in technology. advancements of full advantage technological components of systems, but rarely did these efforts accompany a larger scale a larger accompany did these efforts but rarely systems, of components technological the time, at which seemed reasonable decisions, These re-alignment. business process Over the last two decades, there have been improvements in the management, been improvements have decades, there the last two Over systems legacy many these efforts, Despite IT. Federal of and development procurement, the modernized have may agencies time, Over government. the exist throughout still findings of this report spurred the creation of the Clinger-Cohen Act in 1996, which first which Act in 1996, of the Clinger-Cohen the creation report spurred this of findings CIO. the agency of role the defined processes and hesitating to use commercial commercial to use and hesitating processes The existing tasks. to the not suited was it of a belief because software (COTS) the shelf off Chaos basic perform to IT adopt to struggling manualfunctions, such as automating on challenges adopting IT in the Federal in the IT adopting on challenges titled report, The government. Senate Governmental Affairs Committee Affairs Governmental Senate and Security Homeland the Senate (now reported Committee) Affairs Governmental While the adoption of information technology created new efficiencies, it also posed new also posed efficiencies, it new created technology information of the adoption While the today, written been have well as may that a 1994 report In agencies. to challenges processes. For example, rather than having an employee manually perform data quality quality data perform manually an employee having than rather example, For processes. time. and saved mistakes minimized checks that enabled automated IT checks, early ability to radically change an organization’s underlying business processes. Instead, processes. business underlying an organization’s change radically to ability businessexisting and enhance to automate used were and software mainframes, computers, How We Got Here Got We How limitedprovided computers technology, information adopted first agencies Federal When The State of Federal IT SOFIT-3 THE STATE OF FEDERAL IT FEDERAL OF STATE THE Understanding the Challenge Understanding STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE
we do business. we including allowing citizens to vote over the Internet.² We do not have that same that have We do not Internet.² the over vote to citizens including allowing way the transform to path difficult a more walk must and, as a result, opportunity, country of Estonia, which gained its independence in 1991 after the fall of the of fall the in 1991 after which gained its independence Estonia, of country government a digital-centric create to had the opportunity Estonia Union. Soviet and interaction, online presence significant leveraging the ground-up, from In comparison to the challenges that we face in Federal IT, we can look to the can look to we IT, in Federal face we that the challenges to comparison In In many ways, Federal IT faces a similar dilemma - how to modernize its legacy its legacy modernize to dilemma - how a similar faces IT Federal ways, many In alongside it. and the underlying business processes systems after the automobile became ubiquitous. A city like Denver did not have “legacy “legacy have did not Denver like A city became ubiquitous. the automobile after with the infrastructure develop them to which allowed modernize to roadways” in mind. automobile improvements, such as the Big Dig, to update their legacy infrastructure to meet meet to infrastructure legacy their update to Dig, such as the Big improvements, to cities built primarily we can look comparison, In needs. modern transportation traffic. traffic. costly facing are Boston cities like roadways”, “legacy these beyond move To decisions may have been right at the time, 100 years later, we are dealing with with dealing we are later, years the time, 100 at been right have decisions may in time spent of amount increasing ever and an challenges navigation unexpected pedestrian traffic, horses, and horse-drawn carts - the existing transportation at transportation existing carts - the and horse-drawn horses, pedestrian traffic, traffic, of automobile amounts increasing accommodate to time, Over time. that Though these roadways.” “legacy narrow historically their these cities began paving public life can be difficult. Take, for instance, the advent of the automobile and the of the automobile the advent instance, for Take, can be difficult. public life for out carved were roads and paths to automobiles, Prior impact it had on cities. Integrating technological advancements that fundamentally transform private and private transform fundamentally that advancements technological Integrating
level priority. Federal agencies must adapt to the modern, digital world. digital the modern, to adapt must agencies Federal priority. level information technology cannot be understated. No longer can federal IT be seen as merely be seen as merely IT federal can No longer be understated. cannot technology information low- to a relegated information government of and the management function a back-room around procedures and tradition are no longer acceptable in the eyes of the people.of eyes in the acceptable no longer are tradition and procedures around and information and manages views government changing how of importance The and other services has radically raised their expectations of how they interact with interact they how of expectations their raised radically has services and other centered organizations and processes, cumbersome paperwork, Lengthy government. Road to Transformation to Road entertainment, news, businesses, with interact Americans how of transformation rapid The The State of Federal IT SOFIT-4 business of the agency meet. meet. the agency of business where the technology and the and technology the where The CIO must sit at the intersection the intersection sit at CIO must The THE STATE OF FEDERAL IT FEDERAL OF STATE THE Improving Visibility into IT Spending Spending IT into Visibility Improving STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE
make data useful, relevant, and actionable enabling decision makers to make better better to make and actionable enabling decision makers relevant, useful, data make information. real, trustworthy acting on by choices informed DATA Act and TBM efforts are just the initial steps towards helping agencies move move agencies helping towards steps just the initial are TBM efforts and Act DATA to goal is the Ultimately, digital, agile government. driven, data a more towards The effort to improve data quality and combine disparate data into a more usable a more into data combine disparate and quality data to improve effort The The data. existing own, its best utilize to in how will aid the government form costs and services. Ultimately this will allow for improved evaluation of cost and cost of evaluation improved for will allow this Ultimately and services. costs resources. invest to and how where and help decision-making on performance Technology Business Management (TBM) taxonomy effort. Today, agencies spend spend agencies Today, effort. (TBM) taxonomy Management Business Technology By systems. current on maintaining budgets IT their of three-quarters roughly IT model and manage can better agencies TBM taxonomy, the implementing In addition, the CIO Council is working to improve transparency through the through transparency to improve working Council is addition, the CIO In Act) was enacted, requiring agencies to publicly disclose detailed information on information disclose detailed publicly to agencies requiring enacted, was Act) in standards data of a set create OMB to also required law The spending. Federal reported. is this data how define to order Progress has been made towards using data to make better decisions in government. government. decisions in better make to using data has been made towards Progress (DATA Act Transparency and Accountability 2014, the Digital in May example, For
outside of the agency will be critical to identify common challenges and solutions. The and solutions. challenges common to identify will be critical the agency outside of to others of the experiences leverage can help agencies Councils CXO government-wide effort. wasted and duplication avoid This transformational change requires CIOs to think beyond their traditional roles and traditional their to think beyond CIOs requires change transformational This relationships Building ecosystem. IT Federal in the broader place about their responsibilities, operations, a shift away from legacy systems, and a continued push towards transparency transparency towards push continued and a systems, from legacy away a shift operations, policy. and culture to both changes require will a transformation Such and open data. these challenges are not insurmountable. The path to a successful IT future is possible is future IT a successful to path The insurmountable. not are these challenges procurement and resources to human improvements collaboration, internal better through The changes required to move to a digital government will significantly impact every Federal every impact will significantly government a digital to move to required changes The but challenges complex will bring increasingly decade next The and its employees. agency we see business challenges as unique, but many challenges we face are more common than common more are face we challenges many as unique, but see business challenges we agency- or for allows the organization solutions across analyze to ability CIO’s The realize. we challenges. persistent solve enable us to that and technologies tools government-wide A fully integrated CIO has the ability to view common business challenges across the entire the entire across business challenges common view to CIO has the ability integrated fully A often Too scale. and efficiency drive that solutions provide to knowledge use that and agency stakeholder, into all the elements of the agency’s the agency’s of the elements all into stakeholder, investments. IT and delivering developing for process enough for the CIO to just have a “seat at the table.” table.” the at a “seat have just to the CIO for enough an independent as integrated, be fully must CIOs Achieving Transformative Change Transformative Achieving - it is not IT Federal of the transformation in leading role a pivotal play must CIOs Agency The State of Federal IT SOFIT-5 changes needed in Federal IT. in Federal needed changes are equally important to achieve the achieve to important equally are some changes, but true transformation transformation true but some changes, is but one piece of a much larger puzzle. larger a much of is but one piece policies, sustained agency execution, and execution, agency policies, sustained will require a combination of well-crafted well-crafted of a combination will require consistent oversight. Each of these pieces these pieces of Each oversight. consistent On its own, a policy or guidance can drive drive can guidance or a policy its own, On One of the key lessons learned is that policy that policy lessons learned is the key of One THE STATE OF FEDERAL IT FEDERAL OF STATE THE STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE
Whole-scale reinvention by agencies need not be the default for all efforts. all for be the default need not agencies by reinvention Whole-scale grounded in a firm understanding of how they can be implemented. Policymakers should Policymakers can be implemented. they how of in a firm understanding grounded the agencies’ of and built on an understanding outcomes with achievable align requirements efficiently. and quickly happen should requirements policy certain of Execution state. current Actionability Actionability are requirements any that can help ensure a policy of in the creation engagement Agency understanding of the policy requirements. Early engagement may also identify innovative innovative also identify may engagement Early requirements. the policy of understanding agencies. other use by them for and scale underway already approaches Agencies should make significant contributions to the policy development process. By process. development to the policy contributions significant should make Agencies of the level will increase buy-in, policymakers early significant have agencies ensuring that efforts provides a potential model for creating outcome-oriented requirements. outcome-oriented creating for model a potential provides efforts process development Customer-centric descriptions of end-state or specific performance metrics instead of mandating prescribed of mandating metrics instead specific performance or end-state of descriptions way a in policy implement to agencies for flexibilities can provide actions, policymakers optimization center OMB on data from guidance mission. Recent with their best aligns that Outcome-focused objectives Outcome-focused highlighting By approach. an outcome-focused should leverage guidance policy All engage in implementation and execution and define those responsibilities at the outset. responsibilities define those and execution and in implementation engage Policy implementation is a team sport is a implementation Policy the impact policies have of be cognizant need to Policymakers vacuum. in a lives policy No canCXO partners how should identify Policymakers functions. management on other by FITARA result in positive IT outcomes. These recent efforts, and others examined by the examined others and efforts, recent These outcomes. IT in positive result FITARA by engagement: policy successful for attributes key of evidence provide team, project instead of prescribing specific activities. However, agency implementation of FITARA is still FITARA of implementation agency However, activities. specific prescribing of instead required the changes that to ensure to do work significant have OMB and agencies ongoing. on a few key cybersecurity initiatives, as one of the more effective OMB and leadershipeffective led of the more as one initiatives, cybersecurity key on a few Reform Acquisition IT the Federal on guidance OMB’s cited CIOs Second, engagements. intended, and characteristics on outcomes focus to agencies allowing for (FITARA) Act change. First, agency CIOs frequently cited frequently CIOs agency First, change. focused effort a short-term Sprint, the Cyber The project team found several recent recent several found team project The providing efforts concerted these of examples to drive toolkit an effective with CIOs transformation. transformation. the Federal government. The focus of this of focus The government. the Federal lessons learned from was on leveraging effort in this crucial to usher initiatives previous undertook countless hours of research. A large portion of this work examined how the how examined work this of portion large A research. of hours countless undertook across change drive can or initiative of a policy oversight and implementation, creation, Structuring Policy to Enable this Change this Enable to Policy Structuring and 45 interviews than more conducted team project the months, the past six Over The State of Federal IT SOFIT-6 THE STATE OF FEDERAL IT FEDERAL OF STATE THE STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE economies of scale, create efficiencies, and disrupt traditional processes. traditional and disrupt efficiencies, scale, create of economies on bold ideas and remain dedicated to seeing them through. As we continue into this digital into continue we As seeing them through. to dedicated on bold ideas and remain to provide IT of power to harness the tremendous must continue leaders government, of era situation appears. If, instead, leaders turn to existing authorities and strive to execute fully fully execute to existing authorities and strive to turn leaders instead, If, appears. situation without the can happen change accomplishing significant relationships, and build effective who can capitalize leaders relies on strategic True change initiatives. policies or new need for However, policies alone cannot transform government - even if they are perfect. Federal IT IT Federal perfect. are they if - even government transform policies alone cannot However, time a challenging every policy a new draft immediately to urge the resist need to leaders Leadership Drives Change Drives Leadership success. achieve to how lessons about valuable us and teach progress can help drive Policies agencies. If circumstances change, policymakers should pivot and change their approach in approach their and change should pivot policymakers change, circumstances If agencies. the taxpayers. to value the best deliver to order Willingness to learn from mistakes mistakes learn from to Willingness oversight and development to the policy practices IT modern of attitude fast’ the ‘fail Adopt to guideactions and targeted relevant focus on should policy to develop Efforts process. successes and opportunities from early data center policies became difficult for agencies. for policies became difficult center data early from and opportunities successes data center definitions under early data center consolidation efforts exemplifies this. In efforts consolidation center data early under definitions center data forced or costs compliance in increased resulted metrics the ever-changing instance, that realizing the day, of At the end again and again. efforts their revise or restart to agencies hand, inconsistent metrics, unclear definitions, or metrics that do not align to the businessnot align do metrics that or definitions, unclear metrics, hand, inconsistent of The development inhibits performance. ultimately that culture a compliance create “What gets measured, get’s done.” Metrics and data collection (both their development development their (both collection and data Metrics done.” get’s measured, gets “What create metrics business-oriented Consistent, performance. drive consistency) and their the other On performance. their and enhance evaluate to agencies for meaningful data policies can provide the necessary foundation to these efforts. to these foundation the necessary policies can provide Measurability policymakers should ensure that outdated policies are sunset or rescinded appropriately. appropriately. rescinded or sunset policies are outdated that should ensure policymakers existing of OMB the library organize and catalog, to identify, underway efforts Recent overlaid on the large volume of existing material can easily create conflicts or complicationsor conflicts create easily can material existing of volume the large on overlaid exists can minimize already what to understand Efforts and initiatives. policies with existing Similarly, gaps. filling identified towards policies target risks and better these potential Strategic integration integration Strategic policiesNew objectives. strategic around and guidance regulations, policies, laws, Organize focus. Ultimately, a “fire and forget about it” approach to policies and initiatives can do more can do and initiatives to policies approach about it” forget and a “fire Ultimately, focus. harm than good. with the requirements. By focusing on sustained senior level engagement, feedback loops, a feedback engagement, level senior on sustained focusing By requirements. with the becomes execution the actions, policy of set a targeted vision, and strategic defined clearly agency’s implementation and the associated oversight of that policy is just as important, if just as important, is policy that of oversight the associated and implementation agency’s their of the implications from disconnect policymakers If itself. the policy so, than more not comply to resources their utilize to best how about feel uncertain will agencies activities, Follow-through is critical Follow-through An insufficient. it is usually change, about bring can alone a policy of the creation Though The State of Federal IT SOFIT-7 THE STATE OF FEDERAL IT FEDERAL OF STATE THE STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE Ensuring the highest value in IT investments; in IT value the highest Ensuring digital services; Expanding and improving and and information; assets IT Federal for cybersecurity Emphasizing workforce. the IT developing and Training
4. 2. 3. 1.
been made to streamline and modernize the agency’s IT footprint. For the others, where where the others, For footprint. IT the agency’s and modernize streamline been made to inconsistencies in how IT is executed from agency to agency. For those agencies where where those agencies For agency. to agency from is executed IT in how inconsistencies has progress great investments, all IT manage to authority CIO has broad the agency effective IT solutions to meet agency business needs. agency meet to solutions IT effective to led and spending have investment IT-related over authority of levels Differing The role of the agency CIO is broad and challenging. To be successful, agency CIOs need need CIOs agency be successful, To and challenging. CIO is broad the agency of role The must also understand They portfolio. IT the agency’s of and oversight authority proper and insight clear provide to mission and leadership agency’s their of the language Agency CIOs Agency success. Over the last decade, Federal IT policies focused on boosting IT security, security, on boosting IT policies focused IT last decade, Federal the Over success. the of the role the cloud, and strengthening and services shared use of encouraging CIO. agency IT policy and help agencies implement and operationalize those policies. They also play also play They those policies. and operationalize implement and help agencies policy IT measure to with agencies working benchmarks and in determining role an oversight The Federal CIO heads the Office of the Federal CIO (OFCIO) within the Office of Office within the (OFCIO) CIO Federal of the CIO heads the Office Federal The as is also known the OFCIO (note, House White in the (OMB) and Budget Management develop to role is OFCIO’s Technology). Information and of E-Government the Office Office of Management and Budget and Management of Office programs, projects, and requirements under existing law and will present both both will present and law existing under and requirements projects, programs, one. CIO on day Federal the next to opportunities and challenges These core objectives lay the foundation for how agencies should view their IT their view agencies should how for foundation the lay objectives core These The next Federal CIO should focus on a broad array of objectives including: objectives of array on a broad CIO should focus Federal next The the entire Federal government, and ensuring that these investments help agencies meet meet help agencies these investments and ensuring that government, Federal the entire way. and cost-effective reliable, a secure, in mission and goals their Leading this effort is the Federal Chief Information Officer (CIO) who has the formidable who has the (CIO) Officer Information Chief Federal is the this effort Leading for investments and technology planning, strategic policy, technology overseeing task of Federal CIO Federal management and communications, or customer-facing digital channels. The public relies The public channels. digital customer-facing or communications, and management on its and draw government with the Federal interact to everyday on this infrastructure community. IT in the Federal visible players the most of some are Below services. budget for Fiscal Year (FY) 2017 of more than $80 billion. Technology is at the heart is at Technology than $80 billion. more (FY) of 2017 Year Fiscal for budget systems internal hosting, back-end it be whether program, government every of Current Federal IT Landscape IT Federal Current a and players key many with and diverse, is broad landscape IT Federal current The The State of Federal IT SOFIT-8 THE STATE OF FEDERAL IT FEDERAL OF STATE THE STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE be the focus point for agency IT activities and, working with senior agency leadership, leadership, agency with senior working and, activities IT agency for point be the focus we do business. way in the changes transformative must drive enterprise wide view of an agency. There needs to be one central point of accountability accountability of point be one central needs to There an agency. of view wide enterprise and natural and the most agency of an technology and information the information for to CIOs need Agency Officer. Information Chief created statutorily position is the logical If the IT framework is fragmented, it can be more difficult for leadership to obtain an to leadership for difficult be more it can is fragmented, framework the IT If Secretary or Deputy Secretary. In those instances, the CIO is often not included in the not the CIO is often those instances, In Secretary. Deputy or Secretary are to the CIO and directly report cases, these positions other In structure. reporting framework. leadership IT the overall into integrated fully However, unlike most CISOs, these new chiefs joined organizations in a disparate disparate in a joined organizations chiefs these new most CISOs, unlike However, the to directly report leadership, agency the behest of on at brought Some, manner. CIOs and Chief Information Security Officers (CISOs) as part of the IT leadership, often IT leadership, of the as part (CISOs) Officers Security Information and Chief CIOs agencies. business need at or opportunity a perceived to in response The last few years have seen an increase in different “Chiefs” - Chief Technology Technology - Chief “Chiefs” in different seen an increase have years last few The brought were who - like the Officers and Innovation Chief Officers, Data Chief Officers, joined chiefs These new gaps. perceived counter to or challenges specific address on to The New Chiefs New The secure, reliable systems, and work together to ensure these systems are properly properly are these systems ensure to together work and systems, reliable secure, needs. agency meet effectively to resourced eliminate duplication and waste. Common performance metrics should identify and should identify metrics Common performance waste. and duplication eliminate to order in effective and efficient are and programs processes IT whether illustrate on strong, a premium place must agency the across Leaders mission success. achieve into the impacts of IT agency wide. agency IT the impacts of into can help portfolio IT agency’s of the evaluation a holistic a financial perspective, From strong working relationships amongst these key business leaders will allow for full line of of full line for allow will business leaders key amongst these relationships working strong understanding a deeper facilitate will and agency of the operations entire the into sight not be able to function or carry out their missions successfully. From the White House White the From missions successfully. out their carry function or be able to not budget, who oversee leaders and C-Suite teams management agency and OMB to and Cooperation success. to vital is coordination and human resources, procurement Across agencies, business leaders need to understand the importance of IT IT of the importance understand to need business leaders agencies, Across would programs government most systems, IT secure reliable, Without infrastructure. C-Suite Agency Agency Leaders C-Suite retaining top-tier talent in a highly competitive field. Many agency CIOs understand the understand CIOs agency Many field. competitive in a highly talent top-tier retaining IT major for funding to secure order and business needs in mission together tie need to investments. CIOs continue to face a host of challenges ranging from budget shortfalls, large legacy legacy large shortfalls, budget from ranging challenges of a host face to continue CIOs and attracting in and difficulties threats, cybersecurity ever-increasing portfolios, IT agency CIOs are only able to control pieces of the total IT footprint, it has been harder harder been it has footprint, IT total the of pieces control to able only are CIOs agency improvements. achieve to The State of Federal IT SOFIT-9 THE STATE OF FEDERAL IT FEDERAL OF STATE THE STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE for the Federal government, intelligence community, and law enforcement. The United United The enforcement. and law community, intelligence government, the Federal for Cybersecurity and Communications Integration Center (NCCIC), which provides 24/7 provides which (NCCIC), Center Integration and Communications Cybersecurity communication cybersecurity of response, and management incident awareness, situational Department of Homeland Security (DHS) Security Homeland of Department Within efforts. cybersecurity government’s in the Federal role a major DHS plays National houses the agency the Directorate, Programs and Protection the National volume discounts and leveraging best practices. and leveraging discounts volume helping agencies build, buy, and share technology that allows them to better serve the serve better them to allows that technology and share build, buy, helping agencies helps (FAS) Service Acquisition the Federal Finally, arms such as 18F. public, through via efficiencies cost achieve to in order vehicles procurement common leverage agencies OGP also supports the Federal CIO Council and CIO.gov website. GSA’s Technology Technology GSA’s website. and CIO.gov CIO Council also supports the Federal OGP by government with experience the public’s improves (TTS) Service Transformation Federal government. The Office of Government-wide Policy (OGP) provides support provides (OGP) Policy Government-wide of Office The government. Federal in areas requirements IT Federal with help them comply to agencies to and guidance optimization. center data and accessibility, and authentication, such as security General Services Administration (GSA) Administration Services General for the IT functions centralized various support that main offices has three GSA of government-wide IT efforts. These organizations, along with OMB and the White White with OMB and the along These organizations, efforts. IT government-wide of IT initiatives. for and direction the landscape in setting role a major play House, Government-wide Agencies IT Government-wide oversight and policy, security, for with responsibilities agencies Federal several are There to make use of new technologies needs to be at the forefront of the IT workforce efforts. workforce the IT of the forefront be at needs to technologies new use of make to employees increasing every day, new talent must be hired into the government in order in order government the into must be hired talent new day, every increasing employees employees Federal new Recruiting and technologies. tools evolving handle constantly to tools the right and have training the right receive personnel existing and ensuring that Management.” These individuals work to build, operate, manage, and make policy for IT IT for policy and make manage, build, operate, to work individuals These Management.” Federal retirement-eligible of With the number government. the across organizations The Federal IT workforce is the backbone of all of these technology efforts. Today, Today, efforts. these technology all of is the backbone of workforce IT Federal The Technology “Information of classification people hold the employment 80,000 over an effective group of dedicated individuals to succeed. individuals of dedicated group an effective Workforce IT Federal of this effort, providing the strategic vision to ensure all of these parts work together together work these parts of all to ensure vision the strategic providing this effort, of to identify leads with business work closely to CIO needs addition, the In seamlessly. requires that team sport a IT is truly modern, digital solutions. to leverage opportunities to improve security; and CDOs provide detailed analysis of data to inform decisions decisions inform to data of analysis detailed provide and CDOs security; improve to center at the CIO sits transformative A stakeholders. external to this and communicate centric CIO focused on aligning IT capabilities to achieving mission, these chiefs these chiefs mission, achieving to capabilities on aligning IT CIO focused centric modern to leverage on how the expertise provide can CTOs partners. natural become approaches risk-based provide CISOs process; the business transform to technologies These other chiefs are all part of this effort and their relationship to the CIOs needs needs CIOs to the relationship their and effort this of part all are chiefs other These a customer- With institutionalized. become roles as these defined clearly be more to The State of Federal IT SOFIT-10 THE STATE OF FEDERAL IT FEDERAL OF STATE THE STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE In conjunction with the establishment of 18F and USDS, OMB partnered with OPM OMB partnered and USDS, 18F of with the establishment conjunction In and attract to agencies by use for job description expert” services “digital a develop to talent. sector private recruit engineers, designers, and managers who leverage innovative approaches and best approaches innovative who leverage and managers designers, engineers, agencies. Federal within projects for companies services digital successful from practices In 2014, both GSA’s 18F and the White House’s U.S. Digital Service (USDS) were were (USDS) Service Digital U.S. House’s White and the 18F GSA’s 2014, both In developers, experienced of composed largely are organizations established. Both for all Federal information systems that incorporates common technical standards. technical standards. common incorporates that systems information all Federal for and USDS 18F and guidelines for information system security across the Federal space. As an example, As an space. Federal the across security system information and guidelines for selection control security for Framework Management outlines a Risk 800-53 SP NIST status. OMB works closely with NIST in updating policies and issues numerous numerous policies and issues in updating with NIST closely works OMB status. of the most One implementation. IT in their help guide agencies to publications requirements which provide special publications, is the 800 series of these of important Although NIST standards for Federal systems are mandatory for agencies to implement, implement, to agencies for mandatory are systems Federal for standards NIST Although implementation assess security and does not role an oversight have does not itself NIST NIST, a component of the Department of Commerce, is a technically oriented oriented a technically is Commerce, of the Department of a component NIST, security non-national for and guidelines standards with developing charged organization agencies. Federal other with OMB and coordination in systems, information Federal National Institute for Standards and Technology (NIST) Technology and Standards for Institute National activity targeting the nation’s networks. In addition, US-CERT operates the National the operates US-CERT In addition, networks. nation’s the targeting activity and detection intrusion provides which (NCPS), System Protection Cybersecurity agencies. Federal covered to capabilities prevention States Computer Emergency Readiness Team (US-CERT) is a core branch of NCCIC, NCCIC, of branch is a core (US-CERT) Team Readiness Emergency Computer States on malicious bear to expertise analysis media digital and network advanced bringing The State of Federal IT THE STATE OF FEDERAL IT USDS also emphasizes training programs and tools to enable Federal contracting officers to apply industry best practices to digital procurements and serve as expert advisors to their CIOs on procurements. For example, USDS piloted a new Digital Service Contracting Professional training program designed to teach agency contracting officers about how to better support and enhance IT procurements to leverage modern digital practices. In addition to developing new talent and supporting agency services, USDS also demonstrates modern practices: applying user-centered design framework and using agile software development practices in government. 18F partners with agencies for a fee. The team provides acquisition services, builds shared technology platforms that can be used across government, and provides training. 18F has also developed a number of government-wide shared platforms such as cloud.gov, a government-wide cloud platform. These platforms have helped its digital services experts (as well as those at USDS and agencies) to work more efficiently and effectively, accomplish common tasks in a repeatable fashion, or address long-standing policy or technology obstacles. Oversight Congress, the Government Accountability Office (GAO), and Inspectors General (IGs) at each agency provide important oversight of how Federal agencies spend money and allocate resources. Congress oversees the activities of the Executive Branch and Federal agencies through its Committees and their hearings. Specifically, the House Oversight and Government Reform Committee and the Senate Homeland Security and Governmental Affairs Committee have general jurisdiction over the entire Federal government in order to evaluate the efficiency and effectiveness and ensure the accountability of all agencies and departments. GAO supports Congress by auditing and analyzing agency operations, analyzing programs, and investigating illegal activity. Where GAO has a government-wide role, agency IGs perform similar oversight functions focusing solely within the agency itself. Ultimately, the oversight role strives to ensure that Americans are getting the most from their taxpayer dollars. Notes 1. https://acc.dau.mil/adl/en-US/22163/file/2121/Cohen%20Computer%20Chaos%201994.pdf
2. http://www.wired.co.uk/article/digital-estonia
STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 SOFIT-11 Policy Introduction POL-1
POLICY PAPERS POLICY
STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE Federal Shared Services Shared Federal Cybersecurity Management Contracts and Acquisition Management and Oversight of IT of and Oversight Management Modernization Infrastructure IT Government and Open Data Open
A series of short narratives designed to highlight agency perspectives on specific perspectives agency to highlight designed short narratives series of A for Findings can include opportunities policies and initiatives. government-wide and best practices³ stories as success well as improvement metrics and oversight methods and oversight metrics narrative description, and the key strengths, challenges, and impact of each and impact challenges, strengths, key and the description, narrative A summary of the policy area, including history, goals, major terms, and definitions terms, major goals, including history, area, the policy of summary A A list of high-level observations about the policy area about the policy observations high-level list of A A description of the primary objective(s) for a policy area, as well as examples of examples well as area, as a policy for objective(s) the primary of description A A list of significant strategies and initiatives related to the policy area, including a to the policy related and initiatives strategies significant list of A F. E. B. C. A. D.
Agency Observations and Findings Observations Agency Evaluating Metrics Evaluating
Overview Evolution Policy Summary Each topic is discussed in a subsequent chapter, broken down into the following sections: the following into down broken chapter, is discussed in a subsequent topic Each and Budget (OMB) memoranda, circulars, strategies, and guidance.² From this list, a subset From and guidance.² strategies, circulars, memoranda, (OMB) and Budget topics: six distinct into grouped were and analysis chosen for were policies of wide IT policies, strategies, and initiatives over the last decade. Beginning with a list Beginning decade. the last over and initiatives policies, strategies, wide IT include a to widened then was the scope (CIOC),¹ CIO Council the Federal by provided Management of Office and directives, presidential orders, executive 188 statutes, of total The policy chapters in the State of Federal IT report provide an analysis of key government- key of an analysis provide report IT Federal of in the State chapters policy The
Introduction Policy Volume Policy Policy Introduction POL-2 Figure Pol-1: PortfolioStat KPIs, Reuse Year to Year Reuse KPIs, PortfolioStat Pol-1: Figure 2016 2012 - FY FY Year, both policy area as well as specific policy as specific policy well as area policy both in the is provided being measured, efforts Appendix. While there are valid reasons a particular a particular reasons valid are there While shift from or change KPI may or metric 80% of nearly that fact the year, to year more appear do not KPIs PortfolioStat the ability impacted has likely than once and OMB to benchmark agencies of full list A areas. policy in certain progress FY used from KPIs PortfolioStat the of by down 2016, broken FY 2012 through Figure Pol-1 is based on an analysis of of is based on an analysis Pol-1 Figure by provided Books, Briefing PortfolioStat and illustrates year every from OFCIO, As year. to year from in KPIs the changes 64, or (50 out of KPIs many below, shown Book and in one Briefing appear 78%) only books. in future reused not are POLICY PAPERS POLICY CAP CAP 4 The KPIs used in KPIs The 5 STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE
metrics during the same time period. metrics year. The following figures summarize summarize figures following The year. other of and the usage KPIs, of the reuse Portfoliostat have varied over the years, years, the over varied have Portfoliostat government- in changes in part reflecting to year wide policies and priorities from well as strategic, architectural, and asset and asset architectural, as strategic, well information.” inventory evaluating major policy priorities. KPIs priorities. KPIs policy major evaluating on data targeted “high-quality, provide as portfolios, agency of the maturity investments. Progress is measured is measured Progress investments. (KPIs) indicators performance using key of the Federal CIO (OFCIO) since since CIO (OFCIO) the Federal of examination an is 2012. PortfolioStat IT of portfolio entire an agency’s of which has been the primary agency agency which has been the primary the Office mechanism for oversight quarterly updates posted publicly. posted updates quarterly mechanism is PortfolioStat, other The agency commitments and key performance performance and key commitments agency with years, multiple over indicators and complement other cross-agency cross-agency other and complement A efforts. goal-setting and coordination track Goals CAP IT-related of number the CAP Goals in February 2012. in February Goals the CAP priorities Presidential of a subset are Goals cross-government collaboration and tackle collaboration cross-government challenges management government-wide created OMB agencies, most affecting initiatives, including the Cross Agency Agency Cross the including initiatives, on progress speed To Goals. (CAP) Priority OMB has used a number of mechanisms of a number OMB has used on IT performance agency evaluate to Information and Goals Priority Cross-Agency PortfolioStat Other Key Policy Policy Key Other Policy Introduction POL-3 comprehensive viewpoint from which to which to from viewpoint comprehensive outcomes. successful towards drive will chapters policy following The the regarding context additional provide and opportunities failures, successes, of in the execution improvement for strategies policy government-wide Federal of variety wide the throughout agencies. In fact, some agency bureaus are actually actually are bureaus agency some fact, In than budgets IT bigger have and larger OMB engages whom with agencies whole holds a OMB example, For directly. Department with the session PortfolioStat leadership with the not but Education, of Protection Border and Customs U.S. of as spends twice though CBP even (CBP), (see year per on IT much as Education page). table on following Federal that important is critically It leadership and agency policymakers the different with themselves familiarize of the oversight used for methods and strategies government-wide strong an equally Additionally, initiatives. and agencies various with the familiarity with a more leaders will provide bureaus POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE down into the lower levels of the agency. the agency. of levels the lower into down agency. As a result, many CIOs do not have have do not CIOs many As a result, agency. priorities Administration push to the ability with agency leadership and members of of and members leadership with agency mission different significantly or Congress, the of rest the needs from and operational more politically important bureau will more will more bureau important politically more relationship direct own their have likely agencies, many CIOs face challenges challenges face CIOs many agencies, or priorities policy coordinating or larger A an agency. across requirements However, because of the size and the size because of However, in their some bureaus of independence ensure implementation of a policy or or a policy of implementation ensure agency. entire the across initiative then works internally with bureau IT IT with bureau internally works then to leadership and other counterparts OMB policies and oversight typically typically OMB policies and oversight with the headquarters on engaging focus CIO turn, an agency In agencies. of Government-wide Policy Focus: Focus: Policy Government-wide Bureau vs. Agency Book included other data that were not not were that data included other Book as KPIs. identified not marked as KPIs. For example, the FY FY the example, For as KPIs. marked not (8) responses eight included 2012 Book 2013 and the FY questions survey to In addition, some years of PortfolioStat PortfolioStat of years some addition, In data quantitative include Books Briefing Policy Introduction POL-4 689 562 504 675 674 665 1,966 1,672 1,655 1,501 1,361 1,121 1,084 933 896 850 828 827 786 775 772 751 714 710 690 IT $M IT 30,780 12,566 11,318 9,040 7,792 6,553 6,204 5,117 4,403 3,940 3,507 3,418 3,054 2,699 2,449 2,312 Agency Bureau Bureau Bureau Bureau Bureau Agency Bureau Agency Agency Agency Agency Bureau Bureau Bureau Bureau Bureau Bureau Bureau Bureau Bureau Bureau Agency Agency Bureau Type Agency Agency Bureau Bureau Bureau Bureau Agency Bureau Agency Agency Agency Agency Bureau Agency Bureau Agency
POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE Bureau - Food and Drug Administration (HHS) Administration and Drug - Food Bureau (Commerce) Office Trademark and Patent - U.S. Bureau (Commerce) Administration Atmospheric & Oceanic - National Bureau (HHS) and Prevention Control Disease for - Centers Bureau Labor (Agency) (Agency) Labor (Agency) GSA (Commerce) the Census of - Bureau Bureau ED (Agency) (Energy) Administration Security Nuclear - National Bureau Bureau - Office of Chief Information Officer (USDA) Officer Information of Chief - Office Bureau (DHS) Directorate Programs and Protection - National Bureau Families (HHS) and Children for Administration - Bureau (DHS) Administration Security Transportation - Bureau Bureau - General Administration (Justice) (Justice) Administration - General Bureau (Justice) Investigation of Bureau - Federal Bureau (DHS) Services Immigration and - Citizenship Bureau Health (HHS) of Institutes - National Bureau (Treasury) Service - Fiscal Bureau Energy (Agency) Energy (Agency) SSA (Agency) NASA (Agency) Interior (USDA) Service and Nutrition - Food Bureau Justice (Agency) Justice (Treasury) Service Revenue - Internal Bureau (Agency) Commerce (Agency) State (DHS) Protection and Border Customs - U.S. Bureau VA (Agency) VA (Agency) Treasury (Agency) DOT (Agency) USDA (DOT) Administration Aviation - Federal Bureau Bureau - Centers for Medicare and Medicaid Services (HHS) Services and Medicaid Medicare for - Centers Bureau (DOD) Army - Bureau (DOD) Corps Marine - Navy, Bureau DHS (Agency) (DOD) Force Air - Bureau Bureau or Agency Name Agency or Bureau DOD (Agency) HHS (Agency) (DOD) - Defense-wide Bureau Bureaus and Agencies with Annual IT Spending > $500 Million⁶ > $500 Spending IT Annual with Agencies and Bureaus Policy Introduction POL-5
POLICY PAPERS POLICY . The agency agency The . https://cio.gov/
see Agency Volume Introduction Volume Agency see STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE https://itdashboard.gov see Appendix A: Policies and Initiatives A: Policies Appendix see
example, the HHS total reflects all components, including components, all reflects HHS total the example, IT of the 75% nearly for in CMS accounting CMS, resulting HHS spend at memoranda/2013/m-13-09.pdf Dashboard. IT Federal For agency. that at all components of inclusive are totals OMB M-13-09. “Fiscal Year 2013 PortfolioStat Guidance: Guidance: 2013 PortfolioStat Year OMB M-13-09. “Fiscal 3/27/2013. Management.” Portfolio IT Federal Strengthening https://www.whitehouse.gov/sites/default/files/omb/ OMB first established a limited number of interim [CAP Goals] Goals] [CAP interim of number established a limited OMB first in March goals of set a new released 2012 and in February Questions.” Asked “Frequently 2014. Performance.gov. https://www.performance.gov/faq and DCIOs. For more information about these interviews and about these interviews information more For and DCIOs. please involved, the agencies The primary source of information for developing these developing for information of source primary The conducted interviews of a series was findings and observations CIOs agency with 2016 of and Fall the Summer throughout resources/it-policy-library/ examined as initiatives and all policies, strategies, a list of For the report, part of Federal CIO Council. “IT Policy Library”. Library”. Policy “IT CIO Council. Federal
6. 5. 4. 3. 2. 1. Notes Management and Oversight of IT
I think FITARA presents a historic opportunity to reform the management of information technology across the Federal government. It is important that we do not underestimate the work and the commitment required by agencies and the broader ecosystem to fully implement this law. And the changes it represents in culture, governance, IT processes, business process, and quite frankly the way we do oversight. Simply replaying pages from our old playbook is not the solution.
— Federal CIO Tony Scott1
Summary The Federal government has long struggled with acquiring, “ developing, and managing information technology (IT) investments. For example, although the Federal government spends over $80 billion a year on IT, almost half (43%) of Federal IT projects Cost reported on the IT Dashboard are over budget or behind schedule.
Budget, spending, acquisition, and management decisions are frequently made by programs or bureaus of an agency without any CIO visibility or input. Accountability In the wake of recent security breaches in the public and private sector, improving the government-wide cybersecurity posture is critical. However, inadequate coordination between agency CIOs Risk and bureaus can impede the implementation of related initiatives. The Federal Information Technology Acquisition Reform Act (FITARA) can be used to further empower CIOs to be more fully integrated into all agency processes for developing and delivering IT investments. OMB’s continued focus and oversight is critical to Policy FITARA’s success.
STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 A-1 Management & Oversight of IT A-2 4 This This seminal 5 Too often, agencies, agencies, often, Too 3
6 shared agency-wide IT solutions. For For solutions. IT agency-wide shared over in 2012, OMB reviewed example, that investments IT agency 7,000 Federal OMB and found to had been reported and billions redundancies potential many could be that savings in potential dollars of a or consolidation either through achieved delivery. service IT to approach shared systems in their agency. As a result, As a result, agency. their in systems an enterprise- take unable to are agencies which investments IT their of view wide waste, in duplication, results frequently outcomes. and poor new develop seek to components, or existing assessing before solutions first, to achieve ways identifying or options, for IT capital planning, investment capital planning, investment IT for and results-based performance, control, the later, years Several management. the 2002 reiterated of Act E-Government and management IT for responsibility CIO’s respective at their security information agencies. To improve the management of IT across across IT of the management improve To and Congress government, the Federal to attempted repeatedly OMB have as serve CIO to the agency empower and the management for leader the key 1996, In systems. IT agency of oversight Act passed the Clinger-Cohen Congress things, established which, among other CIO. agency of the position forth OMB’s also set legislation of piece improving for responsibility overall requirements outlined detailed IT, Federal POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE
2
limited to no visibility into all of the IT the IT all of into visibility no to limited their IT in a decentralized manner and manner in a decentralized IT their have (CIOs) Officers Information Chief nature of many Federal agencies has agencies Federal many of nature IT duplicative of a proliferation led to manage agencies Many investments. agencies face in acquiring and developing and developing in acquiring face agencies the stove-piped investments, specific IT listed as over budget or behind schedule. or budget as over listed that to the challenges addition In IT projects in 780 major IT investments investments IT in 780 major projects IT agencies. government Federal across were those projects (43%) of half Nearly promises. For example, in September 2016, September in example, For promises. 4,300 over listed Dashboard IT the Federal investments. Individually, too many many too Individually, investments. fall budget, run over projects IT Federal on their deliver to fail behind schedule, or have a poor track record in acquiring, in acquiring, record track a poor have IT and managing Federal developing, systems. to continues government Federal The investments, and billions of dollars spent spent dollars and billions of investments, “legacy” and expensive outdated, on older, many of the same problems that Federal Federal that the same problems of many management - poor today face agencies and duplicative wasted systems, IT of entitled “Computer Chaos,” could just as could Chaos,” “Computer entitled in 2016 and listed written been easily led an investigation into the Federal Federal the into led an investigation IT its manage to ability government’s report, 1994 resulting The investments. Over two decades ago, then ago, decades two Over Maine of Cohen William Senator Overview Overview Management and Oversight of IT of Oversight and Management Management & Oversight of IT A-3
— Agency CIO Agency — or insight. or The CIO position at my CIO position at The CIO there to provide input provide to there CIO impact without having the without having impact to change that. Decisions are are that. Decisions change to nor is there anything planned planned anything there is nor agency is not a member of the of a member is not agency made in the WCF that have IT IT that have WCF the made in Working Capital Fund (WCF) - (WCF) Fund Capital Working of the CIO in IT decisions, improve IT IT improve decisions, the CIO in IT of and ultimately practices, management return government’s the Federal improve investments. on its IT place in agencies will take time, resources, resources, time, take will agencies in place consistent importantly, and, most energy, agency from oversight and engagement and Congress. OMB, leadership, provides chapter this policy of rest The about the specific information more OMB that and strategies initiatives the role strengthen to has employed POLICY PAPERS POLICY For 7 STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE -making. Even with these tools, with these tools, -making. Even transformational changes that must take must take that changes transformational program managers and teams, and having and having and teams, managers program The and qualified personnel. consistent senior executive support for the program, the program, for support executive senior in developing involvement end-user active skilled having and testing, requirements successfully acquire, implement, and implement, acquire, successfully including investments, its IT manage Ultimately, there are many factors factors many are there Ultimately, to an agency for must be in place that though, the maturation of an agency’s IT IT an agency’s of though, the maturation that is something practices management challenges. present will always aspects of IT management, budgeting, and budgeting, management, IT aspects of decision creation of the Common Baseline, agencies Baseline, agencies Common the of creation can be used that levers new have now all into CIOs their integrate fully more to With the passage of FITARA and the FITARA of the passage With Baseline) and is working with agencies to to with agencies working and is Baseline) had CIOs would ensure which actions take described in FITARA. all the responsibilities of responsibilities called the “Common called the “Common responsibilities of (Common Management” IT for Baseline without the approval of the agency the agency of without the approval these statutory OMB translated CIO. framework an overall into requirements may not submit an IT budget, enter into into enter budget, IT submit an not may CIOs bureau hire or acquisitions, IT (FITARA) was enacted in 2014 to further further 2014 to in enacted was (FITARA) a CIO. of authority the strengthen agencies specifies that the law example, More recently, the Federal Information Information the Federal recently, More Act Reform Acquisition Technology Management & Oversight of IT A-4 PortfolioStat / Initiative Benchmarking FedStat Information Federal Reform Acquisition Technology and FITARA (FITARA) Act Baseline Common Strategic Business Business Strategic Framework Management Management President’s - E-Government Agenda Federal IT Dashboard Dashboard IT Federal TechStat and — 2008 — present 2012 2013 2014 1996 2002 Portfolio-wide review of an agency’s IT investments. IT an agency’s of review Portfolio-wide including services, management key of Measurement and bureau. each agency at IT, The CIO authorities. to strengthen Legislation the of a framework established Baseline Common agency of expected and authorities responsibilities in involved officials agency senior and other CIOs IT. of the management Reports to OMB major IT investment business cases, investment IT OMB major to Reports resource information investments, spending on IT architecture plans, and enterprise management materials. Developed a quarterly score for agency capital agency for score a quarterly Developed IRM plan, and enterprise planning materials, through high risk projects Tracked plans. architecture List. Watch List & Management Risk the High 2009 driven reviews of underperforming investments. underperforming of reviews driven A data-driven dashboard that provides monthly monthly provides that dashboard data-driven A and data- investments IT major for updates status Key Initiatives Key POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE
was recently strengthened in FITARA. strengthened recently was of the IT activities of the agency. However, However, agency. of the activities the IT of portfolio IT an agency’s over CIO authority to agency performance. In many agencies, agencies, many In performance. agency to supervision, direct have do not CIOs control management or authority, budget results were shared with the public thereby with the public thereby shared were results accountability and attention bringing more justification for specific new investments. investments. new specific for justification transparency for desire increased an by Led these of spending, more government into over the years to examine an agency an agency examine to years the over the business and assess portfolio IT Policy Evolution Policy been employed have strategies Various Management & Oversight of IT A-5 EA facilitates facilitates EA designed to describe each agency’s current current describe each agency’s designed to way in a common architecture and future resources, share help agencies to in order lessons learned, and management similar be applied to could that approaches government. the across activities types of Enterprise providing by process the CPIC Architecture. to streamline recommendations duplication eliminating investments, of adoption and encouraging effort, of achieve to required are that technologies were requirements EA state. the future establishment the in 2002 by augmented Enterprise Federal government-wide of and guidance (FEA) Architecture government- established FEA reporting. models for reference wide standard technical businesses, services, identifying each aspects of and other components, was FEA environment. IT overall agency’s POLICY PAPERS POLICY Since Since 8 OMB requires OMB requires
STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE and CPIC processes described below. and CPIC processes planning, budget, and program decisions and program planning, budget, The an organization. across integrated are the EA in turn, informs Plan, IRM Strategic IRM activities help agency’s accomplish accomplish agency’s IRM activities help IT that ensure and seek to missions their IT resources. The contents of these plans of contents The resources. IT but the plans years the over varied has how of a description provide generally the efficiency and effectiveness of each effectiveness and the efficiency and information of management agency’s IRM Strategic resources “information write to agencies Planning. on improving focusing plans” management acquisition, and project management management and project acquisition, agency. their decisions at As a result, CIOs were able to increase increase able to were CIOs As a result, budget, IT with involvement their 1996, CIOs have used some of these these used some of have 1996, CIOs reporting establish internal to tools mechanisms. and governance requirements and the Government Performance and and Performance and the Government Plan. Strategic (GPRA) Act Results Resources Management (IRM) Strategic Strategic (IRM) Management Resources (EA), Capital Architecture Enterprise Plan, (CPIC), Control Investment and Planning management framework for Federal Federal for framework management Information agencies’ of consists agencies Management Framework Framework Management business strategic integrated An 1996 — present 1996 Business Strategic Management & Oversight of IT A-6 Provided a common language for for language a common Provided enterprise describe their to agencies investments and IT architecture the provided requirements Reporting IT into visibility CIO increased agency investments self- are spending levels IT Agency export an not CIO staff, by reported often systems, financial agency from questions quality data leading to reporting CPIC and EA The treated frequently are requirements are and exercises as compliance IT improve used to consistently not and oversight management improve to CIOs a baseline for Provided decision making investment IT their the CPIC such as updates, Future a provide underway, enhancements continued drive to process known change • • • • • •
Strategic Business Management Framework Management Business Strategic Key Strengths Key Challenges Policy Impact
10 POLICY PAPERS POLICY For 11 STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE The CPIC process describes describes CPIC process The 9 A key tool in the oversight of IT IT of oversight in the tool key A to ensure visibility into how agencies are are agencies how into visibility ensure to spending on cybersecurity. managing their Government and make agency IT spending IT agency and make Government also includes a new It comparable. more and Compliance” Security emphasis on “IT for FY 2019 explores changes to help to changes 2019 explores FY for the submissions across data standardize “Capital Planning Guidance” updated updated Guidance” “Capital Planning A-11. in OMB Circular annually being developed the guidance example, business cases for major investments. major business cases for detailed increasingly the led to This produces the President’s Budget, a team a team Budget, the President’s produces list overall agencies’ reviews analysts of and the detailed investments all IT of the development and review of agency agency of and review the development as OMB year Each requests. budget IT future fiscal year spending plans on each spending plans year fiscal future and and its impact on mission investment in OMB for role continuing establishes a guidelines. and current, previous, the agency’s investments is the CPIC process which which is the CPIC process investments the in 1996 through introduced first was high-level of as a series Act Clinger-Cohen Capital PlanningControl. and Investment Management & Oversight of IT A-7 to implement new strategies and strategies new implement to outcome-oriented fundamental make improvements around agencies to feedback Repeated weaknesses and strengths consistent of understanding clear reinforced business regarding expectations OMB’s PMA after even which endured cases ended the priorities how a model for Provided could be offices’ management OMB’s of budget an agency’s into incorporated review Provided a regular (quarterly) (quarterly) a regular Provided progress each agency’s of measurement OMB allowing initiatives, OMB on key needed was work more where see to efforts follow-up and target with results government-wide Shared the public to communication clear Provided OMB management of agencies progress agencies’ priorities and how time over be measured would artifacts agency qualitative Translating quantitative into (business cases, plans) significant required quarter every scores time staff categories to changes prohibiting By to in order period-to-period from time, over the consistency improve new difficult to incorporate was it as they the framework priorities into emerged on focus compliance-oriented The efforts from detracted the scorecard • • • • • • • •
Policy Impact President’s Management Agenda - Agenda Management President’s E-Government Key Strengths Key Challenges POLICY PAPERS POLICY The The 12
STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE The Management Watch Watch Management The 13 posted online, thus requiring agencies to to agencies online, thus requiring posted major for their post justifications publicly investments. IT and oversight. were Scorecards PMA List and agency Management Watch List and High Risk Risk List and High Watch Management or on individual programs focused List that attention needed more that investments into an overall assessment for the agency. the agency. for assessment an overall into addition, OMB established a In of agency IT business cases, enterprise business cases, enterprise IT agency of plans strategic plans, and IRM architecture over five major management areas, areas, management major five over and IT. including E-Government evaluations aggregated Scorecard PMA (PMA) Scorecard was introduced in introduced was Scorecard (PMA) oversight providing of 2001 as a method Agenda - E-Government - E-Government Agenda Agenda Management President’s The 2002 — 2008 2002 Management President’s Management & Oversight of IT A-8 the data themselves increasing citizen citizen increasing themselves the data and oversight engagement TechStat and Dashboard IT The OMB, and sessions helped agencies, and projects at-risk IT identify Congress measures corrective implement current OMB’s about asked When and oversight management to approach CIOs the agency none of IT, of efforts TechStat mentioned Improved transparency into major IT IT major into transparency Improved investments could so the public available data Made spend taxpayer agencies see how dollars and money saved TechStats Early underperforming turned around investments that data from draws Dashboard IT The leading agencies by is self-reported and quality questions about data to completeness any performed OMB has if Unclear years in recent TechStats OMB to from TechStats Shifting diminished the executive agencies the initiative of and impact scrutiny a major represents Dashboard IT The document- static, the from away shift data live toward approaches, driven visualizations and analyze download public could The • • • • • • • • • •
Policy Impact Federal IT Dashboard and TechStat and Dashboard IT Federal Key Strengths Key Challenges
16 15 POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE 14 17 memo updated its requirements its requirements memo updated sessions, TechStat agency-led for of OMB notify to agencies requiring each session. on the Dashboard whether they used they whether on the Dashboard agile development or incremental when describing each IT practices project. implementation 2015 FITARA OMB’s 2011. to OMB is required FITARA, Under and Dashboard the IT both continue sessions. TechStat indicate began to 2015, agencies In In 2010-2011, OMB shifted the In to reviews TechStat of leadership then and agencies CIOs, agency an additional $930 million identified of the end by implications in cost sessions were conducted in 2010, in conducted were sessions cost $3 billion in total and led to average and an implications deliverables project of acceleration 8 months. to 24 months over from The majority of OMB-led TechStat TechStat OMB-led of majority The • • • • • evidence-based review” designed to designed to review” evidence-based underperforming and turnaround identify investments. IT OMB launched TechStat Accountability Accountability TechStat OMB launched “face-to-face, as a (“TechStat”) Sessions an assessment by the agency CIO of the of CIO the agency by an assessment risk. Using of level overall investment’s Dashboard, IT in the Federal the data as to whether major IT investments were were investments IT major whether as to as well as within budget, on schedule and In 2009, OMB publicly launched the launched the publicly 2009, OMB In information with Dashboard IT Federal 2009 TechStat and Dashboard IT Federal Management & Oversight of IT A-9 20 initiative and OMB have agencies While PortfolioStat, to cost savings attributed would savings what tell to it is hard PortfolioStat of in the absence exist opportunities identified how Unclear agency into factored in PortfolioStat review budget OMB or requests budget that 2015, OMB reported November In related “and TechStat, PortfolioStat, Federal the saved have efforts reform least $3.44 billion at government 2012.” FY since dollars enhancements such as updates, Future a known provide CPIC reporting, to change continued drive to process been held sessions have PortfolioStat the more 2012 - 2016, one of from in oversight IT to enduring approaches years recent on “PortfolioStat and follow-up Impact widely varied has Items” Action agencies between at efforts oversight “-Stat” Other in part modeled on are OMB and GSA CyberStat, (e.g., process PortfolioStat’s AcqStat) ProviderStat, FedStat, Applied the same Key Performance Performance the same Key Applied assessments and data (KPIs) Indicators for allowed which all agencies, for comparison and peer benchmarking improved detail quantitative Significant performance peers’ of awareness CIOs’ which included Deputy Sessions in bringing succeeded Secretaries IT to significant attention executive ended in were issues, but management 2015 FY varied PortfolioStat used in KPIs The which made it more year to year from implement to agencies challenging for and management and mature programs measurement the discussions strongly how Unclear are OMB and agencies between books and briefing with KPIs connected Deputy agency of removal The the PortfolioStat from Secretaries diminished have in 2015 may meetings the of and impact focus the executive • • • • • • • • • • • • •
Key Key Policy Impact Strengths Challenges PortfolioStat POLICY PAPERS POLICY
19 In comparison comparison In 18 STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE and the Federal CIO to “conduct an “conduct CIO to and the Federal of the [IT] Portfolio” of annual review the agency. Secretaries, became less formal became less formal Secretaries, held quarterly were discussions, and than annually. rather with work a CIO to requires FITARA agency their of Secretary the Deputy duplicative commodity IT systems systems IT commodity duplicative mobile email, desktops, (e.g., devices). sessions 2015, PortfolioStat In Deputy including agency stopped to identify duplication and duplication identify to be to appear do not that investments missions. with agency well-aligned PortfolioStat of year first The of on the consolidation focused PortfolioStat requires agencies to agencies requires PortfolioStat investments IT of view a holistic take • • • • designed to examine an agency’s IT IT an agency’s examine designed to whole. as a portfolio IT performance at the specific project the specific project at performance IT was PortfolioStat investment-level, or the Federal CIO to evaluate the agency’s the agency’s evaluate CIO to the Federal performance. IT overall examine which reviews TechStat the to requiring agency Chief Operating Officers Officers Operating Chief agency requiring CIO and with the agency annually meet to government. To address this problem, this problem, address To government. the implemented Administration the 2012, March in process PortfolioStat proliferation of duplicative IT investments investments IT duplicative of proliferation Federal and the broader agencies across When IT systems are managed in a in managed are systems IT When is a the result manner, decentralized 2012 PortfolioStat Management & Oversight of IT A-10 Provided CIOs with data to make make to with data CIOs Provided based levels about spending arguments experience on peers’ spending bureau-level Calculated services IT for benchmarks awareness executive Increased leading to data, agency and use of time over quality in data improvements across and comparability quality Data been called into have the government and calculation (services question agencies) between varied methods management identify agencies Helped with as (such issues and contracting help desk ticket double-counting closures) which savings cost potential Established government- the case for helped make Financial around wide initiatives and services shared Management Management Services Shared Unified (USSM) • • • • • •
Benchmarking Initiative / FedStat / Initiative Benchmarking Key Strengths Key Challenges Policy Impact POLICY PAPERS POLICY 22 Furthermore, Furthermore, 21 STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE the data completeness and agency and agency completeness the data Benchmarking. in participation Support Operations Cross-Agency Priority Priority Cross-Agency Operations Support evaluating includes KPIs Goal (CAP) lessons learned from PortfolioStat and the PortfolioStat lessons learned from initiative. Benchmarking Mission- and Improve the Benchmark covering a prioritized set of mission and of set a prioritized covering which combines issues” management meetings between OMB and agencies. OMB and agencies. between meetings as 2015, OMB has used FedStats Since coordinated...meeting an annual “single, and stakeholders) were added. were and stakeholders) FedStat is used as the basis for data This per month”), and customer satisfaction satisfaction and customer month”), per users of survey a standard (from scores subsequent years additional IT services services IT additional years subsequent metrics effectiveness operational metrics, closed help desk tickets of “number (e.g., on collecting data on overall spending overall on data on collecting In email. and help desk operations on IT human capital, financial management, real financial management, human capital, year the first IT, Within and IT. property, focused Initiative the Benchmarking of Benchmarking Initiative focused on Initiative Benchmarking functions: management key several Launched in 2013 as a part of the the the a part of in 2013 as Launched the Agenda, Management President’s 2013 FedStat / Initiative Benchmarking Management & Oversight of IT A-11 - 23 24 managing IT at an agency. For example, example, For an agency. at IT managing the CIOs, agency of in a 2011 survey (GAO) Office Accountability Government in limitations faced CIOs many that found decisions agency influence to ability their because a significant investments on IT funding is IT agency’s an of portion or the component, at and spent allocated an agency. of level, bureau POLICY PAPERS POLICY
STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE This This summary of the manage 17 agency elements of of TechnologyAcquisition Reform category OMB’s Federal overall Information an with element each matches Baseline Common (FITARA) Act element. in that improvement of and the objective ment Figure A1: Summary of Common Baseline for IT Management IT for Baseline Common of A1: Summary Figure many CIOs do not have the necessary necessary the have do not CIOs many not frequently and are authority in leaders as the key recognized management of IT. Despite statutory statutory Despite IT. of management guidance, and OMB policy requirements to serve as a senior decision-maker, decision-maker, as a senior serve to for and direction leadership providing and procurement, the development, In creating the position of the CIO, CIO, of the the position creating In person that for intended Congress Acquisition Reform Act (FITARA) and Act (FITARA) Reform Acquisition Baseline Common FITARA 2014 Technology Information Federal Management & Oversight of IT A-12 with Congress processes varied plans and commitments Agency allowing potentially detail, of in level go to weaknesses some agency unaddressed Baseline-related no Common are There Benchmarking, or in PortfolioStat, KPIs 2016 in 2015 or FedStat will OMB how is unclear It FITARA ongoing assess agencies’ implementation no government- is currently There measuring improved for wide method public outcomes mission, business, or in management improvements due to IT of with varied, has implementation Agency help to using FITARA some agencies while others bureaus, from IT centralize with on compliance primarily focus requirements reporting about agency conversation Public GAO by been driven has often progress and Congress an evaluation released OMB has not or publicly, progress each agency’s of progress agency of its evaluation shared Statutorily reinforced that CIOs have have CIOs that reinforced Statutorily all IT for and responsibility the authority an agency at a provided Baseline Common The framework government-wide standard, and improving evaluating for with IT involvement CIOs’ agency decisionmaking CIO between partnership Emphasized in expectation as a key peers and CXO management agency to commit to agencies Required to time over verifiable actions specific, management IT overall improve TechStat Dashboard, IT the Codified process sessions, and the PortfolioStat closing gaps to commitment Agency self- FITARA through identified significantly varied has assessments have and CXOs leadership Agency to implementation FITARA left often gaps require though certain the CIO, business agency to changes broader • • • • • • • • • • • • • •
Key Challenges Policy Impact FITARA and FITARA Common Baseline Common and FITARA FITARA Key Strengths POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE -assessment of current current of -assessment and to plan an implementation Create management an agency’s improve these areas. of each in practices Conduct a self Conduct four capabilities in management IT (2) formulation; (1) budget areas: acquisition; (3) execution; budget workforce; and and (4) organization • • monthly FITARA implementation meetings meetings implementation FITARA monthly on Management.cio.gov. coordinated at all agencies. OMB makes a dashboard a dashboard OMB makes all agencies. at through available progress agency of 2016, no agency had fully implemented all implemented had fully 2016, no agency and no Baseline the Common of elements implemented has been fully single element to report progress on their implementation implementation on their progress report to September As of basis. plans on a quarterly are expected to collaborate together together collaborate to expected are in the the responsibilities implement to required are Agencies Baseline. Common Resources, Financial Management, Management, Financial Resources, Acquisition) and Technology, Information OMB also emphasized that leadership leadership that OMB also emphasized Human (e.g., the agency across from agencies to: to: agencies of IT responsibilities called the “Common called the “Common responsibilities IT of and required Management” IT for Baseline In 2015, OMB translated the statutory the statutory OMB translated 2015, In a framework into FITARA of requirements IT budget, enter into IT acquisitions, or hire hire or acquisitions, IT into enter budget, IT the of without the approval CIOs bureau CIO. agency investments. Among other things, the law the law things, other Among investments. submit an not may agencies specifies that agency CIO by providing them with more with more them providing by CIO agency governance, the budget, over authority IT agency for processes and personnel Congress passed the FITARA in 2014 in 2014 the FITARA passed Congress the of role the and strengthen clarify to Management & Oversight of IT A-13 OMB launched the the OMB launched
Examples Dashboard. IT Federal make in part to Dashboard IT Federal information project IT use of smarter By the CPIC process. through reported plans and execution project turning agency summaries simple, color-coded into reports both variance, schedule and cost overall of easily more could CIOs OMB and agency Over portfolios. in IT spots trouble identify performance time, OMB incorporated into on these scores based metrics conversations. oversight overall agencies’ POLICY PAPERS POLICY
STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE The Federal IT Dashboard had a Portfolio view which illustrated the proportion of investments investments of proportion the illustrated which view Portfolio a had Dashboard IT Federal The Dashboard) IT the of redesign a across the to Federal government which prior were rated 2014, high risk July by the agency from CIO, or were (Screenshot over schedule. behind or budget Figure A3: IT Dashboard Portfolio Investment and Project Schedule Project and Investment Portfolio Dashboard A3: IT Figure intended to lead to more reliable delivery. reliable more lead to to intended common planning methods, and greater and greater planning methods, common were business cases of OMB scrutiny profile IT systems plagued the Federal Federal plagued the systems IT profile decades – increasing for government adopting these projects, of CIO oversight to the rest of the agency. A history of of history A the agency. of rest the to in high overruns budget schedule and budget,” and with a higher level of success). success). of level with a higher and budget,” projects, IT of the success improving By provides IT value the increase would CIOs and metrics in this policy area is successful successful is area in this policy and metrics “on time,” (“on projects IT of delivery in Metrics and Oversight in Metrics oversight OMB’s of objective primary The Metrics and Oversight and Metrics Emphasized Objective Primary Management & Oversight of IT A-14 While While 25 In subsequent subsequent In 26 OMB has used PortfolioStat used PortfolioStat has OMB it announced would “save the government the government “save would it announced billion.” $2.5 over OMB however, sessions, PortfolioStat evaluate these projects, revisit did not publish the results. or progress, their PortfolioStat each while Additionally, Action in PortfolioStat session results over implement to the agency for Items a complete is not there year, the coming and their items agency list of internal overall of a measurement nor status always it is not Finally, progress. agency for selected the KPIs that apparent IT Administration’s the match PortfolioStat example, in 2015 For year. priorities that measuring no KPIs were and 2016 there the FITARA of implementation agency Baseline. Common PortfolioStat. PortfolioStat. each review to 2012 since year every OMB year, Each performance. IT agency’s in to be used KPIs of a number crafts each revised are KPIs These PortfolioStat. in has been used one KPI only and year, 2012-2016. from years all five been the cornerstone have these sessions performance, agency of OMB oversight of these sessions of results the impact and While been clear. always not have year each savings” “cost OMB has cited saving these PortfolioStat, from resulting the to connected directly always not are itself. process PortfolioStat PortfolioStat of year the first example, For develop to each agency required which Plans,” Consolidation IT “Commodity POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE Recognizing that timely timely that Recognizing TechStat Accountability Sessions Sessions Accountability TechStat . incorporated TechStat results into the into results TechStat incorporated Dashboard. the IT of version current expands TechStat reporting requirements, requirements, reporting TechStat expands 2016, OMB has not November but as of but there was limited follow-up after after follow-up limited was but there impact the real evaluate to TechStat a and restores sessions. FITARA these of Items.” Agencies reported the results of of the results reported Agencies Items.” efforts, TechStat agency-led their each of OMB-led TechStat effort from the first year year first the from effort TechStat OMB-led commitments agency (2010) and tracked Action as “TechStat follow-through for investments and hold data-driven reviews. reviews. and hold data-driven investments each of the results OMB categorized used IT Dashboard cost variance, schedule variance, cost Dashboard used IT and CIO CIO evaluations, variance, IT underperforming identify to research delivered to the customer. to delivered TechStat or incremental development. Using these Using development. incremental or value of evaluation for allowed metrics Finally, beginning with PortfolioStat’s 2015 with PortfolioStat’s beginning Finally, percent what sessions, OMB measured used agile each agency at projects IT of measure how quickly IT systems made it systems IT quickly how measure delivery. to gathering requirements from delivery allows IT project teams to learn to teams project IT allows delivery meet and better feedback customer from to began PortfolioStat needs, customer success, impact, and risk. Additionally, Additionally, impact, and risk. success, rapid more that showing based on research comment into every major IT investments’ investments’ IT major every into comment to provide the CIO This allowed reporting. customer overall about the likely feedback example, the IT Dashboard incorporated incorporated Dashboard the IT example, and score CIO” Agency by an “Evaluation OMB also developed other metrics metrics other developed OMB also IT delivered if measure to designed needs. For customers’ meet would systems Customer value. value. Customer success, IT in factor the only is not delivery Management & Oversight of IT A-15 POLICY PAPERS POLICY As a part of part of As a STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE Common Baseline. Common all agencies and no agency had fully had fully and no agency all agencies the of all the elements implemented assessments reported in April 2016, no 2016, no April in reported assessments Baseline Common the of single element at implemented had been completely cio.gov. In addition, a public update is update addition, a public In cio.gov. self- agency on Based quarterly. posted progress, which is available to agencies agencies to which is available progress, implementation FITARA monthly through Management. on coordinated meetings progress and send an update to OMB. OMB. to send an update and progress this of visual dashboard a OMB makes a Common Baseline outlining 17 elements 17 elements outlining Baseline a Common an at management IT improve to designed their self-assess annually Agencies agency. Role of the CIO and FITARA. and the CIO of Role published OMB implementation, FITARA Management & Oversight of IT A-16 OMB required OMB required summarized in the FITARA Visual Toolkit Toolkit Visual in the FITARA summarized public using the same available, publicly OMB that and transparency pressure Dashboard. IT with the Federal harnessed the 2012-2014 PortfolioStat structure. structure. the 2012-2014 PortfolioStat the impact help illustrate OMB could KPI making agency by PortfolioStat of all of the status and years the over scores over assigned Items Action PortfolioStat available. publicly years the FITARA. for steps Next the meet plans to develop to agencies but has not Baseline, Common FITARA these plans of oversight incorporated OMB how It is unclear PortfolioStat. into or on FITARA, with agencies follows-up to address actions it plans to take what gaps in implementation. persistent years will mark two 2016 December but none passed the law, Congress since elements Baseline Common OMB’s of all agencies. at been implemented have on agency follow-up improve OMB could making the scores and plans by progress the impact of this shift, as it is difficult shift, as it is this of the impact of the impact evaluate to in general OMB’s of but much sessions, PortfolioStat of the importance explaining language mentioned 2012-2014 from PortfolioStat agency senior with meeting of value the involvement leadership Senior leadership. IT- to surface PortfolioStat allowed involving opportunities issues or related and missions outside programs, resources, this in Removing authority. the CIO’s of the role changed 2015 fundamentally communication. in agency PortfolioStat an annual review requires FITARA Deputy agency CIO, with each agency to similar CIO, and the Federal Secretary,
POLICY PAPERS POLICY
These These 27 STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE Data quality and completeness and completeness quality Data agency CIOs. It is difficult to evaluate evaluate is difficult to It CIOs. agency sessions with agency Deputy Secretaries Secretaries Deputy with agency sessions with meeting a quarterly to and moved Executive Involvement in PortfolioStat. in Involvement Executive began in PortfolioStat shift in significant A when OMB stopped holding annual 2015 specific data. specific data. However, this may require significant significant require this may However, general to translate standardization data project- IT into financial information systems instead of relying on CIO staff at on CIO staff relying of instead systems information. spending collect to agency the PortfolioStat. OMB could further improve improve could further OMB PortfolioStat. to with agencies working by quality data and financial budget agency to connect and agencies led to more accurate, timely, timely, accurate, more led to and agencies and Dashboard in the IT data and useful invest in complex and costly earned- and costly in complex invest systems. management value OMB between and dialogue improvements to more accurately handle in-progress handle in-progress accurately more to to agencies without requiring projects the 25-Point Plan to Reform Federal IT, IT, Federal Reform to Plan the 25-Point with OMB to worked the CIO Council requirements reporting project IT modify agencies correct them. correct agencies of release the following addition, In “data quality report” into the IT Dashboard Dashboard the IT into report” quality “data data issues and help flag potential to updates. In response, OMB worked with worked OMB response, In updates. build “submission to and GAO agencies and a warnings,” “submission validations,” shifted from reporting progress once once progress reporting from shifted monthly making continuous to year per accurate data through the CPIC process. the CPIC process. through data accurate inaccuracies discovered agencies However, they as especially data, reported in their issues continue to exist. For example, the example, the For exist. to continue issues reporting on agencies relies Dashboard IT Lessons Learned Lessons Issues. Data Management & Oversight of IT A-17 complete. - Agency CIO Agency - standardization isn’t isn’t standardization too vague on this. We We this. on vague too Performance evals for for evals Performance have broad categories categories broad have for evaluation, but the but evaluation, for The language in M-15- language The 14 and in the statute is the statute 14 and in — It’s what’s keeping us keeping what’s — It’s worked out quite as well well as out quite worked component CIOs haven’t haven’t CIOs component away from being perfect. being perfect. from away high-level cover to allow them to make make them to allow to cover high-level which depend on on actions progress the CIO organization. outside of leaders Reaction to FITARA Implementation is Implementation to FITARA Reaction Mixed. outreach OMB’s praised CIOs of number A and planning for guidance, FITARA but identified in shortcomings and implementation While oversight. devoted agencies resources significant FITARA preparing to Baseline Common implementation plans and reporting seen a not have to OMB, they information and follow-up focus on continuing strong CIOs implementation. FITARA of oversight follow-up OMB continued that reported the necessary CIOs help provide could Oftentimes, significant IT decisions are IT decisions significant Oftentimes, the CIO’s outside of the agency made in common A involvement. or control direct who those is that CIOs by theme reported with their relationships built strong have leaders other and counterparts executive being more reported have agency in their has on FITARA the focus While successful. of the CIO in a number of profile the raised has been uneven implementation agencies, work to still need agencies and many visible a more bringing the CIO to towards leadership. within the Executive role FINDING #2 POLICY PAPERS POLICY
STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE - Agency CIO Agency -
underlying problems. symptoms rather than the core the core than rather symptoms all good attempts, but we chase but attempts, all good [PortfolioStat and FedStat were] were] FedStat and [PortfolioStat n Agencies. n assigned to the CIO’s office. office. the CIO’s assigned to the historical growth of an agency, an agency, of growth the historical a CIO is a political whether position, and career or appointee control budget direct the scale of differences in mission, in mission, differences
• • • •
have reporting structures that place the place that structures reporting have design. organizational CIO in a different For example, some CIOs report directly directly report some CIOs example, For for Secretary Under the agency to while others equivalent, or Management, The role of an agency CIO varies greatly by by greatly varies CIO an agency of role The due to: typically agency, The Authority and Role of CIOs Varies Varies CIOs of and Role Authority The Betwee and oversight. FINDING #1 FITARA is the most recent effort that seeks that effort is the most recent FITARA management IT and improve address to Council (PMC), and the CIO Council. Council. (PMC), and the CIO Council and oversight centralized As a result, can be challenging. IT of management as Resource Management Offices or Offices Management as Resource Management the President’s “RMOs”), and oversight of agency IT portfolios portfolios IT agency of and oversight CIO Federal of the Office including the (known examiners budget OMB (OFCIO), government agencies. There are numerous numerous are There agencies. government in the management involved stakeholders and Findings and and prominence, power, The varies across a CIO of responsibilities Agency Observations Observations Agency Management & Oversight of IT A-18 and bureau level. This ensures that that ensures This level. and bureau the agency of all levels at management investments, IT how into visibility has managed. are and resources processes, initial of based on the review However, that submissions, it is clear FITARA agency in currently not are close partnerships establishment The agencies. many at place is and processes these relationships of in technology change drive to necessary workforce procurement, related allocation. and budget development, FINDING #4 FINDING IT Agency Improving Successfully the Requires Functions Management of the Members All of Participation Suite. Executive that changes transformational The of a number improve to place must take will functions management IT agencies’ and, most energy, resources, time, take and engagement consistent importantly, OMB, leadership, agency from oversight to integral example, For and Congress. Common the of element every nearly between partnership is a strong Baseline the agency both at peers and their CIOs POLICY PAPERS POLICY ly the the ly - Agency CIO Agency - A lot of the work I work the of lot A get the work done. done. work the get need to get done is get to need about building the right the right about building relationships in order to in order relationships STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE -assessments and and -assessments practices throughout an agency and refine refine and an agency throughout practices accordingly. those practices conduct honest assessments of agency agency of honest assessments conduct and managers, program leadership, management the IT regarding stakeholders rating on an element in the Common Common in the on an element rating to must continue Agencies Baseline. IT outcomes. That is, agencies are not not are is, agencies That outcomes. IT implementation with FITARA finished a good themselves give just because they to further refine management practices practices management refine further to positive for the potential maximize to Once an agency meets the Common the Common meets an agency Once should be the goal requirements, Baseline compliance purposes; rather, it must be purposes; rather, compliance which an agency’s by used as a framework can be measured. practices management IT Common Baseline Baseline Common as a checklist for viewed be must not the first step in a step the first process. much longer the be successful, To plans, while is merely important, The completion and submission of the of and submission completion The self initial FITARA implementation The FITARA Common Baseline is On Baseline Common FITARA The Process. Longer in a Much Step First FINDING #3 FINDING Management & Oversight of IT A-19 which allowed greater flexibility and flexibility greater which allowed forward, Moving objectives. had clearer from feedback incorporating actively assist OMB in crafting may agencies can be applied government- policies that flexibilities which contain wide, but better to individual agencies allowing in their objectives the policy’s achieve unique environment. FINDING #6 FINDING Government- Apply to Struggle Agencies Environments. Their to wide Policies government-wide noted, CIOs As many fit always not may policies and metrics in mission, vary which each agency, for Consequently, and environment. structure, policies OMB for advocated CIOs many to define the flexibility them which provide environment best fit their to an approach objectives. policy broader while advancing and seeking OMB’s that stated CIOs prior agencies feedback from incorporating in policies resulted issuing guidance to POLICY PAPERS POLICY and increasing the and increasing In burden. reporting example, a recent the Congressional scorecard FITARA emphasized can often overlap overlap can often creating conflict, or confusion agency STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE our business practices. business practices. our CIO Agency - tried to avoid “gaming” the “gaming” avoid to tried align to need We system. based on report we how different from the way I way the from different OMB business. my manage my drive doesn’t reporting business decisions, but I’ve The reporting for OMB is for reporting The milestones. themes and areas that were different different were that themes and areas FITARA in OMB’s required reporting from and self-assessments Baseline Common requests from Congress, OMB, and GAO, and GAO, OMB, Congress, from requests or the value resulting from its collection. its from resulting value the or data that reported addition, CIOs In OMB, CIOs reported that they rarely rarely they that reported OMB, CIOs is used data their on how feedback receive workarounds and manual processes. processes. and manual workarounds these from the data once Additionally, to reported mechanisms are reporting efforts. In order to satisfy OMB’s requests, OMB’s to satisfy order In efforts. intensive time utilize to have agencies CIOs have mentioned that the data data the that mentioned have CIOs from differs OMB frequently by requested collection data operational own agencies’ Agency Operations Do Not Always Align Always Not Do Operations Agency OMB Reporting. With FINDING #5 FINDING Management & Oversight of IT - . - - - A-20 ------and - https:// https://
. http://www.gao. launched “agency launched “agency 25-Point Implemen 25-Point https://cio.gov/what-is-
The The https://www.whitehouse. see https://cio.gov/drivingvalue/ . https://www.dhs.gov/sites/de https://www.whitehouse.gov/sites/ Preparation, Submission, and Execution and Execution Submission, Preparation, https://oversight.house.gov/wp-content/
12/9/2010. 25-Point Implementation Plan to Reform Federal Federal Reform to Plan Implementation 25-Point 7/1/2016. 7/1/2016. Testimony of Tony Scott, Federal Chief Information Officer, Officer, Information Chief Federal Scott, Tony of Testimony Reform, Government and Oversight on the Committee before on Subcommittee Technology, Information on Subcommittee Represen of House States United Operations, Government 11/4/2015. tatives. uploads/2015/11/Scott-OMB-Statement-11-4-FITARA.pdf GAO- GAO. by has been disputed this figure of accuracy The OMB Additional TECHNOLOGY: 15-296. INFORMATION Are Savings Portfolio Ensure to Needed Actions Agency and 4/16/2015. Tracked. and Effectively Realized gov/assets/670/669679.pdf Stats in recent years because it expected the agencies to to the agencies because it expected years in recent Stats GAO-13-524. TechStats.” agency-led of the number increase Review Executive Additional TECHNOLOGY: INFORMATION 6/13/2013. Projects. Troubled Address to Needed Sessions http://www.gao.gov/products/GAO-13-524 implications as “cost TechStat OMB described the impact of reallo and/or avoidance, cost cycle life avoidance, cost (e.g. 11/4/2016 funding)”. of cation techstat/ the ‘TechStat’ for on responsibility will take CIOs “Agency 2011.” March as of agencies within their process governance Kundra. Vivek Management. IT fault/files/publications/digital-strategy/25-point-implemen tation-plan-to-reform-federal-it.pdf Management IT Federal Reform to Plan tation in TechStats agency of the results OMB reported TechStats”; 12/2011. Moment.”. “Our 2011 presentation. a December https://www.whitehouse.gov/sites/default/files/omb/assets/ egov_docs/december2011update.pdf 3/30/2012. PortfolioStat. M-12-10. Implementing www.whitehouse.gov/sites/default/files/omb/memoran da/2012/m-12-10_1.pdf Information Federal of and Oversight M-15-14. Management 21. 6/10/2015. Page Technology. gov/sites/default/files/omb/memoranda/2015/m-15-14.pdf OMB Circular A-11: OMB Circular Budget. the of default/files/omb/assets/a11_current_year/a11_2016.pdf 6/30/2016. Guidance. Planning – Capital Budget 2018 IT FY https://www.whitehouse.gov/sites/default/files/omb/assets/ egov_docs/fy18_it_budget_guidance.pdf per key PortfolioStat to a precursor was Scorecard PMA The quarterly published was Scorecard The indicators. formance man all across performance and evaluated agency every for policy multiple IT OMB combined just IT. not areas, agement each agency for rating a single “E-Government” into areas Highlights: “Budget Archives. Presidential Bush W. George Com Sustained Reflects Update Spring Budget 2009 IT FY 9/7/2016 Delivery”. Service Improved to mitment georgewbush-whitehouse.archives.gov/omb/egov/g-9-bud get_highlights.html TechStat, on information more For techstat/ Office Accountability the Government by Report 2013 A TechStat 79 conducting “OMB reported summarized: (GAO) in 2010, 8 in 2011, 11 in occurring with 59 reviews reviews, Tech fewer in 2013. OMB conducted 2012, and one so far 20. 16. 17. 18. 19. 11. 12. 13. 14. 15. ------
. - POLICY PAPERS POLICY , well as . . https://www.dol. , Public Law No: No: Law , Public National Defense Defense National
National Defense Authorization Act Act Authorization Defense National STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE Preparation, Submission, and Execu Preparation, https://www.whitehouse.gov/sites/
The E-Government Act of 2002 of Act E-Government The https://acc.dau.mil/adl/en-US/22163/ Public Law No: 104-106: No: Law Public see Policy Chapter E: Cybersecurity Chapter Policy see . 7/2016. https://www.gpo.gov/fdsys/pkg/PLAW- https://www.whitehouse.gov/sites/default/files/ https://www.congress.gov/113/plaws/publ291/
300 of OMB Circular A-11: OMB Circular 300 of Budget the of tion default/files/omb/assets/a11_current_year/a11_2016.pdf for Fiscal Year 1996, Year Fiscal for gov/ocfo/media/regs/ITMRA.pdf in Exhibit 53 and Exhibit described, respectively, were These depend on policy and guidance from OFCIO from and guidance depend on policy 1996 of Act Reform Management Technology Information the E of 2/9/1996. Division PLAW-113publ291.pdf#page=148 and managed developed is primarily Plan Strategic GPRA The components other functions, but all CIO and IT the outside of Federal Information Technology Acquisition Reform Act Reform Acquisition Technology Information Federal the of D VIII, Subtitle Title 12/19/2014. 2015 Year Fiscal for Act (NDAA) Authorization 113-291: Public Law 107-347. Law Public 12/17/2002. 107publ347/pdf/PLAW-107publ347.pdf visions D and E of Public Law No: 104-106). The law was re was law The 104-106). No: Law Public visions D and E of 104-208,110 No: Law Public by Act named the Clinger-Cohen 3009-393 (1996) Stat. The Clinger-Cohen Act of 1996 was originally enacted as the as enacted originally was 1996 of Act Clinger-Cohen The 1996 (Di of Act Reform Management Technology Information Federal Information Technology Shared Services Strategy. Strategy. Services Shared Technology Information Federal 5/2/2012. omb/assets/egov_docs/shared_services_strategy.pdf as “Cyberspace Policy Review: Assuring a Trusted and Resilient and Resilient Trusted Assuring a Review: Policy as “Cyberspace 5/2009. Infrastructure”. Communications and Information https://www.whitehouse.gov/assets/documents/Cyberspace_ Policy_Review_final.pdf the 2009 Cyberspace Policy Review, also known as the 60-day as the 60-day also known Review, Policy the 2009 Cyberspace bureaus im that expectation the clarified specifically Review, on EINSTEIN and information more this scanning. For plement Review, the 60-day them to direct bureaus to implement network scans, but many scans, but many network implement to bureaus direct them to to leading them CIOs, on bureau influence or visibility lacked rather office, own scanning in their the automated apply only until persisted limitation This network. whole agency than the Inadequate coordination between an agency CIO and the agency an between coordination Inadequate of can also impede the implementation agency an of bureaus the that stated CIOs agency Several initiatives. cybersecurity required EINSTEIN initiative scanning network automated Government Management, Senate Governmental Affairs Com Affairs Governmental Senate Management, Government 10/12/1994. mittee. file/2121/Cohen%20Computer%20Chaos%201994.pdf Computer Chaos: Billions Wasted Buying Federal Computer Computer Federal Buying Wasted Chaos: Billions Computer Cohen, William S. Senator of Report Investigative Systems. of Oversight on Subcommittee Member, Minority Ranking https://oversight.house.gov/hearing/the-federal-informa tion-technology-reform-acts-fitara-role-in-reducing-it-acquisi tion-risk-part-ii-measuring-agencies-fitara-implementation/ Office of Management and Budget, before the Committee on the before Budget, and Management of Office Infor on Subcommittee Reform, Government and Oversight Oper Government on Subcommittee and Technology mation 11/4/2015. Representatives. of House States United ations, Testimony of Tony Scott, Federal Chief Information Officer, Officer, Information Chief Federal Scott, Tony of Testimony
10. 9. 8. 7. 6. 5. 4. 3. 2.
1. Notes Management & Oversight of IT A-21 ------https:// - POLICY PAPERS POLICY http://www.gao.gov/ http://www.gao.gov/
https://www.dhs.gov/sites/de STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE https://www.whitehouse.gov/sites/ . See also GAO-04-823. Federal Chief Chief Federal also GAO-04-823. . See
. 12/9/2010. 25-Point Implementation Plan to Reform Federal Federal Reform to Plan Implementation 25-Point https://www.performance.gov/node/3397/view?view= fault/files/publications/digital-strategy/25-point-implementa tion-plan-to-reform-federal-it.pdf stat-saving-billions-it-spending Kundra. Vivek Management IT card usage for logical access for all users” for access logical for usage card Spending. 10/24/2012. in IT Billions Saving PortfolioStat: https://www.whitehouse.gov/blog/2012/10/24/portfolio The HSPD-12 “Strong Authentication” KPI has been included KPI Authentication” HSPD-12 “Strong The of the though the labelling PortfolioStat, of years in all five PIV which require systems of “Percentage varied: has metric M-15-14. Management and Oversight of Federal Information Information Federal of Oversight and M-15-14. Management 6/10/2015. Technology. default/files/omb/memoranda/2015/m-15-14.pdf assets/590/585305.pdf Relationships, Reporting Responsibilities, Officers: Information 7/21/2004. and Challenges. Tenure, products/GAO-04-823 GAO-11-634. Federal Chief Information Officers: Oppor Officers: Information Chief Federal GAO-11-634. Technology Information Role in Improve tunities Exist to 29-30. 9/15/2011. Pages Management. Improve Mission-Support Operations”. Quarterly Progress Up Progress Quarterly Operations”. Mission-Support Improve date. public#progress-update www.whitehouse.gov/sites/default/files/omb/memoran da/2015/m-15-11.pdf and Benchmark Goal: Priority “Cross-Agency Performance.gov. M-15-11. Fiscal Year 2017 Budget Guidance. 5/1/2015. 5/1/2015. Guidance. 2017 Budget Year Fiscal M-15-11. 27. 26. 25. 24. 23. 22. 21. POLICY PAPERS IT Infrastructure Modernization
“Many Federal departments and agencies rely on aging computer systems and networks running on outdated hardware and infrastructure that are expensive to operate and difficult to defend against modern cyber threats.” — Federal CIO Tony Scott1
Summary Federal spending on IT Infrastructure has been growing year- “ to-year, roughly at the same pace as other IT spending. Of the $88.7 billion in Federal IT spending planned for fiscal year 2016, approximately $34.7 billion (43%) is to be spent on IT Cost infrastructure.”2
Inconsistent and changing metrics result in high compliance costs for agencies and make it difficult to measure and report the true cost of maintaining Federal IT infrastructure. Accountability Many CIOs cite their agency’s dated and obsolete IT infrastructure as an obstacle to meeting the rising expectations of citizens, employees, and other customers. Major transformative projects Risk are needed to address these issues.
IT policy and appropriations law currently does not allow agencies to redirect operations and maintenance funding to update the IT systems that directly support their mission and goals. Policy
STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 B-1 IT Infrastructure Modernization B-2 In the late 1990s, engineers 1990s, engineers the late In 5 users access more bandwidth-intensive bandwidth-intensive more access users agency aging cloud-based services, to can struggle infrastructure network improved As a result, the demand. meet infrastructure IT agency of management government- for focus has been a major years recent and policies in wide initiatives expensive, to a less a transition facilitate to IT and customer-focused secure, more environment. In addition, the increased cost of of cost the increased addition, In infrastructure IT an older maintaining embark to ability agencies’ away can take activities. IT and innovative upon new repeatedly the government across CIOs as a roadblock aging infrastructure cited to an obstacle and as innovation to and of citizens expectations meeting as agency example, For employees. agency
IT 4 POLICY PAPERS POLICY Transition to IPv6 Transition and 3 STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE Increasing the number of available IP addresses IP available of the number Increasing Internet the through can be transmitted the addresses way the Simplifying techniques bandwidth optimization Incorporating of use. ease for authentication cryptographic Embedding • • • •
top down support and leadership from the Federal CIO and agency CIOs is critical. CIOs CIO and agency Federal the from support and leadership down top Government-wide adoption of IPv6 everywhere is imperative to maintain and enhance service to the service and enhance to maintain is imperative everywhere IPv6 of adoption Government-wide IPv6 of the success To ensure world partners. with sustaining communication as well public as general The Federal government is currently in the process of adopting IPv6 for all network-enabled devices. devices. all network-enabled for IPv6 adopting of in the process is currently government Federal The improvements such as: improvements support the enormous growth of devices connected to the Internet. to connected devices of support the enormous growth which enabled multiple 6 (IPv6), version Protocol, Internet generation designing the next commenced Legacy Internet Protocol version 4 (IPv4), which was first described in 1981, is no longer able to able described in 1981, is no longer first was which 4 (IPv4), version Protocol Internet Legacy
develop a strong cybersecurity posture. cybersecurity a strong develop without a modern IT infrastructure that that infrastructure without a modern IT be which can easily includes systems to difficult very it is and updated, patched logical framework upon which a modern upon framework logical example, can be built. For enterprise continues to increase at a steady pace. at a steady to increase continues all other nearly underpins infrastructure and the physical providing areas, policy IT (ranging from 30-50 percent) from (ranging spending in this area government-wide cloud systems, and other infrastructure. infrastructure. and other cloud systems, a major comprises infrastructure IT spending IT Federal overall of portion mission objectives. This equipment This equipment mission objectives. devices, end user centers, includes data Agencies rely on physical information information on physical rely Agencies them provide to equipment technology their for support operational with direct Overview Overview IT Infrastructure Modernization Infrastructure IT IT Infrastructure Modernization B-3 7 Figure B2: IT Infrastructure and all other IT IT all other and Infrastructure B2: IT Figure DOD) (Excluding Time Over Spending In recent years OMB pushed to move pushed to move OMB years recent In Federal With the cloud. to agencies $2 spend over to projected agencies out services billion on cloud computing spending $80 billion in IT of a total of more clearly are 2016, there in FY cloud-based opportunities to adopt see agencies while However, solutions.¹¹ cloud-based solutions in adopting value in doing challenges face to continue they procurement Federal so. Longstanding long-term, towards policies, geared always do not investments, large-scale agile incremental, support the more additional buy (e.g., only model acquisition POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE creates unnecessary expenditures.¹⁰ expenditures.¹⁰ unnecessary creates growth in the number of Federal data data Federal of in the number growth and services similar offering many centers, that duplication of a source as resources” of Federal data centers.⁹ The Government Government The centers.⁹ data Federal of “the has cited (GAO) Office Accountability a day, seven days a week. Over the years, years, the Over week. a days seven a day, IT demand for Government’s the Federal rise in the number a dramatic has led to salaries of the employees who operate who operate the employees salaries of run 24 hours which typically these centers, money spent on Federal IT infrastructure.⁸ infrastructure.⁸ IT on Federal spent money and hardware purchase to have Agencies the pay facilities, and for pay software, Government spending on data centers centers spending on data Government of the portion a significant represents Figure B1: IT Infrastructure Spend FY 2016 FY Spend Infrastructure B1: IT Figure DOD)⁶ (Excluding IT Infrastructure Modernization B-4 (Dollars in Millions) (Dollars 13 Finally, the need for upfront capital capital upfront need for the Finally, to adhere to investment and planning with align does not cycles budget Federal which, in turn, innovation of the pace of creation The adoption. of pace the slows provides Fund (ITMF) Modernization an IT creating By forward. a possible path IT mechanism for funding a central agencies can help it efforts, modernization cycles, long budget around work to reprogram and procurements, streamline infrastructure. IT modernize funding to center data with ongoing combination In computing cloud and optimization proposed) (as currently ITMF initiatives, the modernization help drive could achieve and infrastructure aging IT of cost savings. significant POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE requires the usage the usage requires 12 Figure B3: Total Cloud Spending for Top 10 Civilian Agencies, FY 2016 Spending FY Agencies, 10 Civilian Top for Cloud Spending Total B3: Figure tenancy and data sovereignty continue to continue sovereignty and data tenancy be issues. take precedence. Additionally, the risk of of the risk Additionally, precedence. take multi- around and concerns lock-in vendor based providers were TIC-compliant, TIC-compliant, were based providers complicated further was and the issue should which policy over uncertainty by Security. A number of agencies stated that that stated agencies of number A Security. cloud- their whether as to unclear was it of specific government and commercial commercial and government specific of checks validation with providers, access Homeland of the Department by provided implementation of Trusted Internet Internet Trusted of implementation (TIC) Connections are a number of standing policies that that policies standing of a number are to a cloud- with moving conflict may the example, For environment. based capacity when it is needed) offered by by offered needed) it is when capacity there Furthermore, providers. cloud IT Infrastructure Modernization
B-5
Cloud First Authorization and Risk Federal Program Management Center Data Initiative Optimization IT Infrastructure Optimization Optimization Infrastructure IT Business of (ITI) Line and Architecture Enterprise Infrastructure Centralizing Center Data Federal Initiative Consolidation - Directs agencies to inventory their their inventory to agencies - Directs on consolidating guidance - Provides — 2015 pre- 2011 2011 2016 2006 2009 2010 Agencies should identify three services which “must services three identify should Agencies and evaluate within 18 months the cloud to move” investments. new/enhanced cloud for with and risk management standards Integrates to approach standardized “a provides Cloud First, continuous and authorization, assessment, security and services.” cloud products for monitoring Consolidation Center Data the Federal Updates in FITARA. requirements based on (FDCCI) Initiative PUE, CM, and centers, data on tiered Refocuses cost to metrics, in addition optimization other and closures. savings Develops common government-wide performance performance government-wide common Develops best identifies and costs, levels service for measures IT agency for guidance and provides practices, plans. transition infrastructure case and business major the infrastructure Defines manage to architecture enterprise Federal use of the agency. across 2010 Memo to plan, and a consolidation develop centers, data and cloud alternatives. virtualization evaluate 2011 Memo operations of and the movement centers data “core” centers 800 data of the closure them. Specifies into 2015. by Key Initiatives Key POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE
cloud have topped the IT modernization modernization the IT topped cloud have agenda. bureau-level view). Over the last several the last several Over view). bureau-level and consolidation center data years, to the resources moving and optimization, business cases to take an enterprise-wide an enterprise-wide take to business cases a (versus infrastructure IT their of view a focus for agencies and OMB. Earlier Earlier and OMB. agencies for a focus Enterprise of included the usage efforts and consolidated roadmaps Architecture and the effective management of management effective and the been has long investments infrastructure Policy Evolution Policy systems IT legacy of modernization The IT Infrastructure Modernization B-6
Established government-wide government-wide Established IT of migrations agency for assistance infrastructure performance common Defined and metrics standards so impact optional, was Participation already agencies to limited was infrastructure in investing proactively improvements require did not structure Governance agency buy-in from significant to operate effort allowing leaders, but diminishing independently of and usefulness the applicability developed standards a baseline discussion of Established performance and services infrastructure models consistent, to capture effort Early to relating metrics standardized categories infrastructure common • • • • • •
IT Infrastructure Optimization Infrastructure IT Business Line of Key Strengths Key Challenges Policy Impact POLICY PAPERS POLICY
15 This initiative initiative This 14 STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE adoption of best practices. of adoption mechanism at GSA, ITI LoB also assisted also assisted LoB ITI GSA, mechanism at and the migrations with their agencies services and support, telecommunications support, telecommunications and services support, and end user and systems coordination a central Through systems. for provider service levels in infrastructure in infrastructure levels service provider for and server such as mainframe areas consolidation and optimization in an effort in an and optimization consolidation savings. cost achieve to measures common performance defined designed to examine the government- examine to designed infrastructure IT for wide opportunities Line of Business (LoB) Business Line of was ITI LoB in 2006, the Established 2006 2006 (ITI) Optimization Infrastructure IT IT Infrastructure Modernization B-7
the contrary, many consolidated consolidated many the contrary, in remain investments infrastructure portfolios IT agency Enterprise OMB still houses the Chief been a major not has but EA Architect, OMB management of component years recent priorities in has on EA focus OMB’s While its of many that diminished, given still active, are policies and guidance to spend significant continue agencies compliance on effort efforts current connected OMB has not such as infrastructure, IT modernize to with the Initiative, Modernization the IT policies EA or community EA existing Creating an EA established processes, processes, established an EA Creating for a framework and vocabulary, just not enterprise, IT building an individual efforts separate identifying for a tool Provided investments and overlapping redundant infrastructure that Emphasized are each agency throughout operations could be managed and similar relatively manner in a cross-cutting community architecture enterprise The other with communicating had trouble EA of value about the executives seen as document- were efforts EA than rather and compliance-oriented, objectives the management guided by the agency of infrastructure IT consolidated Large details the obscure business cases may performance or budget potential of issues OMB to from guidance Despite • • • • • • • • • •
Policy Impact Enterprise Architecture and Architecture Enterprise Infrastructure Centralizing Key Strengths Key Challenges POLICY PAPERS POLICY 18 STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE other foundational policy policy foundational other 17 state. state. to required were agencies Second, major a single consolidated create IT entire their business case for portfolio. spending infrastructure Architecture¹⁶ plans that described described that plans Architecture¹⁶ operated, currently each agency how in operate to it intended how it planned to and how the future, future to the envisioned transition First, agencies were required to to required were agencies First, Enterprise agency-wide develop • • enterprise architecture. enterprise efforts to consolidate commodity IT as IT commodity consolidate to efforts as 2011, late use of on the silent largely are documents agency’s portfolio. While enterprise enterprise While portfolio. agency’s support to directed were architects agency’s overall approach to acquisition, acquisition, to approach overall agency’s and business decisions architecture, the across infrastructure IT regarding The goal was to improve visibility into an into visibility improve to was goal The infrastructure at each agency in two in two each agency at infrastructure ways: primary in the ITI LoB, OMB also encouraged also encouraged OMB LoB, in the ITI IT planning for central deliberate more Centralizing Infrastructure Centralizing efforts government-wide to the addition In Pre-2009 Pre-2009 and Architecture Enterprise IT Infrastructure Modernization
B-8 21 Annually update their asset inventory inventory asset their update Annually made on the progress and report the agency implementing toward plan. consolidation Submit an inventory of each agency’s each agency’s of inventory an Submit centers; data data consolidate a plan to Develop and centers; — Federal CIO Vivek Kundra, 2011 Kundra, Vivek CIO — Federal • • • Figure B4: From GAO, Agencies’ Total Number of of Number Total Agencies’ GAO, B4: From Figure Closures Planned and Completed, Centers, Data 2015) November of 2019 (As FY through to: required were agencies the FDCCI, Under
20 POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE make government services work better for the American people,” American the for better work services government make FDCCI Goals FDCCI OMB set a target goal of closing of goal a target OMB set 19 Shift IT investments to more efficient efficient to more investments IT Shift technologies. and platforms computing footprint of government data centers; centers; data government of footprint hardware, center data of the cost Reduce and operations; software, posture security IT the overall Increase and the government; of Promote the use of green IT by reducing reducing by IT green the use of Promote estate and real energy the overall for infrastructure, real estate and energy. At the same time, it will improve the will improve time, it the same At and energy. estate real infrastructure, for security of government data and allow us to focus on leveraging technology to to technology on leveraging focus to us and allow data government of security “With data centers that run as large as three and a half football fields, shutting football and a half three as that run as large centers “With data down excess data centers will save taxpayers billions of dollars by cutting costs cutting by dollars billions of taxpayers will save centers data excess down • • • • and $5 billion — both by the end of 2015. the end of by and $5 billion — both agencies had previously identified (initial (initial identified had previously agencies centers), 800 data consolidating of goal $3 between savings cost and estimated savings. centers data the Federal of 40 percent centers, improve the government’s the government’s improve centers, data Federal reduce posture, cybersecurity cost and achieve usage, energy center Center Consolidation Initiative (FDCCI) (FDCCI) Initiative Consolidation Center data Federal redundant consolidate to Initiative (FDCCI) Initiative Data the Federal launched 2010, OMB In 2010 — 2015 — 2015 2010 Consolidation Center Data Federal IT Infrastructure Modernization B-9
22
closures to evaluating various evaluating to closures PortfolioStat metrics in optimization amongst many confusion led to agencies cost agency in achieving Successful or consolidation due to savings over centers data of their optimization the effort of the life to move to looking CIOs Agency providers infrastructure IT alternative in investment justify to used FDCCI (e.g., cloud providers to new migration alternatives) a favor now they that reported CIOs closing whether of analysis cost-benefit a sound business decision was a facility of counts reducing than simply rather facilities Consolidation targets provided agencies agencies provided targets Consolidation objective defined a clearly on attention level executive Provided issues infrastructure IT core as a data “count” to what over Debates establish to efforts hampered center measure to a meaningful baseline progress the number on reducing focus The the from distracted centers data of infrastructure of objectives broader modernization spending their track do not Agencies facilities, center on individual data cost to project hampering efforts based on consolidation savings activities cost “total in a universal Investment agency estimate to tool ownership” of was center spending on each data to related challenges due to cancelled and completeness accuracy data counting simply from metrics Shifting • • • • • • • • • •
Federal Data Center Consolidation Center Data Federal (FDCCI) Initiative Policy Policy Impact Key Strengths Key Challenges POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE data centers and achieving cost savings. savings. cost and achieving centers data definitions and metrics used in FDCCI, it metrics used in FDCCI, and definitions consolidating of focus the central retained (DCOI), discussed later in this chapter, in this chapter, discussed later (DCOI), the by laid built upon the foundation was the of some shifted DCOI While FDCCI. FDCCI memo. It is important to note that that note to is important memo. It FDCCI Initiative Optimization Center the Data community, a conversation that continues continues that a conversation community, of the codification due to this day to in the original the requirements of many kickstart an important conversation about conversation kickstart an important IT the Federal throughout infrastructure IT closure counts are. counts closure did the FDCCI these challenges, Despite not result in cost savings. Furthermore, Furthermore, savings. in cost result not changed centers data of as the definition agency precise how time, it is unclear over containing localized telecommunications telecommunications localized containing which might of the closure equipment, that progress was. This was due in large in large due was This was. progress that data agency many that the fact part to closets” small “server actually were centers While progress was made in closing data data in closing made was progress While of impact the what is unclear it centers, IT Infrastructure Modernization B-10
26 Requirements were loosely defined defined loosely were Requirements shift three to - the requirement provide did not services “must move” agencies how for guidance sufficient targets appropriate identify might significant of no evidence was There policy Cloud First on the follow-through budget IT example, For requirements. did year fiscal the next for guidance their identify to agencies require not it is As a result, services. “must move” fulfilled the actually agencies if unclear the policy of requirements budget to accept OMB continued non- of expansion agency for requests or with no explanation cloud systems the despite consequences, negative principle “Cloud First” cloud prioritize chose to Agencies in impact services low for migrations services” “three OMB’s meet to order target not for the policy faulted CIOs Agency to follow-through sufficient providing business practices their change truly Provided CIOs with the necessary “top “top with the necessary CIOs Provided cloud adoption more push for to cover” shift CIOs’ began to in mindset Change servers traditional from thinking away services cloud-based to and mainframes way systematic in a more • • • • • • • Cloud First Cloud First Key Challenges Policy Impact Key Strengths Cloud First was reemphasized in the reemphasized was First Cloud Strategy, Cloud Computing Federal the articulated which in 2011, released tradeoffs and considerations, benefits, agencies. for cloud computing of a decision also provided strategy This other and case examples, framework, in support agencies could that resources solutions. to cloud-based migration their POLICY PAPERS POLICY
25 STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE A key initiative in the in the initiative key A 24 The primary argument in the report in the report argument primary The 23 cloud solution within 12 months and the within 12 months cloud solution within 18 months.” two remaining move” services, where “at least one least “at where services, move” a to migrate must fully services the of solutions whenever a secure, reliable, a secure, whenever solutions OMB exists.” option cloud cost-effective “must three identify to agencies told 25-Point Plan was the “Cloud First” policy policy the “Cloud First” was Plan 25-Point IT new for agencies, which required cloud-based to “default to deployments, Plan to Reform Information Technology Technology Information Reform to Plan Management. In December 2010, the Administration Administration 2010, the December In Implementation launched the 25-Point their staff to focus more time on agency agency time on focus more to staff their mission goals. key services. Agencies could then use the could Agencies services. key within available most modern infrastructure allowing sector, and private the government asserted that, by using provisioned cloud using provisioned by that, asserted could more agencies services, computing for in demand with spikes deal effectively service providers, at reduced costs and costs reduced at providers, service also It infrastructure. modern IT on more Federal agencies to move away from owning from away move to agencies Federal and directly, equipment their and operating external from leasing equipment towards cloud. allow could cloud computing that was State of Public Sector Cloud Computing, Cloud Sector Public of State to agencies for laid out the argument that to the operations agency on moving focus Along with the FDCCI initiative, the initiative, FDCCI with the Along in 2010 titledreport a issued Administration 2011 First Cloud IT Infrastructure Modernization B-11 30 29 FedRAMP has successfully created a created has successfully FedRAMP cloud- for baseline security common medium, and the low, at based services high levels [11/2/2016] has currently program The 77 cloud-based services, authorized 49 “in process” with another in government- year $70 million per the reuse through avoidance wide cost the since authorizations FedRAMP of launch program’s Vision of providing a one-stop shop for shop for a one-stop providing Vision of providers cloud approved identifying safely for a framework agencies gave services cloud adopting approach risk management Unified security of set a common provides cloud for and controls standards services is nearly timeline approval average The in significant resulting 18 months, services in adopting delays conduct their must still CIOs Agency even evaluations risk internal own services on FedRAMP-approved of the some negating adoption, before gains potential approvals maintaining for path Unclear management data and as technical providers approved of characteristics time over change they whether unsure are agencies Some not which are use cloud services may FedRAMP-approved yet • • • • • • • • • Federal Risk and Authorization Management Management Authorization and Risk Federal (FedRAMP) Program Policy Policy Impact Key Strengths Key Challenges POLICY PAPERS POLICY The program The program 28 STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE Figure B5: Example View of the FedRAMP Dashboard the FedRAMP of View Example B5: Figure FedRAMP was set up up set was FedRAMP 27 requirements agreed upon by the Federal the Federal upon by agreed requirements and agencies. departments cloud provider’s cybersecurity posture. posture. cybersecurity cloud provider’s are based on a unified risk Certifications includes security that process management and money that individual agencies would would individual agencies that and money a spend on assessing to have otherwise providers with a single accreditation that that with a single accreditation providers The all agencies. by be accepted could time the reduce is to FedRAMP of goal cloud computing services among Federal Federal among services cloud computing cloud service providing by agencies and continuous monitoring for cloud for monitoring and continuous services. and products of the adoption facilitate to is intended to provide a standardized approach approach a standardized provide to authorization, assessment, security to handling cybersecurity risks and Federal risks and Federal handling cybersecurity Act Management Security Information (FISMA) rules. accelerate cloud adoption across the the across adoption cloud accelerate while appropriately Government Federal Management Program (FedRAMP) (FedRAMP) Program Management to launched was 2011, FedRAMP In 2011 Authorization and Risk Federal IT Infrastructure Modernization B-12 lifecycle, so it is difficult to evaluate the evaluate so it is difficult to lifecycle, impact thus far Implements FITARA’s statutory statutory FITARA’s Implements metrics, center data for requirements and management reporting, public and to the information Provides a at and targets on progress Congress level and agency government-wide conversation the to shift Continues closures center data counting from performance achieving towards savings and cost improvements an for build the foundation to Begins market services shared Federal internal services infrastructure IT interagency of the that found have agencies Some most centers data of characteristics reflected well not are them to important metrics optimization in DCOI’s high whether unclear remains It optimization in DCOI’s performance into translate will reliably metrics infrastructure a modern operating in the initiative’s early very is still It • • • • • • • Data Center Optimization Initiative (DCOI) Initiative Optimization Center Data Impact Key Strengths Key Challenges Policy POLICY PAPERS POLICY The DCOI DCOI The 32 31 STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE shared service; and service; shared data to close efforts Continuing savings. cost and report centers Adding new optimization metrics, optimization new Adding usage on power including a focus metering; and energy effectiveness of with the operation GSA Tasking and Business of Line Center a Data Moving from “core and non-core” and non-core” “core from Moving industry-standard to centers data centers; data “tiered” • • • • Optimization Initiative (DCOI). Initiative Optimization FDCCI the previous of focus the shifted by: efforts clarify the data center objectives of of objectives center the data clarify Center OMB launched the Data FITARA, investment and cost savings. and cost investment to further 2016, in an attempt August In consolidate and optimize data centers, centers, data optimize and consolidate for and a timeline metrics performance of calculations yearly activities, and agency annual reports that include: data center center data include: that annual reports to strategies multi-year inventories, other things, codifies and builds upon and builds upon things, codifies other Under FDCCI. the of the requirements submit to required are agencies FITARA, Technology Acquisition Reform Act Reform Acquisition Technology was which, enacted, among (FITARA) (DCOI) Information Federal 2014, the In 2016 Initiative Optimization Center Data IT Infrastructure Modernization B-13 Over time, OMB has Over 35 in ways that generated additional cost additional generated that ways in Total a OMB developed reductions. the estimate to tool Ownership of Cost but closures, facility from resulting savings it to their applying had difficulty agencies environment. $4.6 OMB has reported Nonetheless, center data due to billion in savings has questioned although GAO closures, of completeness and the accuracy these estimates. on focus to approach the FDCCI evolved consolidation, than rather optimization targets specific closure from away moving performance specifying overall and more as to freedom more giving agencies goals, those goals. achieve to how Examples and optimization. consolidation center Data cost drive to sought OMB FDCCI, Through data of reducing number the by efficiencies OMB Initially, government-wide. centers planned and actual of the number tracked Key as a PortfolioStat closures center data However, (KPI). Indicator Performance by centers additional data of discovery of the and OMB modification agencies, in the resulted center data of definition increasing, inventory overall government’s as Additionally, closures. agency despite expanded was center data of the definition such as server facilities, include smaller to increase able to were agencies closets, necessarily but not rate closure their
33 POLICY PAPERS POLICY
34 STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE (34.6% in 2010 to 34.3% in 2017). (34.6% in 2010 to reform initiatives, the portion of spending the portion initiatives, reform IT Federal overall versus Infrastructure on IT constant relatively spending has remained have been reported through data center center data through been reported have other and PortfolioStat, consolidation, initial PortfolioStat (2012), it was replaced was (2012), it PortfolioStat initial years. FTE in subsequent spending per by $8.1 billion of while savings Notably, Infrastructure (Part 2) versus the overall the overall versus 2) (Part Infrastructure in the included was this While spend on IT. process as the primary mechanism as the primary process spending infrastructure tracking for on IT spent – measuring the amount efforts. has used the CPIC OMB traditionally funding from infrastructure to new new to infrastructure funding from mission-focused and/or development providing better service, measurement measurement service, better providing cost focused on primarily above efforts shifting of intent the overall with savings a number of goals, such as improving as improving such goals, of a number and operations, streamlining security, in Metrics and Oversight in Metrics have efforts Infrastructure IT While Metrics and Oversight and Metrics Emphasized Objective Primary IT Infrastructure Modernization B-14 OMB tracks the amount the amount OMB tracks its government-wide target for cloud for target its government-wide meet no agencies currently computing; FedRAMP at OMB also looked level. that adopting success for proxy as a utilization until the solutions, but cloud computing Dashboard, the FedRAMP 2016 launch of of level the evaluate difficult to was it for packages FedRAMP of re-use agency authorizations. additional cloud provider Cloud computing. Cloud computing. computing on cloud spending IT of savings report but does not investments, cloud to to migrations due specifically focus has been the Rather, computing. cloud computing to on driving agencies cloud- that assumption with the services, yield benefits, intrinsically based services As such, OMB savings. cost primarily each agency’s of the percentage tracks as a computing spending using cloud IT In the past, OMB instead KPI. PortfolioStat investments of the percentage measured to prior and using cloud computing, investments of the percentage that, As a part cloud computing. considering 15% as set OMB 2016 PortfolioStat, of POLICY PAPERS POLICY In 2011, OMB 2011, OMB In STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE 36 2012. for comparison. Total savings of $3.4 billion $3.4 of savings Total comparison. for PortfolioStat due to been reported have FY since initiatives reform and other taking advantage of the relative similarity similarity the relative of taking advantage contracts service cellular agency between specific commodity IT efforts. OMB did efforts. IT commodity specific spending in contract mobile emphasize savings, potential for as an area particular definition of the areas of commodity IT commodity of areas of the definition to savings attribute made it difficult to part to reduce infrastructure spending. infrastructure reduce part to in PortfolioStat tracked was this While the regarding 2012-2014, ambiguity began to focus on consolidating and on consolidating focus to began in IT, commodity of the use rationalizing Commodity IT consolidation. consolidation. IT Commodity IT Infrastructure Modernization B-15 38 emphasized server virtualization and power power and virtualization server emphasized agency those original effectiveness, usage been relevant. no longer have plans may model, DCOI the current forward, Moving by control greater agencies which gives goals outcome-oriented higher-level, setting provide can optimization, around centered focusing by Additionally, example. a good precise is less need for there on outcomes, terms andprocesses.of definitions a strong connection to agency mission and mission to agency connection a strong to reluctant been have agencies objectives; increase to simply computing cloud in invest cloud spending on their of the percentage could develop example. OMB for solutions, of measure outcome-oriented a more evaluate use to to infrastructure modern IT truly are environments agency whether and mission- cost-efficient more becoming focusing on selecting by Similarly, effective. risk OMB runs the processes, and defining which agencies to signaling an approach of information. based upon new it then revises FDCCI initial agency many example, For reducing focused on plans consolidation when new so facilities, of the number that announced were metrics optimization POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE Figure B6: Federal Spending on IT Infrastructure (Percentage of Total IT Spending), 2001-2017 Spending), IT Total of (Percentage Infrastructure on IT Spending B6: Federal Figure like percentage of cloud spending, of percentage like lacked have measurements infrastructure ambiguity. on metrics focusing by Moreover, between percentage of total spending total of percentage between of percentage versus employee per versus this to contributed have investments IT times over the years, creating a new IT new a creating years, the over times metrics varying and exhibit, infrastructure have made it difficult to understand made it difficult have over improved have agencies whether multiple center data Redefining time. the start of FDCCI. Changes to definitions to Changes FDCCI. the start of infrastructure IT of used in measurements in achieving PortfolioStat savings.”³⁷ For For savings.”³⁷ PortfolioStat in achieving complete have did not agencies example, to prior centers data their of inventories in OMB and agencies’ reporting make make reporting in OMB and agencies’ progress measure reliably to it difficult the lack of consistent baseline data as data baseline consistent the lack of time. over in definitions as changes well summed it up, “Inconsistencies As GAO reform initiatives, efforts to measure cost measure to efforts initiatives, reform by both been challenged have savings have been reported through data center center data through reported been have other and PortfolioStat, consolidation, Lessons Learned Lessons $8.1 billion of savings while Notably, IT Infrastructure Modernization
B-16 — Agency — Agency CIO different from the way I way the from different The reporting for OMB is for reporting The on our business practices on our reporting doesn’t drive my my drive doesn’t reporting tried to avoid “gaming” the “gaming” avoid to tried business decisions, but I’ve business decisions, but I’ve manage my business. OMB my manage system. We should align how should align how We system. we report to OMB based upon to report we a standard modern infrastructure to build to infrastructure modern a standard own their charted have agencies toward, used mission and budget and have paths modernization. drive to requirements secure identity identity secure management. However, CIOs several government- current that commented in this and metrics collections wide data with the business align do not area policy CIOs to According agency. their needs of efforts oversight recent interviewed, do not that on metrics focused have IT an agency’s whether measure directly modern services. enables infrastructure have metrics these oversight Instead, savings, and cost closures from varied to utilization, and technical physical to reported, Yet as CIOs efficiency. energy measure necessarily do not these metrics an outdated replacing toward progress which better with one infrastructure IT of the absence needs. In supports agency FINDING #1 FINDING IT Modernizing to Approach Current Align Necessarily not Does Infrastructure Needs. Agency with IT outdated identified CIOs Agency progress, as an obstacle to infrastructure and mission impacting operational digital modern offering including: goals employees’ the public, meeting to services use, about mobile device expectations providing modern collaboration and tools, enabling
POLICY PAPERS POLICY — Agency — Agency CIO We had to increase the increase had to We collaboration tools or VTC tools or collaboration STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE get to email as services. I don’t I don’t email as services. to get have the bandwidth to the support bandwidth to have bandwidth four times in order to times in order bandwidth four
inconsistent metrics have made it difficult have metrics inconsistent data the necessary capture to agencies for proress. evaluate to required infrastructure. infrastructure. addition, In that are are that necessitated aging IT by or deployment deployment or processes agile development methodologies or use or methodologies agile development tools collaboration software-as-a-service bandwidth constraints Internet because of of digital services. For example, some example, For digital services. of it difficult to adopt found have agencies roadblock to innovation and as an innovation to roadblock of expectations the meeting obstacle to customers other and employees, citizens, CIOs across the government repeatedly repeatedly the government across CIOs as a significant aging infrastructure cited seen a corresponding improvement in the improvement seen a corresponding capabilities, effectiveness, functionality, infrastructure. of that and efficiency sums on Federal data centers, many many centers, data sums on Federal not have they that reported agencies Findings on IT money more spending Despite including substantial infrastructure, Agency Observations and Observations Agency IT Infrastructure Modernization B-17 deliver mission-critical services. For For mission-critical services. deliver the part of (a cards PIV while example, supports Federal that infrastructure been have efforts) management identity did issuance 2005,³⁹ their since around the until traction significant gain not in 2015. Sprint Cybersecurity FINDING #3 FINDING Leadership Gets Only Infrastructure Fails. It When Attention agency that indicated CIOs Many on mission focus to tends leadership While initiatives. IT and customer-facing IT this can mean that understandable, seen as priority is not infrastructure affect issues that fails, creating it until losing such as mission performance, email functionality. or access Internet the provides as infrastructure However, the operation for backbone required IT an enterprise of and management to it enables agencies environment,
POLICY PAPERS POLICY — Agency — Agency CIO any trend analysis. trend any I need to go through an through go to I need STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE changes their metrics, I can’t I can’t metrics, their changes automate the data collection. collection. the data automate manual process. Plus I can’t do I can’t Plus manual process. expensive and time-consuming time-consuming and expensive I have to get 10 centers to give give to 10 centers get to I have me their data. Every time OMB time Every data. their me changing environment. strike the balance between consistency consistency between the balance strike to and adapting year-over-year metrics of on the right outcomes, especially given given especially outcomes, on the right Going technologies. of evolution the rapid will need to and agencies OMB forward, there is good reason to update the metrics the metrics update to reason is good there government-wide efforts focus better to report significant significant report and automating in developing costs cases in many Nonetheless, reporting. specific metrics specific metrics used, agencies utilization. Additionally, the of regardless effectiveness effectiveness space and floor FDCCI) may now be underperforming be underperforming now may FDCCI) on focus that metrics oversight in new utilization power year efforts to establish powerful modern to establish powerful efforts year in the encouraged (as centers data “core” to evaluate agency progress in data centers centers data in progress agency evaluate to priorities signaled different often have began multi- that Agencies agencies. to opportunities and challenges. For example, For opportunities and challenges. used metrics in the oversight the changes agencies must balance where they expect expect they where must balance agencies to be multiple and priorities focus OMB’s own with the agency’s the road down years multi-year planning horizon for Federal Federal for planning horizon multi-year processes, and procurement budgeting infrastructure given what they considered considered they what given infrastructure and metrics in changes frequent be to the of Because requirements. reporting Several CIOs expressed challenges in challenges expressed CIOs Several for guidance government-wide following Changes in Messaging and Oversight and Oversight in Messaging Changes from Agencies Can Discourage Metrics Action. Taking FINDING #2 FINDING IT Infrastructure Modernization B-18 FINDING #5 FINDING to the Potential Have Tools New and Infrastructure Savings Cost Accelerate Rationalization. continuous as such tools of application The have metering and power monitoring in modern savings significant also led to significant can lead to This centers. data scale, of in economies improvements security effective efficiencies, procurement and development and application controls, schedules. deployment POLICY PAPERS POLICY — Agency — Agency CIO is certified” or “that app is or is certified” that would be very helpful. very be would that other agency’s ATO to start, start, to ATO agency’s other top of it. If we can use some can we it. If of top STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE FedRAMP says “that platform platform “that says FedRAMP certified”, but each agency still agency but each certified”, has to have their own ATOs on ATOs own their have to has address this issue. address though forthcoming improvements to to improvements though forthcoming to intended in 2016 are FedRAMP.gov other agencies’ agencies’ other and ATOs FedRAMP, through packages authorization they have been been have they find unable to complete ATO. ATO. complete CIOs Numerous that mentioned agency must agency its own conduct a provider that it is not in the agency’s in the agency’s it is not that a provider a if even Further, participate. to interest the is in place, authorization FedRAMP is the cost savings?” Others indicated indicated Others savings?” is the cost authorize so long to takes FedRAMP that One CIO said, “even once FedRAMP has FedRAMP once CIO said, “even One my do to I still need issued an approval, where – accreditation] & [certification own FedRAMP Has Not Accelerated Safe Safe Accelerated Not Has FedRAMP Services. Cloud New of Adoption FINDING #4 FINDING IT Infrastructure Modernization - - - - - B-19 - . GAO . GAO - - - https://www.whitehouse. https://itdashboard.gov/ . For more detailed information about information detailed more . For https://www.fgdc.gov/organization/ https://www.whitehouse.gov/sites/ https://www.whitehouse.gov/sites/default/files/ https://fcw.com/articles/2007/11/16/it-infra https://cio.gov/wp-content/uploads/down http://www.gao.gov/assets/680/675592.pdf 3/4/2016. data of definitions their memo for FDCCI on OMB’s relied and “non-core”) “core” as (identified centers Chapter Policy see PortfolioStat, about information more For IT of and Oversight A: Management Cloud Computing. Sector Public of State Kundra. Vivek 5/20/2010. loads/2012/09/StateOfCloudComputingReport-FINAL.pdf Enterprise architecture is defined as “a well-defined prac well-defined “a as is defined architecture Enterprise design, planning, and analysis, enterprise conducting for tice for the at all times, using a holistic approach implementation, Federation strategy.” of and execution development successful on Perspectives Common Organizations. Professional EA of Maga and Governance Architecture Architecture, Enterprise Model Reference Technical also 9-4. 11/2013. See zine. Issue 11/2007. Guidance. Practice Architecture Enterprise - Federal https://www.whitehouse.gov/sites/default/files/omb/assets/ fea_docs/FEA_Practice_Guidance_Nov_2007.pdf Authorities. 8/8/2011. Officer Information M-11-29. Chief https://www.whitehouse.gov/sites/default/files/omb/memo randa/2011/m11-29.pdf Strat Cloud Computing the Federal the FDCCI, example, For Federal Reform to Plan Implementation and the 25 Point egy, Management Technology Information Consolidation Center Data Federal Memorandum. OFCIO 2/26/2010. Initiative. default/files/omb/assets/egov_docs/federal_data_center_con solidation_initiative_02-26-2010.pdf Consolidation Center Data Federal Memorandum. OFCIO Memo. 7/20/2011. Update Initiative gov/sites/default/files/omb/assets/egov_docs/fdcci-up date-memo-07202011.pdf Making Agencies Consolidation: Center Data GAO-16-323. Established. Be to Need Goals Savings but Planned Progress, M-08-05. Implementation of Trusted Internet Connections. Connections. Internet Trusted of Implementation M-08-05. 11/20/2007. omb/assets/omb/memoranda/fy2008/m08-05.pdf cloud, and cloud, hybrid public of Sum by 10 agencies Top Dashboard. IT Federal spending from 2016 cloud FY private Services”. Provisioned Feed: “Data drupal/data/datafeeds?format=csv (IT) Technology Information Launch of OMB Memorandum. For Budget and Optimization,Geospatial, Infrastructure Force Task Business and of Lines Execution and mulation 3/3/2006. Formations. coordination-group/meeting-minutes/2006/march/LOB%20 Taskforce%20Memo.pdf Shared D: Federal Chapter see Policy Business, the Lines of Services total device, cost per included: total metrics of round first The mission-critical contact, help-desk per cost user, per cost help-desk speed-of-answer percentage, restoration service resolution percentage. and help-desk first-contact percentage, Metrics”. First Issues LoB Infrastructure “IT FCW. Miller. Jason 11/16/2007. structure-lob-issues-first-metrics.aspx 22. 23. 16. 17. 18. 19. 20. 21. 12. 13. 14. 15. ------POLICY PAPERS POLICY http://www. https://www. . Original data data . Original https://www.digitalgov.
STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE http://www.gao.gov/new.items/ https://www.whitehouse.gov/sites/default/ https://www.itdashboard.gov https://itdashboard.gov
GAO-16-325. Cloud Computing: Agencies Need to Incorpo to Need Agencies Cloud Computing: GAO-16-325. 4/2016. Performance. Effective Ensure to Practices Key rate http://www.gao.gov/assets/680/676395.pdf source: tion in Government Programs, Save Tax Dollars, and En and Dollars, Tax Save Programs, Government tion in 3/1/2011. Revenue. hance d11318sp.pdf Savings Goals Need to Be Established. 3/4/2016. Established. Be to Need Goals Savings gao.gov/assets/680/675592.pdf Duplica Potential Reduce to Opportunities GAO-11-318SP. Since the 1990s, the number of data centers operated by the by operated centers data of the number the 1990s, Since more to hundred several from grown has Government Federal Data 2015. GAO-16-323. November thousand as of than ten Planned but Progress, Making Agencies Consolidation: Center Data Center Consolidation Initiative. 3/19/2012. Initiative. Consolidation Center Data whitehouse.gov/sites/default/files/omb/assets/egov_docs/ cio_memo_fdcci_deliverables_van_roekel_3-19-12.pdf A data center is a room or building that houses computer sys houses computer building that or is a room center data A the storage, used for are that components and associated tems OF and information. data of and dissemination management, Federal the for Guidance Implementation CIO Memorandum. as provided by OFCIO; includes archived data from Federal Federal from data includes archived OFCIO; by as provided feed. data Summary Spending Infrastructure IT Dashboard, IT https://www.itdashboard.gov mary data feed. feed. data mary agencies, of Portfolios Exhibit 53s and IT Historical Source: https://www.icann.org/news/blog/ipv6-the-future-is-now- more-than-ever Sum Spending Infrastructure IT Dashboard, IT Federal Source: asked agencies to include spending on end user devices, office office devices, include spending on end user to agencies asked and IT Office applications), Microsoft (i.e., software automation category reporting the same budget spending in security “IT Infrastructure” historically includes spending on data data includes spending on historically Infrastructure” “IT and switches, routers network equipment, server centers, connecting equipment telecommunications as other well as at times, OMB has also addition, In together. these devices Commodity IT spending areas used in FY 2012 PortfolioStat; 2012 PortfolioStat; used in FY spending areas IT Commodity used in categories spending summary infrastructure and IT 2015-2016 FY requests budget agency budget request (formerly known as the “Exhibit 53”); invest known (formerly request budget including “End requests 2011-2012 budget in the FY ments Services and Servers “Mainframes and Support,” Services User Support”; and Services and “Telecommunications and Support,” Estimates are dependent on methods of data collection. For For collection. data of on methods dependent are Estimates collection included in this of and methods estimates example, reported investments Dashboard; IT 2017 Federal FY range: agency’s of the portion Portfolio” 2003 in the “IT FY since gov/2016/10/28/laying-the-foundation-for-a-more-secure- modern-government/ pdf Secure, More a for Foundation the “Laying DigitalGov. 10/28/2016. Government”. Modern numbers become $50.7B total, $17.3B in infrastructure, mak $17.3B in infrastructure, total, $50.7B become numbers FY for Budget IT President’s Source: total. the of ing up 21% 2017. 2/25/2016. files/omb/egov/documents/fy17_agency_submission_topline. Excluding the Department of Defense from the total, these these the total, from Defense of the Department Excluding
11. 10. 9. 8. 7. 5. 6. 4. 3. 2.
1. Notes IT Infrastructure Modernization - B-20 . For . For https://itdashboard.gov/drupal/ https://itdashboard.gov/drupal/ http://fas.org/irp/offdocs/nspd/hspd-12.html http://www.gao.gov/assets/680/675592.pdf http://www.gao.gov/assets/680/675592.pdf Identification Standard for Federal Employees and Contractors. Contractors. and Employees Federal for Standard Identification 8/27/2004. and Sprint Cybersecurity the 2015 about information more E: Cybersecurity Chapter see Policy PIV, M-16-19. Data Center Optimization Initiative. 8/1/2016. 8/1/2016. Initiative. Optimization Center Data M-16-19. https://www.whitehouse.gov/sites/default/files/omb/memo randa/2016/m_16_19_1.pdf Part 2 2018 CPIC reporting--previously FY forthcoming 3 in Part Savings”. “Cost Dashboard. IT cost-savings Making Consolidation:Agencies Center Data GAO-16-323. Established. Be to Need Goals Savings but Planned Progress, 3/4/2016. Savings”. “Cost Dashboard. IT cost-savings agencies, of Portfolios Exhibit 53s and IT Historical Source: Federal from data includes archived OFCIO; by as provided feed. data Summary Spending Infrastructure IT Dashboard, IT https://www.itdashboard.gov a Common for HSPD-12. Policy Bush. W. George President GAO-16-323. “Data Center Consolidation Agencies Making Agencies Consolidation Center “Data GAO-16-323. Established”. Be To Need Goals Savings Planned But Progress, 3/4/2016. 32. 33. 34. 35. 36. 38. 39. 37. - - - - https:// POLICY PAPERS POLICY http://www.gsa. https://www.fedramp. https://www.whitehouse. . See also OFCIO Memorandum. Memorandum. also OFCIO . See STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE https://marketplace.fedramp.gov https://www.congress.gov/113/plaws/publ291/ https://www.gpo.gov/fdsys/pkg/PLAW- . For more information about FedRAMP and securing the FedRAMP about information more . For Authorization Act (NDAA) for Fiscal Year 2015, Public Law Public Law 2015, Year Fiscal for Act (NDAA) Authorization 113-291: No: PLAW-113publ291.pdf#page=148 gov/files/2015/08/FFSixMonthStatusReport_Infographic-2.pdf Act. Reform Acquisition Technology Information Federal Defense National the of D VIII, Subtitle Title 12/19/2014. Full website available at: at: available website Full Forward”. “FedRAMP FedRAMP.gov. puting Environments. 12/18/2011. 12/18/2011. Environments. puting gov/sites/default/files/omb/assets/egov_docs/fedrampmemo. pdf E: Cybersecurity Chapter see Policy network, The Federal Risk and Authorization Management Program. Program. Management Authorization and Risk Federal The see: governance, about FedRAMP more For gov/portal/category/103271 Com in Cloud Systems Information of Authorization Security Public Law No. 107–347. E-Government Act of 2002. of Act 107–347. E-Government No. Law Public 12/17/2002. 107publ347/pdf/PLAW-107publ347.pdf Vivek Kunda. Federal Cloud Computing Strategy. 2/8/2011. Strategy. Cloud Computing Federal Kunda. Vivek https://www.whitehouse.gov/sites/default/files/omb/assets/ egov_docs/federal-cloud-computing-strategy.pdf guidance for the next fiscal year, there was no requirement for for requirement was no there year, fiscal the next for guidance services “must move” their identify to agencies Ibid. OMB told agencies to identify three “must move” ser move” “must three identify to agencies OMB told Ibid. migrate must fully the services least one of “at where vices, remaining two and the within 12 months a cloud solution to budget IT OMB released when However, within 18 months.” eral Information Technology Management.12/9/2010. Management.12/9/2010. Technology Information eral www.dhs.gov/sites/default/files/publications/digital-strate gy/25-point-implementation-plan-to-reform-federal-it.pdf Vivek Kundra. 25-Point Implementation Plan to Reform Fed Reform to Plan Implementation 25-Point Kundra. Vivek 31. 29. 30. 28. 27. 26. 25. 24. Open Data and Open Government
Information is a valuable national resource and a strategic asset to the Federal government, its partners, and the public. In order to ensure that the Federal government is taking full advantage of its information resources, executive departments and agencies...must manage information as an asset throughout its life cycle to promote openness and interoperability, and properly safeguard systems and information.
OMB Open Data Policy — Managing Information as an Asset¹
Summary Responsibilities and governance are widely distributed in this “ policy area. Some initiatives are led by the Federal CIO, while others come directly from The White House. GSA manages Data. Stakeholders gov and Project Open Data. To date, over 185,000 government datasets have been posted on Data.gov. However, it can be difficult to measure the broader economic and civic impacts of open data and open government Impact efforts. While most CIOs reported interest in open government and open data initiatives, many expressed challenges in obtaining resources, navigating conflicts with existing policies, and balancing priorities against other efforts such as infrastructure Risk modernization and cybersecurity. Efficiently managing government data and information can increase operational efficiencies, reduce costs, improve services, and better safeguard personal information. Making information resources accessible, discoverable, and usable by the public can Policy help fuel entrepreneurship, innovation, and scientific discovery.
STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 C-1 Open Data and Open Government C-2 5 systems (see Figure C1) and weather weather C1) and Figure (see systems changed fundamentally that forecasting impact had a tremendous and lives citizens economy. American on the is these goals of both achieving to Key management efficient and the effective Improving information. government of data government of the management operational can increase and information services, improve costs, reduce efficiencies, information. personal safeguard and better information improved Furthermore, the efficient for can allow management others by this data of and reuse release section next The an agency. outside of and the strategies of will discuss several has government Federal the that initiatives manage agencies how improve to pursued to data more to provide and information the public. POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE
Figure C1: GPS Equipment Revenue in the United States between 2005 to 2010 2005 to between States in the United Revenue C1: GPS Equipment Figure
The Federal government creates and creates government Federal The and data valuable of variety wide a collects with the citizens provide to has long sought information.² this access to and ability right of the Obama full day the first On signed the President the Administration, Open and Transparency on Memorandum information recognizes that Government as government in the Federal generated The memo established asset. a national for the tone set principles that central three (1) transparency; in this area: efforts future and (3) (2) public participation; data and information Making collaboration.³ the and usable by discoverable, accessible, services citizen-facing public can transform innovation, and help fuel entrepreneurship, example, For the discovery.⁴ and scientific data weather of release government’s (GPS) System Positioning and the Global navigation of the creation for allowed Overview Overview Open Data and Open Government Open and Data Open Open Data and Open Government C-3 Open Data Action Plan and Action Data Open Goals CAP Data.gov and the IT Dashboard Dashboard and the IT Data.gov National Government Open Plans Action Strategy Government Digital — Managing Policy Data Open Asset as an Information Transparency and the Open the Open and Transparency Directive Government — 2015 — present 2014 2011 2012 2013 2009 Mandates collaboration with public and civil actors with public and civil actors collaboration Mandates open new of release the and prioritize identify to such efforts public outreach incentivizes sets, data focuses roundtables, and industry as challenges data innovation on Fellows Innovation Presidential projects. Citizen-facing websites designed to increase to increase designed websites Citizen-facing directly data government and share transparency with the public. online petitions the People” Launches the “We modernizes public participation, promotes platform, improves management, and information records administration. FOIA new of and adoption the development Directs API policies. Requires web and content, open data, customer-facing major two identify to agencies to the exposed can be that with information systems APIs. web-based via public and open data machine-readable standard Requires and information supports interoperability formats, Data establishes the Enterprise accessibility, listing. and public data Inventory Lays out open government principles of being principles of out open government Lays collaborative. and participatory, transparent, Dashboard. Government the Open Establishes in open online post information to agencies Requires to datasets high-value three identify and to formats, post on Data.gov. 2009 Key Initiatives Key POLICY PAPERS POLICY
STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE
The recurring theme throughout all of all of theme throughout recurring The transparency, to improve was these efforts and information accountability, the public while providing management government to access with increased information. Prior to 2009, government-wide efforts efforts 2009, government-wide to Prior the public into data government bring to meeting on focused largely were sphere E-Government the of the requirements establishing a public which included Act, websites. Federal of domain directory of the creation period also saw This supporting a single business websites Regulations.gov (e.g., dataset function or as a result created websites in 2003),⁶ and (e.g., USASpending. legislation other of included the efforts in 2007).⁷ Later gov public resources sharing of increased for platforms become which could and innovation entrepreneurship, research, machine- structured, of the release (e.g. weather pertaining to data readable 2016, the primary In and climate).⁸ “to shifted strategy government-wide data on enterprise broadly more focus the message emphasize and to governance data good is an output of Data Open that in to success and critical management service, customer cybersecurity, like areas decisionmaking.”⁹ data-driven and internal Policy Evolution Policy Open Data and Open Government C-4
Jump-started the movement to release release to movement the Jump-started datasets government support executive high-level Provided to improve efforts government-wide for accountability and transparency with the data performance Shared dashboards web-based public through raised initiatives, other many Like without agencies for expectations resources additional providing was the initiative of focus The of number the on counting frequently data than the rather datasets shared released impact of or value, quality, datasets the potential discussion of the Began and open government open of value customers to data
• • • • • •
Challenges Impact Transparency and the and Transparency Directive Government Open Key Strengths Key Policy POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE
Transparency and the Open Open and the Transparency Directive Government office in day first Obama’s President On and Open Transparency a he issued based on memorandum Government public transparency, principles: three Later collaboration.¹⁰ and participation, Directive Government an Open year, that things, among other that, issued was a senior of the appointment required the quality for accountable official agency via public- presented information of Open addition, the In websites.¹¹ facing agencies tasked Directive Government Plan, Government Open an with creating online information publishing agency a agencies and gave formats”, in “open high- publishing three of specific target previously not were which sets data value OMB within 45 days. available, publicly on these focus agencies’ renewed later for instructions updating by approaches in 2016.¹² Plans Government Open Agency 2009 2009 Open Data and Open Government C-5 Provides a one stop shop for for shop stop a one Provides datasets government easily more data government Made and searchable discoverable Administration’s the Obama Supported objectives open government increased, datasets of As the number and discovery, navigation, improved necessary became tools search Data Enterprise such as the Efforts a high degree introduced Inventory for making it difficult (cost), burden of without implement fully to agencies additional support government-wide a new Signaled the to opening up data to approach public portal for a public-facing Created spark to datasets government data) weather (e.g., innovation
• • • • • • •
Strengths Challenges Impact Data.gov Key Key Policy
POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE Data.gov, launched in May 2009, launched in May Data.gov, Figure C2: Data Sets Available on Data.gov increased by over 400% from 2012 - 2016¹⁷ 400% from over by increased on Data.gov Available Sets C2: Data Figure made an early push to publicize a broad a broad publicize push to made an early from ranging datasets, agency of range information to data complaint consumer areas.¹³ service about 911 emergency sectors different 14 lists Data.gov Currently, in However, is available.¹⁴ which data for available not are cases the datasets many machine-readable easily or in open formats updated not are XML) or versus PDF (e.g., limiting year, per than once often more on provided the data of the usefulness their maintain Agencies Finally, the site.¹⁵ Data Enterprise and (publicly) listings data as publicly) posted not (usually Inventory by read which can be files data structured of section “impact” The and OMB. Data.gov of includes a number website the Data.gov these datasets how of examples anecdotal companies sector private used by being are and the public.¹⁶ Data.gov: Data.gov: Data.gov and the IT Dashboard IT and the Data.gov launched Administration Obama The to improve initiatives additional several spending ofgovernment the transparency a provide and to investments IT on major datasets government shop for one stop public health to data census from ranging information. 2009-present 2009-present Open Data and Open Government C-6 The public can download and analyze and analyze public can download The citizen increasing themselves, the data and oversight engagement TechStat and Dashboard IT The OMB, and sessions helped agencies, and projects at-risk IT identify Congress measures corrective implement Improves transparency into major IT IT major into transparency Improves investments public so the available data Makes taxpayer spend agencies see how could dollars began the Dashboard 2015, In use agile or agencies whether displaying on practices development incremental projects IT and under budget over both Variances as negative reported are budget schedule of well as ahead (as conditions some leading to and behind schedule), confusion that data from draws Dashboard IT The leading agencies, by is self-reported and quality about data questions to completeness detailed, provided have all agencies Not by “Evaluations up-to-date regular, investments major all for CIO” Agency a major represents Dashboard IT The document- static, the from away shift data live toward approaches, driven visualizations
• • • • • • • • •
Federal IT Dashboard IT Federal Policy Policy Impact Key Strengths Key Challenges POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE In 2009, OMB publicly publicly OMB 2009, In Dashboard: IT Dashboard IT the Federal launched IT major whether to as with information within and on schedule were investments the by as an assessment well as budget, overall the investment’s of CIO agency Dashboard the IT Currently, risk.¹⁸ of level schedule, and performance cost, displays IT federal 770 major over for data $81.5 billion in for accounting investments 2016. FY spending for IT Open Data and Open Government C-7 Provided additional support from support from additional Provided open for Administration the Obama in project both efforts, government public communications support and Administration with synergies Created usage government on increasing focus and services tools digital of challenge” “grand of a number Makes difficult are results where commitments track to of CIO outside offices of Engagement made it sometimes have organization focus on open to CIOs for difficult efforts and open data government the the “We of the development to Led platform online petitioning People” platform the “Challenge.gov” Improved the public in providing engage to government’s to solve solutions problems “mission-centric” the of the development Initiated on reusable Policy Code Source Federal software and open source
• • • • • • •
Open Government National Action Plans Action National Government Open Key Strengths Key Challenges Policy Impact POLICY PAPERS POLICY
STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE Creating Safer Communities Safer Creating Accountability Corporate Increasing Improving Public Services Public Improving Integrity Public Increasing Public Managing Effectively More Resources
• • • • • NAP Grand Challenge Commitments Challenge Grand NAP . The special focus placed on improving on improving placed special focus The a NAP of is an example Challenge.gov The Challenge.gov from 2015. initiative innovative publish portal is designed to to engage the public for opportunities government to solutions in providing with veterans providing (e.g., challenges The to health services).²¹ access better centered on Challenge.gov focus NAP’s the average for making it easier around challenges and the prizes find to person both increasing them by interested that and data the available of the accessibility agencies. participating of the number Open Government National Government Open international the part of 2011, as In the Partnership, Government Open launched the Administration Obama Plans Action National of series in a first in the initiatives of Many (NAPs).¹⁹ public on enabling focused the NAPs in engagement and citizen participation People” The “We the (e.g., government The initiatives platform). online petitioning (2015) continue last NAP in the proposed and are today be implemented to open other of with a number connected and citizen-facing open data, government, as the CAP such strategies, digital service Goals.²⁰ 2011 — 2015 — 2015 2011 Action Plans Action Open Data and Open Government C-8 Provided clear guidance (e.g., identify 2 identify (e.g., guidance clear Provided sets) data high-value such concepts open data Emphasized and interoperability as accessibility tagging metadata through metrics contain did not strategy The of accuracy or assess quality to result, it is As a released. information fulfilled the actually agencies if unclear the policy of requirements in 2013 and 2016 reviews PortfolioStat developed APIs of included the number performance in its key each agency by (KPIs) indicators with the creation compliance Agency was never JSON files and the HTML of KPIs in PortfolioStat measured
• • • • • Apply metadata tagging and publish and publish tagging metadata Apply high- additional transition to a plan systems. value which websites new Establish (HTML) human-readable hosted (JSON) and machine-readable progress their of descriptions each action and implementing milestone.²⁵
• • Digital Government Strategy Government Digital Key Strengths Key Challenges Policy Impact While there were a number of clear clear of a number were there While came from that outcomes implementation (e.g, Strategy Government the Digital performance web a of the development experience and customer guidance²⁶ information is no available there metrics²⁷), initiatives these of impact overall the about success. and their POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE Make high-value data and content in content and data high-value Make customer- major existing least two at web through available systems facing APIs. Engage with customers to identify at identify to with customers Engage customer- major existing least two high- contain that services facing as first-move content or data value with compliant make to candidates web and content, open data, new API policy. Ensure all new IT systems follow the follow systems IT all new Ensure API web and content, open data, agency. and operationalize policy pages. gov/developer
• • • The strategy’s data-driven components components data-driven strategy’s The and interoperability both emphasized the application involved This accessibility. make to order in tagging metadata of searchable easily more published datasets mindset API-first an of and the adoption highly create to developers allow to to draw mobile applications accessible addition, pursuant In upon those datasets. was Data.gov Strategy, the Digital to for API catalog web include a to expanded aggregate centrally to agencies all Federal 2013, the of August Since APIs. agency the features access public has been able to automatic receive to in order APIs these of particularly are feeds These feeds. data In developers.²⁴ software IT for useful to: required were addition, agencies Digital Government Strategy Government Digital launched Administration 2012, the May In sought that Strategy Government a Digital citizen-facing of the delivery improve to the of focus primary A digital services.²² of quantities vast the make to was strategy to available easily more data government the public.²³ 2012 Open Data and Open Government C-9
It is difficult to measure the impacts of the impacts is difficult to measure It policies because it is hard open data such as data concepts quantify to and downstream transparency, usability, innovation on the attention agency Focused released datasets of usability Dashboard Data Open Project The of a number track publicly is used to efforts open data for metrics Reemphasized that data should be data that Reemphasized default by “open” to data” “open Expanded the meaning of and usable accessible more encourage of and descriptions licenses, formats, datasets Data Open Project Launch of Data Enterprise such as the Efforts a high degree introduced Inventory for making it difficult (cost), burden of without implement fully to agencies additional support a in some cases have efforts data Open policies with existing tension
• • • • • • • • Open Data Policy — Managing Information — Managing Policy Data Open as an Asset as an Policy Policy Impact Key Challenges Key Strengths OMB and the Office of Science and Science of the Office OMB and also launched (OSTP) Policy Technology clearinghouse for as a Data Open Project tools, case studies,practices, best definitions, obstaclesWhile interaction.³⁰ and community (e.g., limited remain adoption widespread to priorities),³¹ policy competing budgets, agency focus in helped shift agency the policy to datasets releasing simply from open data usability. dataset improving Data Open Project the Additionally, and metrics track launched to was Dashboard the completeness, to related OMB comments data open agency and use of accuracy, goals: the following across materials Listing, Data Public Inventory, Data Enterprise & Security, Privacy Engagement, Public of Many & Impact.³² Capital, and Use Human a government- at also appear these metrics CAP Data in the Open level wide aggregate on Performance.gov. Goal POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE Create and maintain an Enterprise an Enterprise and maintain Create Inventory; Data a public data and maintain Create listing; and with engage to a process Create and help facilitate to customers release. data prioritize Build information systems to support systems information Build and information interoperability accessibility; Use data standards; data Use stewardship information Ensure open licenses; the use of through and extensive core common Use metadata; Use machine-readable and open machine-readable Use formats;
• • • • • • • • A significant component of this policy this policy of component significant A and maintenance, the establishment, was This Inventory. Data an Enterprise use of of is based on the concept requirement you asset, your inventory cannot you if asset. your protect or manage cannot Open Data Policy — Managing — Managing Policy Data Open Asset as an Information issued Obama 2013, President 9, May On Open“Making titled Order an Executive for Default the New Readable and Machine with the simple Information” Government government in “openness principle that the promotes democracy, our strengthens services effective and efficient of delivery economic to public, and contributes the to OMB issued an same day, That growth.”²⁸ to the need highlighting Policy Data Open to and as an asset” information “manage of and usability the discoverability “improve “open.”²⁹ making them by datasets existing were agencies Policy Data the Open Under to: directed 2013 Open Data and Open Government C-10 Introduced a more comprehensive comprehensive a more Introduced data open mechanism for oversight Performance.gov through efforts have sub-goals CAP Data Open Many a or progress agency a lack of shown baseline levels³⁸ decline from holding a reported agencies 17% of public outreach other or datapalooza Q3³⁹ 2016 in FY event data Focused on public outreach through through on public outreach Focused techniques such as incentive innovative and “Datapaloozas” prizes
• • • • Open Data Action Plan and CAP Goals Plan and CAP Action Data Open Key Challenges Policy Impact Key Strengths strategies and initiatives, the CAP goal CAP the and initiatives, strategies calculated metrics the of many includes a at Dashboard Data Open on Project to in addition level, government-wide For initiatives. related from updates describes actions one sub-goal example, the overall improve to taken have agencies through datasets government of usage Datapaloozas, activities such as outreach and roundtables. code-a-thons, POLICY PAPERS POLICY In May 2014, the 2014, the May In STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE In 2014, the Open 2014, the Open In Open Data CAP Goal. CAP Data Open was goal (CAP) Priority Cross-Agency Data comprehensive more provide to created mechanisms oversight and implementation and information open government for on these Progress efforts.³⁶ management been published have actions and measures on the publicly-available quarterly Agency website.³⁷ Performance.gov through has also been evaluated progress but Dashboard, Data Open the Project integrated tightly not are those measures (e.g., processes management IT with other Summarizing performance PortfolioStat). the aforementioned of many across Numerous other approaches were also were approaches other Numerous Plan, including Action the by promoted feedback sessions sector-specific government, outside of with groups open-data- challenges, prizes, incentive Fellows, Innovation Presidential dedicated detailed and a list of licenses, appropriate and datasets specific to enhancements also tasked were Agencies programs. data public, to outreach of level with a greater in organizations and private civil society, datasets what solicit input on to order This release. for should be prioritized both to increase was intended effort government released of the usefulness additional spur and to datasets the within innovation for opportunities sector.³⁵ private Federal government released the Open Open the released government Federal which summarized Plan Action Data government’s Federal the of many committing while date, to accomplishments commitments These initiatives.³³ new to “Data use of agencies’ included expanding and “Datapaloozas.”³⁴ (workshops) Jams” Open Data Action Plan and CAP CAP Plan and Action Data Open Goals Plan. Action Data Open 2014 Open Data and Open Government C-11 Lessons Learned Lessons focused OMB Data.gov, of the launch After each by released datasets of number on the however, realized, quickly was It agency. such understand to context additional that the story. part of an important was a count agencies OMB required M-13-13, With all unreleased a baseline of establish to the public count which against datasets be compared. could more creating simply that Realizing of the objective match not may datasets on focus began to agencies area, the policy the feedback from soliciting and measuring means on their electronic public through events in-person through or webpages and Datapaloozas. such as hackathons recognition a by motivated was this Though of value measuring the impact and that these metrics be important, would datasets rather events counting focus on still results and satisfaction than gathering agency of users external from information datasets. by been augmented have metrics These uses of sector about private anecdotes “Impact” Data.gov’s to posted public data are however, anecdotes, These page. agencies, between compare to difficult thewhat clear make always do not overall to was public data of contribution connects the anecdote how or value, agency or on Data.gov available data to is still government Federal The websites. the to measure ways effective looking for datasets, released and impact of value thesetranslate to it is difficult that realizing impact. quantifiable into concepts POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE Examples datasets. counting focused on efforts Early nuances more time, OMB introduced Over on “high priority” focusing this approach, to all of a baseline and developing datasets agency each at internally managed datasets of count This inventories). data (enterprise released datasets of percentage or datasets of years of became a KPI used in a number OMB established Additionally, PortfolioStat. which emphasized Goal CAP Data an Open to outreach agency of the importance how understand to organizations external datasets. released using publicly are they and usage based on dataset Anecdotes and Datapalooza hackathon of counts important became agencies held by events public engagement. tracking parts of Dashboard Data Open the Project Finally, based on dozens each agency evaluates public their from drawn calculations of and inventories, data enterprise datasets, many as how such reporting, agency other datasets. had shared the agency at bureaus Open the PortfolioStat, between However, Data Open and the Project Goal, CAP Data or no single place was there Dashboard, picture the complete evaluate to metric on open progress government’s the of these across and open government data and priorities. efforts different Primary Objective Emphasized in in Emphasized Objective Primary and Oversight Metrics in efforts OMB’s of objective primary The has been open government and open data enable external transparency, improve to resources, government on based innovation Because engagement. public and increase directly these goals, of the nature of can be difficult. measuring outcomes a series of OMB adopted Therefore, key well as tracking as anecdotes qualitative way. along the efforts outputs of Metrics and Oversight and Metrics Open Data and Open Government C-12 dollars…” dollars…” — Agency CIO Agency — hundreds of millions of millions of of hundreds collect this data requires requires this data collect funding for it. To accurately accurately To it. funding for data, but we don’t get extra extra get don’t we but data, Everyone loves the concepts the concepts loves Everyone of open government and open open government of FINDING #1 FINDING Difficulty Expressed CIOs Agency Open to Resources in Dedicating Initiatives. Data Open and Government support they that stated CIOs many While behind open government the principles challenges face they efforts, and open data dedicating to resources these initiatives. limited Given support budgets, mission of activities takes (e.g., precedence modernizing strengthening infrastructure, IT agency there Finally, protections). cybersecurity should an agency consequences limited are open government implement to decide not to the compared especially initiatives, or breach a public data from consequences services. in network a disruption POLICY PAPERS POLICY
STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE
Findings in open value see CIOs agency Although initiatives, data and open government limited their focus to have often they that goals policy on other resources are efforts These urgent. be more may of group a large by complicated further government-wide drive that stakeholders efforts and open data open government independent and simultaneously both a are there Additionally, each other. of and policies that laws existing of number with the conflict directly can sometimes openness in government, principles of with records including those dealing access, public information management, some has led to This and cybersecurity. about the in agencies uncertainty of and impact measurement, prioritization, policies and open data open government and initiatives. Agency Observations and Observations Agency Open Data and Open Government C-13 Implementation of the Digital the of Implementation (DATA Act Transparency and Accountability pattern. a similar 2014 follows of Act)⁴⁰ a significant contains this statute While provisions open data IT-related of number being are efforts current CIOs, to relevant community. the CFO by primarily driven and open government of ownership The agency of the outside initiatives open data conflicts to can lead CIO organization and the CIO. leadership agency between stakeholders of wide range the Overall, to engage CIOs for it difficult can make compliance and ensure in these efforts requirements IT agency with broader and other privacy) cybersecurity, (e.g., recent In addition, the initiatives. policy Officers Data Chief of appointments the adds to only agencies many at complexity. POLICY PAPERS POLICY future. Data.gov, Project Open Data, Challenge.gov, Open311, Open Data CAP CAP Data Open Open311, Challenge.gov, Data, Open Project Data.gov, with OMB and OSTP Goal Roundtables, Plans (NAPs), Action National Government Open with OMB Goal Data CAP Open Initiatives,⁴¹ Data” “My Datapaloozas, and GSA People The We Act) (DATA Act Transparency and Accountability Digital Open Government Directive, Open Data Policy, IT Dashboard, Open Dashboard, IT Policy, Data Open Directive, Government Open and OSTP with GSA Goal CAP Data Key Initiatives and Projects and Initiatives Key
— Agency CIO Agency — is working on open data open data on working is Our enterprise architect architect enterprise Our STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE public data sets… but I’m not but I’m not sets… public data now, open data is not a high- is not open data now, but I think there will be more will be more but I think there efforts, and we release limited limited release we and efforts, value initiative for our agency, agency, our for initiative value personally focused on it. Right on it. Right focused personally focus on this policy area in the area on this policy focus Key Organizations in Government-wide in Organizations Key Open Government and Open Data Initiatives Data and Open Government Open OMB - Office of Federal Financial Federal of OMB - Office (OFFM) Management The White House Office of Office House White The Administration General Services Administration (GSA) Administration Services General and Science of Office House White The (OSTP) Policy Technology Lead Organization Lead Chief Federal of the OMB - Office (OFCIO) Officer Information Open government and open data tools tools and open data government Open available widely are and applications outside stakeholders by and accessible Program community. CIO the traditional agency other mission leads, and offices, can officials independently out carry open data initiatives, without needing the the support of CIO agency organization. White and the OSTP, addition, GSA, In open government lead numerous House without often efforts, and open data or the OFCIO from engagement significant the CIO Council. The Broad Range of Stakeholders Stakeholders of Range Broad The Governance. Complicates FINDING #2 FINDING Open Data and Open Government C-14 FINDING #4 FINDING and Open Government Open of Outcomes Gauge. to Hard Be Can Efforts Data open of the adoption to challenge Another initiatives data and open government assessing directly in is the difficulty is civic impacts.⁴² It and economic their measure to directly difficult inherently and economic as broader well as outcomes and sets data releasing of social impacts As such, information. government other has been on measuring focus the primary datasets of number (e.g., leading indicators and highlighting on Data.gov) released the across and anecdotes stories success open While sectors.⁴³ public and private and Goals via CAP is tracked progress data public-facing Government-wide various Data Open such as the Project websites been a primary not have they dashboard, do As such, CIOs PortfolioStat. of focus as efforts these of measurement see not of as the number OMB, even for a priority in this policy and initiatives requirements expanded. has area POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE Existing statutes and policies such as the and policies statutes Existing 1995, of Act (PRA) Reduction Paperwork Act (FOIA) Information of the Freedom 1974, and of Act 1966, the Privacy of and policies management records various to established prior were requirements and technologies modern of the advent the ease for account necessarily did not connecting and sharing, collecting, of digital government. in a sources data agency complicate can tension This initiatives. data open of implementation expressed CIOs agency instance, For datasets of the release that concern vulnerabilities create inadvertently could information. confidential expose or are datasets as more Furthermore, – can emerge challenges new released, which allows such as the “mosaic effect”, to be derived information sensitive multiple public of the combination from each that the fact despite datasets, contain does not data of individual piece are CIOs Ultimately, information. sensitive legacy to adherence balance to struggling open of in the context policies and laws efforts. and open data government Existing Policies and Statutes Can Conflict Conflict Can Statutes Policies and Existing Efforts. Data with Open FINDING #3 FINDING Open Data and Open Government - - - C-15
). Additional Additional ).
. See also, “Digital Government: Building a Building Government: also, “Digital . See . fice/TransparencyandOpenGovernment - Govern and Open “Transparency Obama. Barack President 1/21/2009. https://www.whitehouse.gov/the_press_of ment”. https:// 12/8/2009. Directive. Government Open M-10-06. www.whitehouse.gov/sites/default/files/omb/assets/memo randa_2010/m10-06.pdf 7/14/2016. Plans. Government Open Agency M-16-16. 2016 https://www.whitehouse.gov/sites/default/files/omb/memo randa/2016/m-16-16.pdf Data”. “Democratizing Blog. House White The Orszag. Peter 5/21/2009. https://www.whitehouse.gov/blog/2009/05/21/ democratizing-data Consumer, Climate, Business, Agriculture, are: sectors These - Gov Local Health, Finance, Energy, Education, Ecosystems, and Science Safety, Public Ocean, Manufacturing, ernment, https://www. Topics”. “Browse Data.gov. Source: & Research. data.gov/ 186,467 datasets of the total 20%) of has 36,529 (or Data.gov - http://cat Catalog”. “Data Data.gov. Source: format. in PDF are alog.data.gov/dataset#sec-res_format Office of Management and Budget. FY 2012 Report to Con- to Report FY 2012 Budget. and Management of Office of Act The E-Government of on the Implementation gress 2002. 3/2013. https://www.whitehouse.gov/sites/default/ files/omb/assets/egov_docs/fy12_e-gov_act_report.pdf Data.gov. “Impact”. https://www.data.gov/impact/ “Impact”. Data.gov. https://www.data.gov/metrics “Metrics”. Data.gov. Source: https://itdashboard.gov/drupal/ Savings”. “Cost Dashboard. IT cost-savings Plans”. Action National Government “Open Whitehouse.gov. 11/4/2016. https://www.whitehouse.gov/open/ Retrieved partnership/national-action-plans can be highlights) initiative stories, (success data Anecdotal (http://www.data.gov/impact/ on Data.gov found and Dashboard Data Open on Project can be found measures on Performance.gov as reported updates Goals CAP the quarterly and ad- the site developed with OSTP, in consultation GSA, available. currently 700 challenges the approximately ministers https://www.challenge. Challenges”. “Newest Challenge.gov. gov https://www.WhiteHouse. Gov”. “Digital Whitehouse.gov. gov/DigitalGov also emphasized the strategy APIs, and to data addition In support to development and improving usage mobile device the mobile experience. 21st Century Platform to Better Serve the American People”. People”. American the Serve Better to Platform 21st Century 5/23/2012. https://www.whitehouse.gov/sites/default/files/ omb/egov/digital-government/digital-government.html
10. 11. 12. 13. 14. 15. 24. 16. 17. 18. 19. 20. 21. 22. 23. - - - - - POLICY PAPERS POLICY . The site site The . and provides details details and provides
STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE
mance_prod_ahwdtloxcxcy/s3fs-public/FY%2016%20Q3%20 Open%20Data%20FINAL.pdf Performance.gov. “Cross-Agency Priority Goal: Open Data”. Data”. Open Goal: Priority “Cross-Agency Performance.gov. https://s3.amazonaws.com/app_perfor 2016 Q3 Update. FY - and innova entrepreneurship data-driven of one example In National from the data utilizes Corporation tion, the Climate Weather National Administration, Atmospheric and Oceanic - Conserva Resources Natural Survey, Geological U.S. Service, Administration. Space and Aeronautics National Service, tion http://www. Corporation”. 500. “Climate Data Source:Open opendata500.com/us/climate-corporation/ USASpending.gov was created under the Federal Funding Funding the Federal under created was USASpending.gov 109– Law 2006. Public of Act Transparency and Accountability of Act Transparency and Accountability Funding 282. Federal 2006. 9/26/2006. https://www.gpo.gov/fdsys/pkg/PLAW- 109publ282/pdf/PLAW-109publ282.pdf site The and grants. contracts spending on Federal regarding the of the Department to GSA from transferred recently was Transpar and Accountability the Digital to pursuant Treasury the expanded also greatly Act DATA The Act). (DATA Act ency to include nearly on USASpending.gov contained information - Account 113-101. Digital Law Public expenditures. all federal 2014. 5/9/2014. https://www. of Act Transparency and ability gpo.gov/fdsys/pkg/PLAW-113publ101/content-detail.html Regulations.gov was created pursuant to Section 206 of the Section 206 to pursuant was created Regulations.gov E-Government The 107-347. Law Public 2002. of Act E-gov 12/17/2002. https://www.gpo.gov/fdsys/pkg/ 2002. of Act PLAW-107publ347/pdf/PLAW-107publ347.pdf mation https://www.statista.com/ “Statistics”. NPD Group. Source: statistics/199890/revenues-of-gps-equipment-in-the-united- states-since-2005/ online in a single location rules available all proposed makes As of rules. on proposed the public to comment and allows on posted regulations most-commented 11/1/2016, the five since comments 704,531 public received had Regulations.gov Data.” “Site Regulations.gov. Source: year. the the beginning of https://www.regulations.gov/siteData According to a 2013 private sector report, “Open data can data “Open report, sector a 2013 private to According annually value to $5 trillion in economic help unlock $3 trillion - “Ed were: listed sectors diverse The sectors.” seven across Oil Electricity, products, Consumer Transportation, ucation, Global McKinsey finance”. and Consumer and gas, Healthcare, and performance Unlocking innovation data: “Open Institute. 10/2013. http://www.mckinsey.com/ with liquid information”. business-functions/digital-mckinsey/our-insights/open-da - Govern and Open “Transparency Obama. Barack President 1/21/2009. https://www.whitehouse.gov/the_press_of ment”. fice/TransparencyandOpenGovernment ta-unlocking-innovation-and-performance-with-liquid-infor One of the earliest and most well-known efforts in this area area in this efforts well-known and most the earliest of One - which pro 1966, of Act (FOIA) Information of is the Freedom government their of records the to access with public the vides Rules, Agency Information; Public § 552. 5 U.S.C. leaders. 2012 edition. and Proceedings. Records, Orders, Opinions, https://www.gpo.gov/fdsys/pkg/USCODE-2012-title5/html/ USCODE-2012-title5-partI-chap5-subchapII-sec552.htm M-13-13. Open Data Policy — Managing Information as an Information — Managing Policy Data Open M-13-13. 5/9/2013. https://www.whitehouse.gov/sites/default/ Asset. files/omb/memoranda/2013/m-13-13.pdf
9. 8. 7. 6. 5. 4. 3. 2. 1. Notes Open Data and Open Government - - - C-16 -
for examples for fice/2016/09/28/fact-sheet-data-people-people-eight-years- progress-opening-government Transparency and Accountability 113-101. Digital Law Public 5/9/2014. https://www.gpo.gov/fdsys/pkg/ 2014. of Act PLAW-113publ101/pdf/PLAW-113publ101.pdf healthcare) (for Button Blue such as the initiatives, Data” “My to give designed are usage), energy (for Button and Green data personal own their to access electronic secure Americans measuring the impact of to approach new “A Keserű. Júlia - 5/5/2015. https://sun Foundation. Sunlight The open data”. lightfoundation.com/blog/2015/05/05/a-new-approach-to- measuring-the-impact-of-open-data/ In 2016 alone, the White House and OSTP have highlighted a highlighted have and OSTP House White alone, the 2016 In partner occurring in initiatives public data-related of variety the Initiative, Data the Police including: with agencies, ship Day Data Open Summit), (and Initiative Medicine Precision Datapaloo House, Camp Open Summer Data DC, the Open leaders. with industry roundtables open data various zas, and for the People, by Data Sheet: Fact House. White The Source: Government Opening Progress of Years — Eight the People Growth. Economic & Opportunity, Innovation, Spur to Data 9/28/2016. https://www.whitehouse.gov/the-press-of OFCIO, by by is shared Goal CAP Data the Open of Ownership Transportation of Department and the OSTP, Data”. Open Goal: Priority “Cross-Agency Performance.gov. https://www.performance.gov/content/ 2016 Q2 Update. FY open-data#supporting-info Data”. Open Goal: Priority “Cross-Agency Performance.gov. https://s3.amazonaws.com/app_perfor 2016 Q3 Update. FY 2016 Q3 Update. FY Data”. Open Goal: Priority “Cross-Agency - https://s3.amazonaws.com/app_performance_prod_ahwdt loxcxcy/s3fs-public/FY%2016%20Q3%20Open%20Data%20 FINAL.pdf mance_prod_ahwdtloxcxcy/s3fs-public/FY%2016%20Q3%20 Open%20Data%20FINAL.pdf See: https://data.gov/impact See:
40. 41. 42. 35. 36. 37. 38. 39. 43. - - - - - POLICY PAPERS POLICY . This method of of method This . STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE - https://www.whitehouse.gov/sites/default/files/mi Datapaloozas are informational events intended to highlight to highlight intended events informational are Datapaloozas and academic sectors nonprofit, within the private, innovation to build useful datasets government’s the utilized who have Data.gov. and applications. services, products, and creative - https://www.data.gov/safety/white-house-safety-dat “Safety”. apalooza Data.gov. “Dashboard”. https://labs.data.gov/dashboard/offices “Dashboard”. Data.gov. 5/9/2014. Plan”. Action Data Open “U.S. House. White The pp. 2-6. crosites/ostp/us_open_data_action_plan.pdf - Informa — Managing Policy Data “Open Data. Open Project https://project-open-data.cio.gov/ Asset”. tion as an these obstacles, see the of explanation detailed a more For Dedicating in Difficulty Expressed CIOs “Agency finding below: Initiatives” Data and Open Government Open to Resources - https://www.digitalgov.gov/services/dap/dap-digital-met es”. rics-guidance-and-best-practices/ - Read and Machine Open “Making Obama. Barack President 5/9/2013. Information”. Government for Default able the New https://www.whitehouse.gov/the-press-office/2013/05/09/ executive-order-making-open-and-machine-readable-new-de fault-government- President Barack Obama. Executive Order 13642: Making 13642: Order Executive Obama. Barack President - Govern for Default the New Readable and Machine Open 5/9/2013. https://www.whitehouse. Information. ment gov/the-press-office/2013/05/09/executive-order-mak Digital.gov. “DAP: Digital Analytics Program”. https://www. Program”. Analytics Digital “DAP: Digital.gov. digitalgov.gov/services/dap/ Digital.gov. “DAP: Digital Metrics Guidance and Best Practic and Best Guidance Metrics Digital “DAP: Digital.gov. ture Modernization ture ing-open-and-machine-readable-new-default-government- OMB’s IT Dashboard then aggregated agencies’ reporting reporting agencies’ then aggregated Dashboard IT OMB’s progress government-wide and summarized in real-time was summary this however performance, and each agency’s ar through Available in 2015. Dashboard the IT from removed chive.org at: https://web.archive.org/web/20130417085852/ at: chive.org http://www.itdashboard.gov/digitalgov would be reporting automated real-time publicly-transparent implementing progress agency measure OMB to by used later more For Initiative. Consolidation Center and the Data FITARA consolidation center data government-wide about information Infrastruc IT B: Chapter Policy see policies, and optimization
34. 32. 33. 30. 31. 29. 28. 27. 26. 25. Federal Shared Services D-1D-1D-1D-1 POLICY PAPERS PAPERS PAPERS PAPERS POLICY POLICY POLICY POLICY obtain from others who can provide best-inclass services. best-inclass services. can provide who others from obtain STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE — Partnership for Public Service - A Call to Action on Shared Services¹ Shared on Action Call to A - Service Public for — Partnership improve customer satisfaction, transparency, and, ultimately, and, ultimately, transparency, satisfaction, customer improve adoption. service shared increase adoption and establish a high-performing marketplace that that marketplace and establish a high-performing adoption and performance. delivery in service best practices proven leverages to due continues services shared of adoption agency Sporadic of the lack providers, of and expertise about quality concerns of and the challenges requirements, government-wide standard, agencies. between funds transferring performance measure to launched ProviderStat USSM recently to providers service shared across accountability and drive The use of shared services is estimated to generate between between generate to is estimated services shared use of The 2015 and between savings billion in cost $21.0 billion and $47.2 are avoidance cost and savings total utilized, fully 2025. Once year. at $47 billion per estimated and resources aggregate efficiently is to services shared of goal The effectiveness cost timeliness, and the quality, improve to systems Services Shared Unified The customers. to delivery service of service shared to drive created was (USSM) office Management critical choices about what their organization does well and what makes sense to sense makes what well and does organization their what about critical choices To become more efficient, government needs to reach the point where sharing or sharing where the point reach to needs government efficient, more become To Risk Cost
Policy
merging functions is routine, making use of scarce but critical expertise and building but critical of scarce making use routine, functions is merging high-quality capacity through economies of scale. It requires agency leaders to make make to leaders agency requires It scale. of economies through capacity high-quality
Accountability “ Summary Federal Shared Services Shared Federal Federal Shared Services D-2 shared services services shared intra-agency Furthermore, Furthermore, mission can also be impactful in improving costs, and increasing reducing function, an agency. across collaboration to continue services shared Federal in shared some challenges While evolve. already have implementation service will the government been addressed, of economies from benefit begin to only on agree agencies if scale in technology satisfy that requirements baseline common The goal of shared services is to efficiently efficiently to is services shared of goal The to and systems resources aggregate timeliness, and the quality, improve to delivery of service effectiveness cost government- leveraging By customers. can scale, agencies of wide economies and burdens administrative reduce more allowing collaboration, increase mission functions. core focus on to time POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE — Federal CIO Tony Scott³ Tony CIO — Federal shared services...And not just at the agency level, but level, the agency just at not services...And shared tons and tons and There's that. well below sometimes uniqueness." of tons We have a culture of every agency doing 100 percent doing 100 percent agency every of a culture have We few a of time, absent the most of work its own of
IT service delivery both inside and across inside and across both delivery service IT agencies.² redundancies and identified billions of billions and identified redundancies could be that savings in potential dollars to approach a shared adopting by achieved For example, a 2012 review of Federal Federal of a 2012 review example, For significant revealed investments IT agency drive efficiencies and cost-savings cost-savings and efficiencies drive Human functions such as in many Management. and Financial Resources Through the use of shared services, services, shared the use of Through to opportunity is tremendous there organizations of various magnitudes of organizations 10,000 IT and missions, and over government. Federal the across systems between Federal agencies. There are are There agencies. Federal between Branch Executive 300 approximately A shared service is a business or mission mission is a business or service shared A consumption for is provided function that or within multiple organizations by Overview Overview Federal Shared Services Shared Federal Federal Shared Services D-3 provide significant incentives for agencies for incentives significant provide government-wide.⁵ services share to has services shared of adoption Agency task. be an arduous to proven historically will government-wide adoption Successful and leadership sustained executive require and itself within the agency support from Administration. next the from services are implemented, total savings savings total implemented, are services budget annual the from avoidance cost and $47 billion up to be approximately would D1). Figure (see year”⁴ per cyber fiscal pressures, Recent rising customer vulnerabilities, and the hiring limitations, expectations, efficiently solutions more IT deliver need to POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE Figure D1: Projected Cost Savings Through the Use of Shared Services (2015-2025)⁶ Services Shared of the Use Through Savings Cost Projected D1: Figure billion and $47.2 billion. Once shared shared billion and $47.2 billion. Once the conservative range of cost savings over over cost savings of range the conservative $21.0 to be between is estimated years 10 service offerings. Potential cost savings cost Potential offerings. service example, “for For insignificant. not are operations, back-office government-wide boards, these customer requirements requirements these customer boards, their into can be built, as appropriate, appealing shared service solution. By By solution. service appealing shared providers service shared empowering management change associated and their gathering customer requirements on a on requirements customer gathering a more identify will help basis systematic agencies of all sizes. Recognizing that that Recognizing all sizes. of agencies requirements own their will have agencies processes, business based on existing Federal Shared Services D-4 Key Stakeholders Key Unified Shared Services Management Management Services Shared Unified (USSM) — GSA — GSA (FAS) Service Acquisition Federal and Innovation Financial of Office Treasury (FIT) — Transformation • • • LoB has the highest rate of adoption adoption of highest rate has the LoB Payroll for 99 percent government, across Resources Human core for percent and 65 further for the potential Given systems. significant avoidance, and cost savings cost additional for remain opportunities services. these shared of adoption POLICY PAPERS POLICY Figure D2: Shared Service Providers⁷ Service Shared D2: Figure STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE
and Financial Management. As shown in As shown Management. and Financial Resources Human the below, the figure of business (LoBs) - Human Resources Resources - Human business (LoBs) of services) other and Payroll (encompassing Currently, there are five Federal agencies agencies Federal five are there Currently, lines two across services shared offering investments, thus conserving resources resources thus conserving investments, efficiencies. and achieving broad adoption, sharing responsibilities for for responsibilities sharing adoption, broad and an agency within both tasks common duplicative reduce can among agencies known to the Federal government. Though Though government. Federal the to known for overcome to be need still hurdles Policy Evolution Policy well are services shared of benefits The Federal Shared Services D-5 Shared-First Uncle Sam's List Sam's Uncle Shared Management Financial Services Services Shared Unified Management E-Government Initiatives E-Government Business Lines of IT Commodity Intra-Agency Services
— 2015 — present 2012 Requires the adoption of shared services whenever whenever services shared of adoption the Requires agencies and delivery provider applicable, identifies for areas IT two of models, and the identification service. to a shared migration 2013 2013 2015 2001 2011 Implements the market research component of the of component research the market Implements to users for a location provides strategy, Shared-First and supplies providers, with service connect find and agencies. to guidance additional implementation for solutions service shared the use of Mandates systems, accounting core of modernizations future Federal existing for process an analysis provides and outlines communities providers, service shared adoption. service shared facilitate to Sets up cross-agency initiatives to provide services to services provide to initiatives up cross-agency Sets Internet- through government and business, citizens, included Initiatives and technologies. based tools and USAJOBS.gov. Grants.gov, Benefits.gov, and task agencies managing partner Designates government-wide shared of areas address to forces resources (e.g., human business support functions grants financial management, management, management).⁸ agency’s their leverage to CIOs agency Directs IT of duplication eliminate to power purchasing a show to CIOs agency Instructs investments. as a either services, shared the use of for preference as a provider. or customer Created at GSA to foster a Federal shared services services shared a Federal foster to GSA at Created government, good emphasizes that environment provider and service satisfaction, consumer innovation.⁹ OMB memo M-16-11¹⁰ establishes Supporting financial management, new for process a review investments system acquisition or human resources, options, service with shared alignment and their for establishes USSM as the managing partner and implementation new and provides ProviderStat, guidance. oversight 2004 Key Initiatives Key POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE including a summary of key government- key of including a summary and initiatives. wide strategies structure for shared services efforts across across efforts services shared for structure shift is This government. the Federal this paper, of section the next discussed in Management Initiative (USSM) at GSA GSA at (USSM) Initiative Management organizational out a comprehensive lays down mandatory approach towards towards approach mandatory down For marketplace. services building a shared Services Shared Unified the new example, and initiatives to encourage and increase increase and encourage to and initiatives top- a from shifted have services shared Over time, government-wide policies policies government-wide time, Over Federal Shared Services D-6 Initiatives are still active today: Grants. today: are still active Initiatives and Recreation.gov, Benefits.gov, gov, USAJobs.gov Led to initial improvements in the initial improvements to Led the with interact citizens that way using the Internet government government-wide on specific Focused such as one-stop offerings, service consolidation and payroll websites can service a shared of use Mandating levels service quality lower lead to adequately not does governance if feedback customer incorporate did this initiative by addressed Services the highest prioritize necessarily not value opportunities potential funding transfers interagency Requiring additional can draw services for pay to oversight or scrutiny to took a long time Migrations complete service shared future for way the Paved offerings websites the citizen-facing of Many E-Government by created originally • • • • • • • •
Impact E-Government Initiatives E-Government Key Strengths Key Challenges Policy POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE and internal efficiency and effectiveness. effectiveness. and efficiency and internal service areas: service to individuals, service service individuals, to service areas: service services, intergovernmental businesses, to were citizen-facing.¹¹ The resulting projects resulting The citizen-facing.¹¹ were E-Government as the became known general four on focused and Initiatives opportunities for government-wide government-wide for opportunities which of many solutions, service common In 2001, OMB established an established 2001, OMB In examine to Force Task E-Government 2001 2001 Initiatives E-Government Federal Shared Services D-7 Early exploration of the value the of exploration Early on collaboration interagency of business common standardizing processes and consistent strong Required OMB and agency by engagement services use of drive to leadership Business the Lines of by provided still LoBs active of a number are There the Human such as today, in existence Formulation Budget LoB, Resources Financial and LoB, and Execution LoB Management • • •
Lines of Business of Lines Key Strengths Key Challenges Policy Impact POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE Initial Lines of Business of Lines Initial Financial Management (FM) Management Financial (HR) Management Resources Human (GM) Management Grants (FHA) Architecture Health Federal Case Management (CM) Case Management • • • • • these efforts.¹³ these efforts.¹³ Resources Management (HR LoB) and (HR LoB) Management Resources which (FM LoB) Management Financial to commitment continued the illustrates present, the Shared Services CAP Goal Goal CAP Services the Shared present, Human for Business the Lines of highlights designated government-wide service service government-wide designated customer drive to sought and providers At to those providers. migrations agency as key opportunities for integration and integration for opportunities as key then approach LoB The consolidation.¹² spending. Cross-agency teams identified identified teams spending. Cross-agency Resources Human Management, Financial Management Grants and Management, improve the internal operations of Federal Federal of operations internal the improve IT duplicative reduce and further agencies In 2004, the initial shared services Lines Lines services initial shared 2004, the In to established were (LoBs) Business of 2004 2004 Business of Lines Federal Shared Services D-8 investments Required agencies to establish plans to agencies Required IT commodity redundant replace to enterprise or with consolidated services services used targets savings cost Developed PortfolioStat-related future track to savings IT commodity of examples While was definition no formal listed, were and ambiguity leading to provided, confusion potential consolidate to agencies Encouraged solutions significant offer but did not management legal, and policy, to challenges year first the after efforts PortfolioStat of on the progress follow-up did not plans consolidation IT commodity replace to agencies for cover Provided with and services systems disparate approaches and enterprise consolidated new for targets savings cost Established • • • • • • •
Intra-Agency Commodity IT Services IT Commodity Intra-Agency Key Strengths Key Challenges Policy Impact POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE independent licenses or agreements. agreements. or licenses independent either as a provider or consumer before before consumer or as a provider either one-off of the adoption considering shared services in commodity IT, OMB IT, in commodity services shared examine the first to agencies directed services shared adopting of possibility systems, and other administrative administrative and other systems, of the adoption accelerate To systems.¹⁵ of common functionality such as e-mail, functionality common of devices, mobile computers, desktop resources human systems, financial on consolidating intra-agency commodity commodity intra-agency on consolidating areas includes IT Commodity services. IT the 25-Point Implementation Plan to Plan Implementation the 25-Point As it Management.¹⁴ IT Federal Reform was the focus services, shared to relates the Administration to include a shared a shared to include Administration the Plan, Reform IT in its 2010 effort services The difficulties surrounding adoption adoption surrounding difficulties The led agencies within services shared of 2011 2011 Services IT Commodity Intra-Agency Federal Shared Services D-9 service approach” service on follow-up of is no evidence There each agencies of failure or the success to or migration” for areas “two selected progressed agencies whether determine time over services advanced more to Provided agencies with standardized standardized with agencies Provided on business and guidance vocabulary models various for responsibilities Identified identified stakeholders, services shared and defined funding models, available success for factors critical start, a good were requirements Policy basic guidance beyond go but did not to a migration for areas IT “two (e.g. approach”)¹⁹ service shared principle, the “Shared-First” Despite budget accept to OMB continued of expansion agency for requests with no negative systems non-shared consequences the IT have did not often Agencies provide to necessary infrastructure²⁰ shared services effective and efficient community the Federal to fruit” “low-hanging chose Agencies OMB’s to meet when selecting services to a shared migration for areas IT “two • • • • • • • Shared-First Policy Policy Impact Key Strengths Key Challenges POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE Submission of an enterprise an enterprise of Submission included the agency’s that roadmap Plan Consolidation IT Commodity Plan.¹⁸ Service and LoB Identification of two IT areas for areas IT two of Identification service to a shared migration and approach; • • requirements for agencies included: agencies for requirements on investment and close productivity gaps and close productivity on investment Key services.¹⁷ shared of the use through Shared-First, as described in the 2012 as described Shared-First, Shared Technology Information Federal return improve to sought Strategy, Services developed in the E-Government Initiatives, Initiatives, E-Government in the developed IT. and commodity Business, Lines of Shared-First¹⁶ was an effort to consolidate consolidate to an effort was Shared-First¹⁶ services upon the shared and improve 2012 Shared-First Federal Shared Services D-10 Explored a “marketplace” approach approach a “marketplace” Explored with providers service connecting to customers potential agreements, level service Ambiguous commercial from offerings competitive trust between and low providers, Federal and customers potential customer in low resulted providers interest accessibility outreach, agency Limited in breadth and lack of challenges, adoption reduced offerings service potential services offered of adoption Voluntary low was used widely not was List Sam’s Uncle discontinued eventually was and • • • • • Uncle Sam's List Sam's Uncle Key Strengths Key Challenges Policy Impact POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE program and terminated USL in 2015. USL and terminated program continued rates of low adoption led OMB adoption low of rates continued USSM the broader-scoped toward pivot to Potential customers could post requests for for requests could post customers Potential Though needs. their matched that services centralized, were offerings the service jobs, and professional services. Providers Providers services. jobs, and professional and contracts. services post available could government service providers with potential potential with providers service government commercial popular way the customers housing, did so for CraigsList like sites for agency collaboration.²¹ collaboration.²¹ agency for connect to was USL of goal The providers, contracts suitable for use by use by for suitable contracts providers, opportunities other and multiple agencies, this issue, OMB launched Uncle Sam’s List Sam’s launched Uncle this issue, OMB as an online marketplace (USL) in 2013 service shared available cataloged that that agencies encounter when trying towhen trying encounter agencies that To address and solutions. providers identify Another key challenge facing shared shared facing challenge key Another the difficulty has been adoption services 2013 — 2015 — 2015 2013 List Sam's Uncle Federal Shared Services D-11 Provided standards, migration guidance, guidance, migration standards, Provided other and frameworks, implementation in agencies assist designed to tools commercially- or government selecting shared management based financial services service provider to customize Difficult business agency diverse for offerings needs process business agency customer Potential difficult to often were processes offerings available match to reengineer program as a pilot acted effort The adoption services shared other for on a focusing government-wide, to start system mission-critical • • • • Financial Management Shared Services Shared Management Financial Key Strengths Key Challenges Policy Impact POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE
were later applied in the Unified Shared Shared Unified applied in the later were discussed effort Management Services below. management systems. Some of the of Some systems. management in this initiative attempted approaches Transformation (FIT) was established was (FIT) Transformation service shared new for office as a pilot financial of solutions in the area costs, the Department of the Treasury’s Treasury’s the of the Department costs, and Innovation Financial of Office OMB.²² risks and decrease mitigate to order In or modernization spending, pending an spending, modernization or services shared of re-evaluation agency by review and a further alternatives system modernization projects with $20 projects modernization system in planned development more million or improve the state of government-wide government-wide of the state improve required OMB financial management. all financial halt to agencies Act CFO Management (OFFM) looked to shared shared to looked (OFFM) Management and costs reduce means to as a services Services Financial Federal of Office 2013, OMB’s In 2013 — present — present 2013 Shared Management Financial Federal Shared Services D-12 Primarily, USSM is charged with with USSM is charged Primarily, optimize to vision a long-term establishing the Federal for model delivery a service capacity, addresses that government of challenges technology funding, and marketplace a balanced and creates today providers. and Federal commercial of the demand to agency USSM also aligns creates supply, of possible expansion successful to ensure best practices and establishes a implementation, for framework management performance and operations FSSP into transparency this depicts below figure The metrics. operations services shared of state future mission support functions. for POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE Figure D3: Future Concept of Operations for Mission-Support Functions²⁵ Mission-Support for Operations of Concept Future D3: Figure defined in OMB Memorandum M-16-11.²⁴ Memorandum in OMB defined Management, and Human Resources, as Resources, and Human Management, Services Shared in the current reflected was role USSM’s of Much Goals. CAP At present there is a strong focus on focus is a strong there present At Financial functions, cross-administrative efforts related to the original LoBs, LoBs, the original to related efforts Initiative, the Shared-First IT, commodity modernization. systems and financial shared services ecosystem. USSM’s USSM’s ecosystem. services shared includes perspective government-wide USSM.²³ USSM was placed within the placed was USSM.²³ USSM GSA, at Policy Government-wide of Office Federal the of management providing of Federal shared services was renewed renewed was services shared Federal of of establishment with the more once Management (USSM) Management adoption broad for the push 2015, late In 2015 Services Shared Unified Federal Shared Services D-13 POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE regulatory and policy barriers to to barriers and policy regulatory implementation organizations, processes, and processes, organizations, and taking a service- technology mission support to approach oriented functions office support centralized a Creating their manage should help agencies help mitigate and can migrations USSM has worked with the Shared with the Shared worked USSM has providers, Board, Governance Service vision a 10-year craft to and customers administrative of delivery service for functions will help USSM the long-term, Over of the full benefits realize agencies consolidating through services shared other shared services efforts still efforts services shared other approaches different including exist (SLAs), Agreements Service-Level to service timing, customer migration the assumption over concerns burdens, performance provider risk, and of management Provides guidance and support to both to both and support guidance Provides customers, and providers service shared and oversight as management well as perspective an enterprise-wide from with experienced challenges Previous • • • • • Unified Shared Services Management Management Services Shared Unified Policy Policy Impact Key Challenges Key Strengths Federal Shared Services D-14 To promote adoption adoption promote To While OMB’s focus on shared on shared focus OMB’s While of commodity IT.³⁰ Although agencies agencies Although IT.³⁰ commodity of Consolidation IT established Commodity 2012, there PortfolioStat as a part of Plans on these OMB followed-up is no evidence agencies asked or years plans in subsequent in-progress of status send updated to projects. completed of results or projects agencies to identify opportunities to identify to agencies functions IT commodity consolidate and intra-agency — including both In services. shared government-wide OMB process, the 2012 PortfolioStat 3 over of $2.5B savings potential identified duplicative of the reduction through years were those savings however, investments; shared of to the use attributable solely not savings services shared While services.²⁸ individual managing by been reported have OPM reported (e.g., agencies partner HR for avoidance and savings cost in $1.3B achieved 2014),²⁹ savings FY through LoB have services shared the use of through in the aggregate been measured not Goal CAP or PortfolioStat either through addition, In Updates. Progress Quarterly shifted process the 2013 PortfolioStat the consolidation from away the focus Examples the of Benefits the on Congress to Report of Lines and Initiatives E-Government Business. operational on both based was services savings, the limited cost and efficiencies a led to such measures of availability As these anecdotes. on qualitative focus metrics additional progressed, initiatives and adoption evaluated and assessments Some services. shared of performance made these metrics across inconsistencies from data compare accurately it difficult to year. to year 2012.²⁷ PortfolioStat OMB directed services, shared Federal of POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE performance metrics, to ensure that the the that ensure to metrics, performance demand.”²⁶ customer meeting solutions are expansive marketplace, it’s important that that important it’s marketplace, expansive and pricing cost expects the government consistent with coupled transparency, sustain their own systems and hire the and hire systems own sustain their an have we Because resources. right that, “[t]he market for Federal shared shared Federal for market “[t]he that, year $1 billion a than is more services to struggle as agencies and growing the government. In 2016, the director 2016, the director In the government. observed Angerman, USSM, Beth of four designated Financial Management Management Financial designated four more actually are there providers, across niche services offering agencies Though the shared services marketplace marketplace services the shared Though the as comprising of thought is generally work, and benefit from standardized standardized from and benefit work, outcomes. efficient produce that processes transaction work at lower costs, focus less costs, at lower work transaction systems and modernizing on maintaining and mission analytics on data and more services because agencies can leverage can leverage because agencies services perform to resources commonly-skilled Metrics and Oversight Metrics shared promoted have GSA OMB and Metrics and Oversight and Metrics in Emphasized Objective Primary Federal Shared Services D-15 OMB helped to OMB helped plans and progress of the Goal. of plans and progress leaders. In some cases, OMB focused on focused OMB cases, some In leaders. to leaders those of the ability expanding as shared agencies other serve directly in on elaborated focus a providers, service HR LoB, LoB, Management the Financial efforts. and FedStat Goal. CAP Services Shared these management and support expand reported efforts through services Goal CAP Services the Shared under goal CAP This on Performance.gov.³¹ progress the of updates quarterly publishes as well as and HR LoB, the FM LoB of use government evaluating metrics overall Goals, CAP other Like services. shared of leaders and government-wide the agency and OMB regularly meet this Goal of the into “deep-dive” a conducts leadership POLICY PAPERS POLICY Beginning Beginning STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE common management functions and direct functions and direct management common those toward agencies underperforming these cost, satisfaction, and operations and operations satisfaction, these cost, helped OMB and agencies metrics in leaders were which agencies identify added more customer satisfaction and satisfaction customer added more Together, metrics. efficiency operational categories of IT. IT. of categories Initiative Benchmarking the years, future In for each of their bureaus and overall. This This and overall. bureaus their each of for and resources human of areas included the sub- few well as a as financial management on their total and per-head spending in a spending and per-head total on their areas management or back-office of variety built on the commodity spending spending the commodity built on first in the identified originally areas GSA to reported Agencies PortfolioStat. GSA Benchmarking Initiative. Benchmarking GSA Initiative Benchmarking GSA’s in 2013, Federal Shared Services D-16 establish objective data and information and information data establish objective the suitability can evaluate so an agency requires This provider. service a shared of and understandable, making reliable, quality and service satisfaction accurate This each service. for available measures the existing allows model marketplace customer a potential decision-making of other or savings cost the validate to agency but services, shared business case for than the adoption less overall lead to may this approach model. However, mandatory substantive more also lead to could valuable services. of adoption Lessons Learned Lessons government-wide to increase Attempts and measuring services shared of adoption from time over has changed impact their use the requiring mandate a top-down used in (as services shared certain of to and, Initiatives the E-Government a of more to the FM LoB) some degree, efforts Previous approach. marketplace USSM of the establishment led to have the focused on entity as a centralized facilitate to these services of management adoption. increased of the goal on establishing USSM is focused Currently, evaluating for framework a performance goal One services. shared and promoting is to framework performance USSM’s of POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE where supply may not be adequate. not may supply where This data will assist agencies in making will assist agencies data This decisions about possible informed USSM and OMB will inform and providers of those issues, and data to compare the compare to issues, and data those of the marketplace. of performance overall will identify common challenges that that challenges common will identify for opportunities today, face providers USSM and OMB to assist in resolution best practices established by the Shared Shared the by established best practices ProviderStat Board. Governance Service transparency into provider costs and costs provider into transparency and a metrics, pricing, performance on provider based assessment maturity approach is ProviderStat, a performance a performance is ProviderStat, approach demands that framework management comply with M3.” with M3.” comply the USSM of component Another (e.g. financial management, human financial management, (e.g. and/or system acquisition) or resources, must migration or modernization service framework, but according to its website website its to but according framework, an administrative evaluating agencies “all health of the migrations in a repeatable repeatable in a the migrations health of to early is too It way.³² and consistent this use of USSM’s the impact of evaluate Review Process, with OMB, provider, provider, with OMB, Process, Review assess the to involvement, and customer planning, selection of a provider, and a provider, of planning, selection services. shared of implementation an Investment includes framework This of administrative IT solutions or services. services. or solutions IT administrative of the through agencies M3 helps guide Modernization and Migration Management Management Migration and Modernization to agencies for process a (M3) Framework, replacement the for planning when follow USSM M3 Framework and ProviderStat. ProviderStat. and Framework M3 USSM the released USSM 2016, August In Federal Shared Services D-17 — Agency CIO Agency — shared services provider. services shared Providing a shared service service a shared Providing goes wrong. There’s lots of of lots There’s wrong. goes can be a potential liability... It liability... be a potential can responsibility that goes beyond beyond that goes responsibility becomes your fault if something something if fault your becomes your agency’s mission if you are a are you mission if agency’s your to those in the private sector around basic around sector those in the private to example, For considerations. operational such (IAAs) Agreements Inter-Agency are (SLAs) Agreements Level as Service as business to enforceable as easily not is in part due to This business contracts. do not agencies government that the fact may not align not may with explicitly the agency's mission, own further and risks. In these costs increasing risks in costs and of range addition, the depends in part service a shared providing of objectives mission of variety on the in those Differences agencies. customer requirements missions can affect agencies’ and privacy security of the level (e.g., to not storage), data for required controls may providers service shared that mention from home direction conflicting receive Services Shared and USSM’s agencies Board. Governance service shared Federal addition, In relative constraints different face providers FINDING #1 FINDING Increases Services Shared Providing to and Can Lead and Burden Risk Agency Service. of Quality Lower face services shared who offer Agencies of the needs meet scaling to challenges remain base and to customer a growing providers, other versus competitive sector. the private those from especially additional entails a provider Becoming carefully must agencies and risks, and costs agreeing the business case before evaluate some instances, In a provider. become to becoming a provider POLICY PAPERS POLICY
STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE
branch and the vendor community. community. vendor and the branch well as sustained engagement with key key with as sustained engagement well the executive outside of stakeholders legislative the – in particular, branch systems.³³ However, this will require the will require this However, systems.³³ as management of senior full attention save money and improve service delivery delivery service and improve money save or replacing of benefit with the added and legacy infrastructure outdated retiring across the Federal government are clear. clear. are government Federal the across can services shared use of increased The and Findings and of shared and benefits opportunities The broadly more and agencies within services Agency Observations Agency Federal Shared Services D-18 performance in Federal shared services, services, shared in Federal performance the all of evaluate must carefully agencies whether when deciding risks and benefits provider. a service become to FINDING #2 FINDING may offerings service shared Intra-agency agencies. other to scale effectively not in providing performance agency Strong does own bureaus to its a specific service good a agency that make automatically not across service that provide to candidate small agencies some cases, In government. to up services scaling difficulty have may with and agencies agencies, Federal larger hard find it may risk cybersecurity a low agencies to services certain provide to a of be the target to likely more which are better to drive In order attack. cyber major POLICY PAPERS POLICY do for contracts. contracts. do for Additionally, agencies government with must comply hiring of a number and retention and policies laws STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE reliable services. reliable CIO Agency — There’s no accountability accountability no There’s providing for SLAs) (via and cost-effective
changes in government operations, which operations, in government changes as adoption service shared increase could improvements. other as facilitate well low.³⁴ Fixing these constraints should be these constraints Fixing low.³⁴ positive around the conversation part of reported in Federal Shared Services CAP CAP Services Shared in Federal reported value with satisfaction customer KPIs, Goal relatively was the HR LoB) (for services of can actually lead to lower levels of of levels lower lead to can actually example, as For satisfaction. customer ability to make long-term investments in investments long-term make to ability As such, mandating improvements. service government across usage service shared Federal agencies also typically face highly highly face also typically agencies Federal their reducing budgets, annual constrained that are not found in the private sector. sector. the private in found not are that for addressing breaches of interagency interagency of breaches addressing for organizations sector as private agreements have access to the same legal recourse recourse the same legal to access have Federal Shared Services D-19 accountability sessions, designed to to sessions, designed accountability service in the shared transparency foster a performance provide and to marketplace shared Federal for process review with shared working USSM, services.³⁸ and OMB, customers, providers, service to identify ProviderStat utilize seeks to establish common challenges, shared mechanisms, reporting develop metrics, satisfaction.³⁹ customer and measure FINDING #4 FINDING increase could accountability Increasing adoption. noted CIOs agency many forward, Moving for measures accountability standard that improve could providers service shared Federal and increase confidence customer stated They adoption. service shared flexibility, information, providing that customers service shared for and choice and quality the competitiveness improves offerings. service shared Federal of ProviderStat new up USSM is also setting POLICY PAPERS POLICY — Agency CIO Agency — facilitate that process. facilitate but it’s not efficient for for efficient not but it’s to move money between between money move to departments. The typical typical The departments. the task — the justification the justification — task the Most department CIOs will CIOs department Most vehicle is the Economy Act, Act, the Economy is vehicle STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE tell you it takes about a year year about a takes it you tell need a Shared Services Act to to Act Services a Shared need process is too long. Maybe we we long. Maybe too is process the adoption of shared services. shared of the adoption barriers can cause year-long delays for for delays year-long can cause barriers curtailing significantly funding transfers, Collectively, these issues both complicate complicate these issues both Collectively, reported, CIOs As many funding. and delay these legal, institutional, and cultural requirements for basic needs like service service basic needs like for requirements bureaus. across and security uptime a single customer agency to support to agency a single customer This bureaus. agency’s that all of some or varying by complicated be further may within the same agency, requiring provider provider requiring within the same agency, with IAAs multiple into enter to agencies be required to submit reprogramming submit reprogramming to be required In Congress. notify otherwise or requests funding rules apply some cases, different The barriers are even higher when moving when moving higher even are barriers The may Agencies agencies.³⁷ funds across Act of 1932,³⁶ have strict requirements as strict requirements 1932,³⁶ have of Act transfer. an allowable constitutes what to However, However, that the laws as the Economy underpin these IAAs, such on IAAs to on IAAs to funds.³⁵ transfer service providers providers service and customers rely typically purposes. For purposes. For shared example, laws governing how Federal appropriations appropriations Federal how governing laws can be spent what and for Interagency financial agreements can be financial agreements Interagency and policies of variety a to challenging due Transfer of Funds Between Agencies Agencies Between Funds of Transfer Challenges. Present FINDING #3 FINDING Federal Shared Services ------D-20 - - - - - https://www. http://www.gao.gov/as https://www.whitehouse. https://www.whitehouse.gov/ https://www.whitehouse.gov/sites/de https://cio.gov/wp-content/uploads/down https://www.whitehouse.gov/sites/default/files/ ) in action item #6 ) in action item https://www.dhs.gov/sites/default/files/publications/digi GAO-13-796T. Information Technology: OMB and Agencies Agencies OMB and Technology: Information GAO-13-796T. to Initiatives Major Implement Effectively More to Need 7/25/2013. Dollars. of Billions Save sets/660/656191.pdf Line Resources Human Management. Personnel of Office 4/14/2015. Framework. Strategic Business of opmgov/services-for-agencies/hr-line-of-business/strate gic-framework/hr-lob-strategic-framework.pdf ing role in many other IT policy areas, see Policy Chapter B: IT B: IT Chapter see Policy areas, policy IT other in many ing role Modernization Infrastructure Guide. Implementation Services Shared Federal CIO Council. 4/16/2013. loads/2013/04/CIOC-Federal-Shared-Services-Implementa tion-Guide.pdf solution in service a shared apply to mandate previous The from over held modernization systems financial management was (FMLoB) Business Line of Management the Financial Through Systems Financial M-13-08. Improving removed. 3/25/2013. Services. Shared sites/default/files/omb/memoranda/2013/m-13-08.pdf Blog. House White The Roth. Turner and Denise Mader David 10/22/2015. Services”. Shared of Implementation “Scaling https://www.whitehouse.gov/blog/2015/10/22/scaling-imple mentation-shared-services Shared Through Functions Administrative M-16-11. Improving 5/4/2016. Services. fault/files/omb/memoranda/2016/m-16-11.pdf Management Services Shared Unified by provided Graphic 2016 December author, to comments Angerman, Elizabeth Policy see PortfolioStat, about information detailed more For IT of and Oversight A: Management Chapter The initial focus on commodity IT (i.e., desktop, mobile de (i.e., desktop, IT commodity focus on initial The such items of complexity low the relatively due to was vices) human (e.g., services business support to when compared geospatial). (e.g., services and mission support resources) in determin challenges OMB faced and agencies Nonetheless, OMB A subsequent IT. commodity of definitions ing common pro but did not IT, Commodity of examples memo provided Informa term. M-11-29. Chief of the vide a specific definition 8/8/2011. Authorities. Officer tion gov/sites/default/files/omb/memoranda/2011/m11-29.pdf the 25-Point in articulated first was concept “Shared-First” The Management IT Federal Reform to Plan Implementation ( tal-strategy/25-point-implementation-plan-to-reform-feder al-it.pdf Strategy. Services Shared Technology Information Federal 5/2/2012. omb/assets/egov_docs/shared_services_strategy.pdf Ibid Ibid its underly and infrastructure about IT information more For 28. 29. 21. 22. 23. 24. 25. 26. 27. 15. 16. 17. 18. 19. 20. ------POLICY PAPERS POLICY
https://www.white https://ourpublicservice.org/ https://ourpublicservice.org/ https://www.performance.gov/ STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE https://www.whitehouse.gov/omb/ https://www.ussm.gov/why/about-
; and E-Government Strategy: Simplified Strategy: ; and E-Government https://www.whitehouse.gov/sites/de https://www.whitehouse.gov/sites/default/ http://fedscoop.com/tony-scott-wants-to-see- https://www.dhs.gov/sites/default/files/publica https://ourpublicservice.org/publications/down
agement. Point A.6: “Develop a strategy for shared services”. services”. shared for a strategy A.6: “Develop Point agement. 12/9/2010. tions/digital-strategy/25-point-implementation-plan-to-re form-federal-it.pdf vices”. FY 2016 Q3 Update. 2016 Q3 Update. FY vices”. node/3398/view?view=public#progress-update Man IT Federal Reform to Plan Implementation 25-Point https://georgewbush-whitehouse.archives.gov/omb/egov/c-6- lob.html Ser Shared Goal: Priority “Cross-Agency Performance.gov. Delivery of Services to Citizens. 2/27/2002. 2/27/2002. Citizens. to Services of Delivery house.gov/sites/default/files/omb/inforeg/egovstrategy.pdf Business”. of “Lines Archives. Presidential Bush W. George M-01-28. Citizen-Centered E-Government: Developing the Developing E-Government: M-01-28. Citizen-Centered Plan. 7/18/2001. Action memoranda_m01-28 M-16-11. Improving Administrative Functions Through Shared Shared Through Functions Administrative M-16-11. Improving 5/4/2016. Services. fault/files/omb/memoranda/2016/m-16-11.pdf Unified Shared Services Management. “About Unified Shared Shared Unified “About Management. Services Shared Unified Management”. Services ussm/#.V9BqnCgrKM8 FY 2018 IT Budget – Capital Planning Guidance. 6/30/2016. Guidance. – Capital Planning Budget 2018 IT FY https://www.whitehouse.gov/sites/default/files/omb/assets/ egov_docs/fy18_it_budget_guidance.pdf Graphic provided by Unified Shared Services Management Management Services Shared Unified by provided Graphic the of 48 see page Business, of Lines of listing a complete For Partnership for Public Service. “Building a Shared Services Services a Shared “Building Service. Public for Partnership Services Shared the from Recommendations Marketplace: 05/2015. pp 22-24. Roundtable.” publications/viewcontentdetails.php?id=470 For further information on cybersecurity shared services and services shared cybersecurity on information further For Chapter see Policy such as the EINSTEIN program, programs, E: Cybersecurity Marketplace: Recommendations from the Shared Services Services Shared the from Recommendations Marketplace: 05/2015. pp 24. Roundtable.” publications/viewcontentdetails.php?id=470 more-sharing-among-agencies Services a Shared “Building Service. Public for Partnership files/omb/assets/egov_docs/shared_services_strategy.pdf than just info" sharing more means "Cyber Scott: Tony 11/17/2015. load.php?id=758 Strategy. Services Shared Technology Information Federal pp 3-4. 5/2/2012. Available at at Available
14. 13. 12. 11. 10. 9. 7. 8. 6. 5. 4. 3. 2. 1. Notes Federal Shared Services D-21 ------https:// https:// POLICY PAPERS POLICY https:// https://www.ussm.gov/ and Performance.gov. and Performance.gov. https://www.whitehouse. https://www.doi.gov/ibc/ https://www.performance. https://www.performance. https://www.ussm.gov/provid STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE
https://www.performance.gov/node/3398/ vices”. Quarterly Progress Update. Update. Progress Quarterly vices”. gov/content/shared-services#progress-update Support through ProviderStat”. ProviderStat”. through Support erstat/#.V9b305MrIUE Ser Shared Goal: Priority “Cross-Agency Performance.gov. accounts unless expressly permitted in law or with approval of of with approval or in law permitted unless expressly accounts committees appropriations and Senate the House Mission “Improving Management. Services Shared Unified CODE-2009-title31-subtitleII-chap15-subchapIII-sec1535. htm appropriations funds between transfer cannot Agencies 31 U.S.C. § 1535. The Economy Act (and amendments). amendments). (and Act Economy The § 1535. 31 U.S.C. www.gpo.gov/fdsys/pkg/USCODE-2009-title31/html/US OFPP Memorandum. Improving the Management and Use of of and Use the Management Improving Memorandum. OFPP 6/6/2008. Acquisitions. Interagency gov/sites/default/files/omb/assets/procurement/iac_revised. pdf gov. “Cross-Agency Priority Goal: Shared Services”. FY 2016 FY Services”. Shared Goal: Priority “Cross-Agency gov. Q2 Update. view?view=public#progress-update While overall customer satisfaction with providers in the HR providers with satisfaction customer overall While 80%), of a target versus (73% the target close to was LoB well below was services of value with satisfaction customer 80%). Performance. of a target versus (52% actual the target ernments. These efforts resulted in $24 million in potential potential in $24 million in resulted efforts These ernments. Source: savings. government-wide about-us/success-stories In 2014, the Department of the Interior’s Interior Business Business Interior the Interior’s of 2014, the Department In non-profit of mix with a 1,202 agreements negotiated Center gov and local Indian tribal, state, well as as organizations General Services Administration. “Introduction to Moderniza to “Introduction Administration. Services General (M3)”. Management Migration tion and m3/#.WByCOuErKVu sion-Support Operations”. Quarterly Progress Update. Update. Progress Quarterly Operations”. sion-Support www.performance.gov/node/3397/view?view=public#over view Performance.gov. ‘Cross-Agency Priority Goal: Shared Ser Shared Goal: Priority ‘Cross-Agency Performance.gov. Update. Progress Quarterly vices”. gov/content/shared-services#overview Mis and Improve Benchmark Goal: Priority “Cross-Agency ening Federal IT Portfolio Management. 3/27/2013. Management. Portfolio IT ening Federal www.whitehouse.gov/sites/default/files/omb/memoran da/2013/m-13-09.pdf M-13-09. Fiscal Year 2013 PortfolioStat Guidance: Strength Guidance: 2013 PortfolioStat Year Fiscal M-13-09. 39. 38. 37. 36. 35. 34. 33. 32. 31. 30. Cybersecurity
E-1E-1 Office of Management and Budget, and Management of Office in a November 2016 CIO.gov blog post blog 2016 CIO.gov in a November Privacy, Civil Rights, and Civil Liberties are preserved. preserved. and Civil Liberties are Civil Rights, Privacy, POLICY PAPERS PAPERS POLICY POLICY Government where the People’s Information is protected and is protected Information the People’s where Government — Gen. Gregory Touhill, U.S. Chief Information Security Officer, Officer, Security Information Chief U.S. Touhill, Gregory — Gen. Our cybersecurity goal is simple: To support an Open and Transparent Transparent and support an Open To is simple: goal cybersecurity Our STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE building the Federal cyber workforce and budget processes; processes; and budget workforce cyber building the Federal securing the IT; centralized standardized, of the use promoting and authorization. and securing authentication network; Management (OPM) data breaches highlighted the vulnerability vulnerability the highlighted breaches data (OPM) Management attention greater and prompted systems IT the government’s of progress. and initiatives cybersecurity on Federal from shifted have efforts cybersecurity Federal Recently, processes documentation-driven compliance-oriented, Federal tools and processes. automated continuous, to managing cybersecurity areas: key span six efforts cybersecurity and threats, assets data understanding the enterprise; throughout for cybersecurity, a 35 percent increase over FY 2016 funding 2016 FY over increase a 35 percent cybersecurity, for to make and funding is needed public attention Sustained levels. area. policy in this key progress often they said (CIOs) Officers Information Chief of number A safeguards incorporate to quickly the flexibility have do not to lengthy due vulnerabilities newly-discovered address to and and hiring processes procurement Federal and complex priorities. competing Personnel of Office such as the incidents High-profile The proposed FY 2017 President’s Budget requests $19 billion $19 billion requests Budget 2017 President’s FY proposed The Risk Cost Policy
Accountability “
Summary Cybersecurity Cybersecurity E-2 Efforts to improve how how to improve Efforts enterprise. This includes government- This enterprise. initiatives oversight and wide reporting Federal on reporting such as agency Modernization Security Information (FISMA) implementation, Act and the President’s Reviews, CyberStat (PMC) Council Management Assessment. Cybersecurity Managing Cybersecurity Throughout Throughout Managing Cybersecurity the Enterprise: and plan for, for, budget agencies cybersecurity and oversee implement agency the activities throughout related 1. Federal initiatives and performance metrics performance and initiatives Federal over evolved have cybersecurity to related areas: key six focus on to time POLICY PAPERS POLICY Transition to IPv6 Transition STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE 1 or destruction, and includes ensuring or and non-repudiation information and authenticity; which means ensuring Availability, of to and use reliable access and timely information. and disclosure, including means for means for including and disclosure, and privacy personal protecting information; proprietary against which means guarding Integrity, modification information improper Confidentiality, which means preserving which means Confidentiality, on access restrictions authorized
• • • vector from their infrastructure, and enable secure innovations such as the Internet of Things. of Internet such as the innovations and enable secure infrastructure, their from vector National Action Plan “Secure by Design” approach and the DHS Continuous Diagnostic Mitigation Mitigation Diagnostic Continuous and the DHS approach Design” by “Secure Plan Action National to IPv6 agencies implement emphasizing continue CIO and CISO should Federal The initiative. (CDM) attack this remove to IPv4 protocol the legacy decommission strategically business continuity, ensure cybersecurity posture. Specifically, native, end-to-end IPv6 environments enable cybersecurity staff staff enable cybersecurity environments IPv6 end-to-end native, Specifically, posture. cybersecurity Cybersecurity the supporting both directly infrastructure network of view an unobstructed have to The transition from IPv4 to a more modern IPv6 does more than just enable an expansion of of expansion than just enable an modern IPv6 does more to a more IPv4 from transition The their to improve it can enable agencies IPv4 addresses, of the exhaustion due to devices internet
disclosure, disruption, modification, or modification, disruption, disclosure, to provide: destruction in order protection of information and information information and information of protection use, access, unauthorized from systems interchangeably with the term “information “information term the with interchangeably of Office the by and is defined security” as the (OMB) and Budget Management What is Cybersecurity? What used is often Cybersecurity Overview Overview Cybersecurity Cybersecurity E-3
3 Key Stakeholders Key Security (DHS) Security Administration Services General Office of the Federal Chief Information Information Chief Federal of the Office (OFCIO) Officer Security Information Chief Federal (FCISO) Officer Budget, and Management of Office Security and National Cyber Cyber) (OMB Unit Management President’s The (PMC) Council CIO Council Federal Security Information Chief Federal Council Officer Council (NSC) Security National National of Director of the Office (ODNI) Intelligence Commerce, of Department Standards of Institute National (NIST) Technology and Homeland of Department White House Cybersecurity Coordinator Cybersecurity House White Government-wide shared services services shared Government-wide existing supplement or augment can while providing services, agency without agencies for services new example, For capabilities. existing Diagnostics the Continuous both Tools Program (CDM) and Mitigation as Monitoring and the Continuous Purchase Blanket (CMaaS) a Service a consistent provide (BPA) Agreement identity, asset, government-wide of set can that tools management and event needed and data capabilities provide of posture security the strengthen to networks. agency • • • • • • • • • • • • 2 POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE he federated IT IT he federated A series of actions to identify, identify, to actions of series A buying power, standardize IT IT standardize buying power, economies realize capabilities, and data. aggregating scale from of to maintain adequate capabilities. adequate maintain to a both necessitates problem This Federal the of consolidation further and an footprint IT government centralized shared, of expansion Federal leverage better to services capabilities in an efficient, cost effective effective cost efficient, capabilities in an this model, all agencies, Under manner. are mission, or size of regardless IT their maintaining for responsible resources, security and information struggle organizations and many Promoting the Use of Standardized, Standardized, of Use the Promoting T IT: Centralized prevalent is that approach management today government the Federal across improving to challenges presents IT and delivering cybersecurity recruit, develop, retain, and expand expand and retain, develop, recruit, the of skill set the cybersecurity while recognizing workforce, Federal in roles vital also play contractors that cybersecurity. Federal adversaries. These assets may contain contain may assets These adversaries. other or instructions, controls, sensitive national to is critical that information functionality. operational or security Cybersecurity to Access Federal Building Talent: The prioritized identification and identification prioritized The value information high of protection (HVAs) Assets Value High and systems. facilities, systems, government are may that datasets and aggregate data, to potential interest particular be of Understanding Data Assets and Threats: Threats: and Assets Data Understanding 4. 3. 2. Cybersecurity E-4 Securing Securing Securing Authentication and Authentication Securing and Credential, Identity, – Authorization (ICAM): Management Access by networks and systems information controlling and understanding better resources which access which users This users. those of rights and the identity, to strengthen includes efforts management, access and credential, and remote mobile devices secure prevent threats, insider address access, permissions. user and manage loss, data 6. POLICY PAPERS POLICY Modernization Modernization STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE networks, such as CDM and EINSTEIN, networks, on building new focus to CIOs allow with the and services applications and the network that confidence secure. appropriately are infrastructure providing a standardized approach to to approach a standardized providing authorization, assessment, security for monitoring and continuous other and FedRAMP cloud services. to provide efforts government-wide Federal capabilities to secure common have also raised important questions questions important also raised have in this new data of about the protection Federal the like Efforts environment. Management Authorization and Risk can help agencies (FedRAMP), Program by cloud of the promise leverage based solutions, for instance, offer offer instance, for based solutions, access network on-demand convenient, that resources IT pool of a shared to However, provisioned. can be rapidly many offer services while cloud-based computing, they Federal for benefits of the Federal government’s IT IT government’s Federal the of to upgrades through infrastructure data systems, inefficient and insecure to and transition consolidation, center to a more a path offers cloud services, Cloud- IT portfolio. and secure efficient Securing the Network: the Network: Securing 5. Cybersecurity E-5
- Gen. Gregory Touhill, Touhill, Gregory - Gen. Office of Management and Budget, and Management of Office goal, which is managing the risk to the to the risk which is managing goal, technology we sometimes miss the real the miss sometimes we technology Cybersecurity is much more than just a is much more Cybersecurity issue. When we focus exclusively on the on exclusively focus we When issue. the information the technology supports. technology the the information U.S. Chief Information Security Officer, Officer, Security Information Chief U.S. in a November 2016 CIO.gov blog post blog 2016 CIO.gov in a November confidentiality, integrity and availability of availability and integrity confidentiality, 2009 Cyberspace Policy Review Review Policy 2009 Cyberspace Review), (60-day Sprint 2015 Cybersecurity Sprint), (Cyber and Strategy 2015 Cybersecurity (CSIP), and Plan Implementation Action National 2016 Cybersecurity (CNAP). Plan technology fix—rather it is a risk management it is a risk management fix—rather technology • • • • Since 2009, a number of policy initiatives initiatives policy of 2009, a number Since the improve to undertaken were The posture. cybersecurity government’s the: are these of most notable
5 POLICY PAPERS POLICY Federal Federal STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE Congress enacted this law this law enacted Congress
4 . Federal Information Security Modernization Modernization Security Information Federal 2014 of Act Institute of Standards and Technology Technology and Standards of Institute efforts. in government-wide (NIST) play in the this law updated 2014, Congress In such activities. FISMA identified the role the identified such activities. FISMA OMB, DHS, and the National agencies, to improve the effectiveness of security of security the effectiveness improve to systems information Federal for controls of oversight adequate ensure and to Information Security Management Act Management Security Information 2002. (FISMA) of The early cornerstone of today’s Federal Federal today’s of cornerstone early The is the efforts cybersecurity 21.5 million Federal employees at risk of risk of at employees 21.5 million Federal theft. identity compromise of personally identifiable identifiable personally of compromise clearance (PII) and security information put approximately details background 2015 breach at the Office of Personnel Personnel of the Office at 2015 breach the involving (OPM) Management profile incidents have highlighted the need highlighted have incidents profile vulnerabilities longstanding address to the notably, Most systems. IT in Federal held in the government’s databases that that databases held in the government’s high- Several services. support those government services with electronic and with electronic services government in the growth and the rapid digital services information of variety and size, sensitivity, importance in recent years, driven by by driven years, in recent importance legacy replace to efforts the continuing Background greater on has taken Cybersecurity Cybersecurity E-6 The The 12 This plan: This 13 and established a Sprint Team Team a Sprint and established (HVAs) and critical system architecture, architecture, system critical and (HVAs) operations a “security and designate each agency; at center” plans and documents, new Requires shared such as an OMB cybersecurity the Security plan, an Improving services Transactions Financial Consumer of NIST Plan, and new Implementation from recover to on how guidance incidents; during the actions emphasized Extends such as tightening Sprint, Cybersecurity and practices, policies, user privileged critical and addressing procedures through identified vulnerabilities and within 30 days; scanning the oversee the PMC to Designates effort in an the CSIP, of implementation stayed leadership agency ensure to in supporting CIO and CISO engaged organizations. their within functions Reiterates agencies’ responsibilities responsibilities agencies’ Reiterates cybersecurity ongoing of a number for initiatives; such as agencies actions, Assigns new value assets high their must identify 11 • • • • • Capitalizing on this spotlight, OMB spotlight, on this Capitalizing This Sprint. Cybersecurity a initiated critical actions of set a identified effort 30 within take to agencies Federal for days the of review lead an intensive to cybersecurity government’s Federal practices. and policies, procedures, Sprint the from resulting recommendations 2015 October an led to review Team’s titled “Cybersecurity OMB memorandum Plan” and Implementation Strategy (CSIP). POLICY PAPERS POLICY as 8
7 and include 6 In 2009, the 2009, In 10 STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE and announcing other and announcing other 9 and Chief Information Security Officer Officer Security Information and Chief agencies. within their function (CISO) The OPM cybersecurity breach in 2015 breach OPM cybersecurity The agency of attention the refocused sharply supporting CIO of heads on the criticality ensure cybersecurity was resourced and resourced was cybersecurity ensure delivery. with program on par prioritized of Federal networks, systems, and data data and systems, networks, Federal of challenge to be an important continued to struggled often post-2009, agencies 30-day Cybersecurity Sprint and CSIP. and CSIP. Sprint Cybersecurity 30-day the cybersecurity strengthening While related national cybersecurity documents, documents, cybersecurity national related and plans. strategies, for holding agencies accountable for their their for accountable holding agencies for CyberStat OMB’s through performance process, Review Agenda, defining performance metrics for for metrics performance defining Agenda, establishing a mechanism cybersecurity, Council, establishing a Cybersecurity establishing a Cybersecurity Council, Goal (CAP) Priority Cross-Agency Management the President’s a part of appointing a White House Cybersecurity Cybersecurity House White a appointing Security in the National Coordinator report to the President, to report which recommendations of a number implemented: House White the the Federal government. The Review’s Review’s The government. the Federal 2009 May a published in were findings new Administration conducted a 60- conducted Administration new policies cybersecurity of Review day of and outside inside and structures Cyberspace Policy Review (60-day Review) Review) (60-day Review Policy Cyberspace Actions. Resulting and Cybersecurity E-7 to identify, recruit, develop, recruit, develop, identify, to A 35 percent increase over the over increase 35 percent A 17 16 relationship of agency CISOs to program to program CISOs agency of relationship management senior and other leaders help ensure could such as CFOs leaders integrate to setup are agencies that practices, concepts, security information decisions agency throughout and initiatives level. a senior at government. In addition, the CNAP addition, the CNAP In government. the first- of implementation directed Workforce Cybersecurity Federal ever Strategy and service, Federal for talent and retain Fund (ITMF) Modernization an IT proposed funding $3.1 billion in dedicated provide to or replace to agencies encourage to and systems critical modernize otherwise equipment. CIO Federal by the spearheaded Initiatives House White the of the direction under Sprint, and the PMC, such as the Cyber A sustained results. yielded positive have in officials the highest-ranking from focus the cyber drive to can serve government better- leading to process, risk management and information data Federal protected role and the revisiting Additionally, systems. The FY 2017 Budget proposes more more proposes Budget 2017 FY The cybersecurity Federal for billion $19 than efforts. resources 2016, these of level funding improve help agencies to intended are help private posture, cybersecurity their and individuals organizations sector and disrupt themselves, protect better respond and activity, adversary deter of the Many incidents. to effectively more would in the CNAP described initiatives funding. use this expanded a new also established CNAP The Federal position, leadership cybersecurity Officer Security Information Chief government- position drives This (FCISO). planning, policy, wide cybersecurity Federal the across and implementation POLICY PAPERS POLICY 15 STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE 14 security of “internet of things” devices, things” of “internet of security Department of and doubling the number (DHS) cybersecurity Security Homeland of assist private to available advisors in critical involved organizations sector infrastructure. Highlights new and continued initiatives and continued new Highlights security critical infrastructure “enhance to such as establishing and resilience,” Cybersecurity for Center a National the Cybersecurity developing Resilience, the improve to Program Assurance Highlights new and continued privacy privacy and continued new Highlights such as the 2014 initiatives, and security of re-launch and the Initiative BuySecure designed to together IdentityTheft.gov, fraud card credit from Americans protect and theft; and identity the Federal workforce and catalyzing workforce the Federal education in cybersecurity investment science computer a robust as part of the President’s curriculum through Initiative; All for Science Computer Highlights a number of new initiatives new of a number Highlights 2017 in the FY funding with expanded on including a focus Budget, President’s workforce the cybersecurity expanding loan forgiveness enhancing student by joining experts cybersecurity for programs Commits to work with industry to with industry work to Commits authentication multi-factor encourage Internet public-facing throughout action a new release and to services multi-factor use of government plan for authentication; Creates the Federal Chief Information Information Chief Federal the Creates (FCISO); Officer Security Technology the Information Proposes Fund (ITMF); Modernization Establishes the Commission on Enhancing the Commission Establishes Cybersecurity; National • • • • • • • The Cybersecurity National Action Plan Action National Cybersecurity The (CNAP): a longer-term strategy to enhance enhance to strategy a longer-term and protections. awareness cybersecurity House published a fact sheet announcing announcing sheet a fact published House to improve actions near-term of a set for way the and pave cybersecurity, CNAP and FY 2017 President’s Budget. Budget. President’s 2017 FY and CNAP White 2016, the in the CSIP, on Building Cybersecurity E-8 21
20 publications publications
18 Common Common and the procedures by which an by and the procedures 19 After twelve years, an amendment an amendment years, twelve After passed before DHS was established). was DHS passed before OMB issuing 2014 also led to FISMA A-130 Circular of revision the first as a Information of “Management 2000. since Resource” Strategic include regular reporting on a standard on a standard reporting include regular by capabilities cybersecurity of set FISMA an annual agencies, Federal OMB to Congress from report from metrics summarizing performance of the categorization all the agencies, guidelines (these risk level by systems as “FISMA to referred typically are and “FISMA Moderate,” “FISMA High,” Low”) a of the operation authorizes agency in its environment. system – law signed into was FISMA to Security Information the Federal This 2014. of Act Modernization modifications, several provides update government- such as clarifying OMB’s and role oversight wide cybersecurity administer to responsibility DHS’s cybersecurity of the implementation Federal by policies and practices had been original FISMA (the agencies Annual FISMA Reporting. Annual FISMA in FISMA originated that processes NIST by defined and are
• Managing Cybersecurity Cybersecurity Managing the Enterprise Throughout and reporting government-wide Overall common a help ensure initiatives oversight implementing to approach management the capabilities across cybersecurity 2016, the early In government. Federal cybersecurity new a created House White Established FCISO. the position, leadership responsible position is this in the CNAP, cybersecurity driving government-wide for implementation planning, and policy, The government. the Federal across by the are all led below listed initiatives CISO: Federal POLICY PAPERS POLICY
STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE
The themes consist of numerous efforts and actions which took place over a broad Securing Authentication and Authorization Authorization and Authentication Securing Mgmt. Access and Credential, – Identity, Securing the Network Securing Promoting the Use of of Use the Promoting IT Centralized Standardized, Building the Federal Cyber Workforce Cyber the Federal Building Understanding Data Assets and Threats and Assets Data Understanding Managing Cybersecurity Cybersecurity Managing the Enterprise Throughout Identity Verification (PIV) cards. (PIV)Verification Identity Provides a variety of initiatives to improve logical to improve initiatives of variety a Provides including agencies, across security and physical Personal and use of the issuance to limited but not Improves the security of external and internal and internal external of the security Improves agencies. for options and network infrastructure providers’ external both secure to initiatives Includes Federal and internal such as FedRAMP, networks, TIC. such as networks, Provides common services available to all agencies all agencies to available services common Provides implement and cost-effectively consistently to such as CDM, initiatives, cybersecurity aspects of and EINSTEIN. BPA, the CMaaS Directs a series of actions to identify, recruit, to identify, actions a series of Directs best, the the pipeline of and expand retain, develop, for talent cybersecurity and most diverse brightest, service. Federal Requires agencies to identify and protect high value value high and protect identify to agencies Requires particular of be may that systems and information adversaries. potential to interest Guides how agencies budget for, plan for, and plan for, for, budget agencies how Guides example, for Includes, cybersecurity. oversee Cybersecurity reporting, FISMA Reviews, CyberStat reporting and PMC Updates, Performance Goal CAP and oversight. period of years, and many are ongoing today. As such, specific years are not included. period of years, and many are ongoing today.
Key Initiatives Key Current State of of State Current Cybersecurity E-9 Since Since for investments to support critical to investments for capabilities. PMC Cybersecurity Assessment. Assessment. Cybersecurity PMC quarterly has conducted OMB 2015, regarding agencies with engagements Federal implementing progress their executive The and priorities. policies the PMC using gained by visibility with CIO the Federal connect to factor is a critical Secretaries Deputy Government- of the state in improving members PMC wide cybersecurity. cybersecurity their of discuss the status for recommendations and efforts using a maturity performance improving areas function the five model based on Framework: Cybersecurity the NIST of Respond, Detect, Protect, Identify, can factor updates These and Recover. budgeting cybersecurity OMB’s into performance agency where process, areas can be in specific function and projected previous both to matched opportunities identify spending to • POLICY PAPERS POLICY and 22 CyberStat Reviews Reviews CyberStat 23 STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE cybersecurity workforce and training. and training. workforce cybersecurity was process Review CyberStat OMB’s 2011 January established in in 2015. updated OMB leverages the CyberStat process process the CyberStat OMB leverages common and best practices uncover to enterprise the Federal across challenges such as CDM implementation, in areas TIC and cloud of the rationalization needs for policies, and common and resourced. The number conducted conducted number The and resourced. in FY eight from increased year per in FY 2016. Reviews in FY 24 2014 to security on information 2016 focused and authentication, strong governance, general, In HVAs. of protections agency programs. Through these targeted, these targeted, Through programs. OMB and engagements, high-level frankly able to are leaders agency cybersecurity discuss persistent sure make to and collaborate concerns addressed adequately are challenges are deep-dive, evidence-based, evidence-based, deep-dive, are with engagements face-to-face built around CISOs, and CIOs Federal agency- of reviews comprehensive and postures cybersecurity specific cybersecurity select government-wide CyberStat Reviews. Reviews. CyberStat • Cybersecurity
E-10 26 Entails Entails
support the continued enhancement of of enhancement support the continued workforce. cybersecurity the Federal working with educational institutions, with educational working training organizations, professional experts on other and organizations, from guidance program cybersecurity education university-level through P-12 of expand the pipeline significantly to talent; skilled cybersecurity Talent. Skilled Highly and Hire Recruit and government-wide Establishes expand to efforts agency-specific through workforce the cybersecurity skilled talent. highly of recruitment the hiring and security Streamlines while still meeting process clearance and and standards; applicable law Talent. Skilled Highly and Develop Retain approach an enterprise-wide Promotes to and development retention to workforce needs by identifying key key identifying needs by workforce to gaps in order and capacity capability planning; workforce enhance Workforce the Cybersecurity Expand Training. and Education through Identify Cybersecurity Workforce Needs. Needs. Workforce Cybersecurity Identify the government- improve to Seeks cybersecurity of wide understanding • • • • Building the Federal Federal the Building Workforce Cyber Workforce Cybersecurity Federal The on focuses in 2016, released Strategy, recruit, identify, agencies how improving the pipeline and expand retain, develop, diverse and most the best, brightest, of service. Federal for talent cybersecurity It identifies actions for OPM, the National the for OPM, actions identifies It Education Cybersecurity for Initiative to agencies Federal (NICE), and other planning. workforce cybersecurity improve key establishes four Strategy The initiatives: POLICY PAPERS POLICY and
25 24
In 2015, OMB 2015, OMB In STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE memoranda in FY 2017. in FY memoranda protect HVAs. OMB was then able was OMB HVAs. protect these policies in subsequent apply to as the CSIP, such guidance, OMB them in the CNAP. codify further formalize to steps further take plans to additional through these approaches Cybersecurity Framework. Cybersecurity settle to struggled agencies However, HVAs. for definition on a common to together CIOs agency OMB brought understanding upon a common agree and manage, identify, policies to of High Value Assets. Assets. Value High Information Federal published the Management and Privacy Security and assess identify to Requirements and to HVAs risk around security with the NIST processes align current • functionality. instructions, or other information that is that information other or instructions, or operational security to national critical and data are a major component of of component major a are and data These cybersecurity. government-wide controls, sensitive contain may assets Agencies’ efforts to identify, prioritize, prioritize, to identify, efforts Agencies’ assets most sensitive their and protect Understanding Data Data Understanding Assets and Threats Cybersecurity
E-11 28 . CDM enhances the . CDM enhances . The DHS National DHS National The . would address approximately 85% of 85% of approximately address would affecting threats the cybersecurity As a shared civilian networks. Federal EINSTEIN has encountered service, seeking agencies from some resistance tools, their over control greater retain to full deployment. delaying of CDM, currently being deployed, being deployed, CDM, currently of on assets identify to agencies allows basis. CDM also allows a continuous Federal- to a fed be to information for which provides dashboard, level the into visibility government-wide 2 Phases assets. Federal of state current these of visibility the will extend and 3 Federal of additional aspects into tools and intrusions. devices, users, assets, of in the process are Agencies but dashboards own their to deploying the Federal to connected yet not have dashboard. EINSTEIN System, Protection Cybersecurity EINSTEIN, offers as known commonly network for tools of suite a consistent All agencies. to protection boundary adopted have agencies Federal major of services detection the intrusion services phase of next The EINSTEIN. attempted to disable a capability offers which is done, harm before intrusions Continuous Diagnostics and Mitigation Mitigation Diagnostics and Continuous program (CDM) and act collect to ability government’s regarding information on automated phase first The assets. IT Federal • • Other efforts to ensure agencies have have agencies to ensure efforts Other services and systems modern to access for IT centralize to taking steps include Agency using a Small small agencies, Other concept. of as a proof Network centralization greater for areas potential include: mobile and standardization segmentation network services, security and authentication, identity, services, rights digital services, authorization services. and encryption management, POLICY PAPERS POLICY The The 27
STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE through shared situational awareness awareness situational shared through detected threats as government, the across with all others. shared are one agency at DHS’s EINSTEIN program was designed designed was EINSTEIN program DHS’s unclassified networks agencies’ protect to used by agencies for basic cyber hygiene hygiene basic cyber for agencies used by these while also procuring functions, Similarly, manner. effective in a cost tools goal of the CDM program is to bring is to the CDM program of goal capabilities the security to consistency CMaaS BPA provide government-wide government-wide provide BPA CMaaS agencies Federal enable capabilities that networks. agency strengthen to to secure external solutions. For example, For solutions. external secure to and the Tools the CDM Program both standardize security capabilities. These capabilities. security standardize their secure better agencies help efforts access their and accelerate networks own services to better leverage Federal Federal leverage better to services and skillsets, cybersecurity buying power, One approach to addressing this disparity this disparity addressing to approach One centrally-managed common, develop is to maintaining their own IT, and many and many IT, own their maintaining to maintain struggle organizations capabilities. security adequate Under this model, all agencies, regardless regardless this model, all agencies, Under for responsible are mission, or size of across many agencies, bureaus, bureaus, agencies, many across – can be a significant and programs cybersecurity. improving to impediment The federated nature of agencies’ IT IT agencies’ of nature federated The responsibilities – distributing management Promoting the Use of of Use the Promoting IT Centralized Standardized, Cybersecurity E-12
29 Of the $82 the Of To help address these challenges, the these challenges, help address To replace or upgrade hard-to-secure hard-to-secure upgrade or replace to and transition systems IT legacy IT modern efficient, secure, more new, while also establishing long- systems, agencies Federal mechanisms for term networks their refresh regularly to based on up-to-date and systems and best practices.” technologies which fund as a revolving Envisioned based on the reimburse would agencies replacing by achieve they savings cost efficient with more systems IT legacy is intended the ITMF alternatives, to improvements only enable not to but posture, cybersecurity agencies’ IT a modernized to agencies lead also to which supports modern infrastructure digital services. IT Modernization Fund. Modernization IT spending planned IT Federal billion in 78 percent 2017, approximately for maintaining to dedicated is ($63 billion) systems These investments. IT legacy the risks, such as pose security may best security current utilize to inability encryption including data practices, as authentication, and multi-factor such as rising risks, operational as well mission meet to and inability costs requirements. a of creation the proposed President Technology $3.1 billion Information of Fund (ITMF) as part Modernization and Budget 2017 President’s the FY Plan Action National the Cybersecurity use would agencies Federal (CNAP). retire, “to GSA fund at this revolving • POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE on building new applications and services and services applications on building new and the network that with the confidence secure. appropriately are infrastructure agencies to more secure and efficient and efficient secure more to agencies focus to CIOs would allow which platforms about the protection of data in this new in this new data of about the protection are initiatives key Several environment. Federal transition to underway currently Greater agency interest in cloud-based in cloud-based interest agency Greater questions important raised solutions has center consolidation, and transition and transition consolidation, center to a path a offers services, cloud to IT portfolio. and secure efficient more IT infrastructure, such as through upgrades upgrades through such as infrastructure, IT data systems, and inefficient insecure to Securing the Network the Securing government’s Federal the of Modernization Cybersecurity E-13 CDM assists 31 A key component of this effort is this effort of component key A As agencies adopt cloud services, they they services, cloud adopt As agencies network. network. center, or traversing the internet, OMB the internet, traversing or center, existing align to has launched an effort TIC and cloud service to policies related adoption. Mitigation Diagnostics and Continuous (CDM). Federal a to be which continues CDM, on data in making real-time priority available risk posture an agency’s decision makers. to continuous in maintaining agencies risks and prioritized of awareness at an enterprise vulnerabilities security is a part of this program While level. to establish standardized, the effort it of, build off to CIOs for IT centralized identifying of is also a basic component By gaps in securing the network. is what of awareness agency improving CDM makes networks, running on their and updates patch target to it easier that vulnerabilities software address the of the resilience weakening be may have begun to experience difficulties difficulties experience to begun have Internet Trusted with the complying lays which initiative, (TIC) Connection consolidating for architecture out an to connections agency and protecting ensure to order in internet the public Since secure. are these connections government 2008, the in its initiation Federal of the number has reduced from Internet to the connections in 2015, and 65 to thousand several internal a secure has helped provide to CIOs for infrastructure network TIC relies because However, access. (while point access on a centralized on a decentralized cloud is based policies with both model), complying agencies for problems has created the growing Given alike. and industry data Federal protecting of importance in a cloud, a data hosted whether •
POLICY PAPERS POLICY The program program The Cloud-based Cloud-based 30 STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE To help realize the benefits of cloud cloud of the benefits help realize To (JAB) composed of the CIOs of the of the CIOs of composed (JAB) Security Homeland of Department (DOD), Defense of (DHS), Department Administration Services General the and a GSA-based by and is operated (GSA), (PMO). Office Management Program authorization for a given service that that service a given for authorization agencies other then be used by may authorizations, own establish their to savings, and cost efficiencies, providing FedRAMP baseline. security a common Board Authorization Joint includes a Program (FedRAMP). Program to approach a standardized provides authorization, assessment, security cloud for monitoring and continuous cloud allow to in order services a single achieve to providers service for Federal computing, they have have they computing, Federal for questions important also raised in this data of about the protection in this reason, For environment. new Federal 2011, OMB established the Management Authorization and Risk use cloud-based services in order to to in order services use cloud-based increase utilization, resource improve and accrue responsiveness, service efficiency, in meaningful benefits While cloud- and innovation. agility, benefits many offer based services avoid overhead costs by paying only for for only paying by costs overhead avoid use. they those resources Federal issued the OMB computing, in 2011. Strategy Cloud Computing to agencies encouraged strategy The solutions offer convenient, on-demand on-demand convenient, offer solutions pool a shared to access network can be rapidly that resources IT of get to agencies allows This provisioned. the full managing of the business out of to and themselves services IT stack of Secure Cloud Adoption. Cloud Secure
• Cybersecurity . E-14
Relatedly, the MyUSA the MyUSA Relatedly, 35 34 State drivers’ licenses. In 2016, GSA 2016, GSA In licenses. drivers’ State a new into these efforts consolidated goals with similar by 18F led initiative called Login.gov. National Strategy for Trusted Identities Identities Trusted for Strategy National efforts and other (NSTIC) in Cyberspace leadership Federal that Recognizing strengthening in a role also play could transactions and verification identity Commerce government, outside of 2011. April NSTIC in published the at program established the NSTIC This Federal the coordinate to Commerce to sector and private government digital trusted of adoption “increase and outside inside solutions” identity government. of were initiatives and Connect.gov government expand also launched to to ability services’ online citizen-facing other issued from credentials accept or accounts such as Google providers, • POLICY PAPERS POLICY
One of the of One STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE This set in motion a series in motion set This 33 Many cybersecurity threats threats cybersecurity Many 32 card to employees, contractors, and contractors, employees, to card physical its use for who require others increase and to access, and logical agencies. between interoperability “Policies for a Common Identification Identification a Common for “Policies and Employees Federal for Standard as known commonly more Contractors,” “HSPD-12.” to and card a PIV to develop actions of issue the PIV to with all agencies work say they are and that only authorized authorized only and that are they say the appropriate to access people have a became systems and facilities Federal cybersecurity Federal in initiative major of release with the beginning efforts, access”) and IT systems (“logical (“logical systems and IT access”) access”). a system to access gain unauthorized be a claiming to falsely by and its data access. or who has those privileges user they who someone is that Ensuring PIV Cards and HSPD-12. Cards PIV the 9/11 from recommendations to was 2004 from Report Commission people are appropriate only that ensure (“physical facilities Federal accessing • the FICAM topic area can be found at at can be found area the FICAM topic IDManagement.gov. strategies to narrowly define privileged privileged define narrowly to strategies of summary overall An permissions. user mobile devices, improving citizen citizen improving mobile devices, and government to authentication broader as well as services, sector private (PKI), Federal Identity, Credential, and Credential, Identity, (PKI), Federal (FICAM), securing Management Access understanding and controlling which users users which controlling and understanding include These which resources. access Infrastructure Key Public Federal in efforts Credential and Access Management Management Access and Credential better focus on efforts of number A Securing Authentication Authentication Securing Identity — Authorization and Cybersecurity E-15 CIO. The CyberStat Reviews currently currently Reviews CyberStat The CIO. and month, per assess 2-4 agencies as well include DHS and NSC leaders as OMB officials. the PMC Cybersecurity Assessment, Assessment, the PMC Cybersecurity reporting. goal CAP and Cybersecurity agencies’ OMB analyzes Additionally, DHS by collected submissions, data HVA directive” its “binding operational under reporting incident activities, US-CERT the FedRAMP by provided and data data, Office. Management Program have KPIs cybersecurity-related While every for been included in PortfolioStat cybersecurity its operation, of year in greater is conducted oversight the PMC Cybersecurity through depth Reviews. and CyberStat Assessments, Goal CAP Cybersecurity the Additionally, priority on implementing progress reports The publicly. capabilities cybersecurity are Assessments PMC Cybersecurity Secretaries and include Deputy quarterly and the Federal agencies Federal major of Examples for collection data primary The under collected is that cybersecurity submitted (largely year each FISMA data Cyberscope the DHS through under collected The data tool). collection and varied can be year each FISMA describing the agency with one extensive, quarterly.” as “120 metrics requirement the down to pare efforts OMB has made requirements but the time, over reporting to use OMB strives significant. still are use many once, “report of the concept to data FISMA the leveraging times,” Reviews, CyberStat PortfolioStats, inform POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE
responses to incidents. to responses wide initiatives to address critical to address wide initiatives threats emerging identify vulnerabilities, agency evaluate and vulnerabilities, and cybersecurity focuses on agency agency on focuses cybersecurity government- key implementing progress Metrics and Oversight Metrics for reporting Government-wide Metrics and Oversight and Metrics in Emphasized Objective Primary Cybersecurity E-16
36 40 In fact, many agencies agencies many fact, In 37 As indicated in the figure in the figure As indicated 38 This was a major success, success, a major was This 39 and has been cited by many agency agency many by and has been cited policy effective of example as a key CIOs OMB. from oversight and implementation The Cyber Sprint rapidly improved improved rapidly Sprint Cyber The the HSPD- of implementation agencies’ future for is a model and 12 initiative agencies required HSPD-12 oversight. for authentication two-factor use to 2008. by access and logical physical historically issuance card PIV However, inconsistent was and behind targets lagged agencies. across for cards PIV require to continued just of a rate below or at access network accounts civilian network their 1% for 2010. through compliance PIV government-wide below, 72 percent to 42 percent from increased leadership this concerted of as a result attention. POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE Figure E1: PIV Compliance Sprint Results, 2015 Q4 Update Results, Sprint Compliance PIV E1: Figure relevant aspects of this complex topic. this complex of aspects relevant efficient oversight methods which help methods oversight efficient on the most focus and others agencies large number of FISMA metrics, which which metrics, FISMA of number large key A requirements. diverse represent more explore is to therefore, opportunity, actions, allowing leadership to focus on a focus to leadership actions, allowing than the rather priorities of set compact One of the successful aspects of the Cyber the Cyber aspects of the successful of One of on a small number focus its was Sprint new vulnerabilities, initiatives, and threats threats and initiatives, vulnerabilities, new expand to pressure applied continued have requirements. the reporting metrics and survey questions from FISMA FISMA questions from and survey metrics though year, to year progress made have Lessons Learned Lessons valuable less remove to efforts Continued Cybersecurity E-17
41 For example, example, For 42 43 can also benefit from the additional the from can also benefit software-based of and patching testing open come from can that vulnerabilities code. source Federal of public review vendor’s system, the agency’s contract contract the agency’s system, vendor’s for it difficult make may agreement provider. a different to switch to agencies newly-discovered to respond to ability The agile manner in a more vulnerabilities to agencies of the ability improve could Agencies threats. evolving to respond Efforts to address broader challenges challenges broader address to Efforts area contracts and acquisition in the IT agencies’ of the agility improve could or threats cybersecurity to respond to vulnerabilities. address Adaptive Highly of is adding a set GSA Special (HACS) Services Cybersecurity 70 Schedule IT to (SINs) Numbers Item agencies to provide enable GSA better “to cybersecurity key to access quick, reliable cyber during, and after before, services occur.” threats POLICY PAPERS POLICY - Agency CIO Agency - address the issue. address long to procure things procure to long It sometimes takes too takes sometimes It implement, too long to to long too implement, 4 months to install and install to 4 months especially when it comes when it comes especially to Cyber. A year to procure, procure, to year A Cyber. to STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE
and flexible in their defenses. If a new a new If defenses. in their and flexible in an existing discovered is vulnerability newest technologies, and focusing more of of more and focusing technologies, newest government compromising on efforts their be timely need to agencies systems, operating with operating the to access cyber threats. threats. cyber potential With adversaries themselves themselves against emerging quickly. The current Federal procurement procurement Federal current The quickly. leaving pace, that at adapt cannot process in defending options with limited agencies day, and the tools required to mitigate mitigate to required the tools and day, just as change may vulnerabilities those the flexibility needed to respond quickly to respond quickly to needed the flexibility cybersecurity New threats. cybersecurity every discovered are vulnerabilities procurement process is lengthy and is lengthy process procurement with them provide does not and complex, Threats. Threats. the Federal that stated CIOs of number A FINDING #1 Lack Processes Procurement Government Cyber Evolving to Adapt to the Flexibility particular agency. agency. particular interviews, and analysis of OMB key metrics and oversight over the years. These These years. the over oversight and metrics key OMB of and analysis interviews, any in circumstances than the rather activities government-wide focused on are findings Overall Findings Overall CIO documents, of policy review based on findings key presents sections This Cybersecurity E-18 Similar Similar 44 offered through US-CERT. through offered and courses programs training Federal modern of the adoption augmented have such as CDM and practices automated EINSTEIN. like tools too heavily on long term solutions rather rather solutions on long term heavily too immediate with their than helping CIOs ideas being policy other needs. However, these address OMB may by explored OPM organize issues, such as having all for fair recruitment a cybersecurity hiring showcases that agencies Federal career cybersecurity authorities and new paths. hiring to obstacles significant Facing agencies workforce, cybersecurity new the improve to in training invested have of expertise matter subject cybersecurity in investments Recent staff. IT existing implemented been have training workforce such as concepts cybersecurity around including agency- phishing and malware, and expert- non-experts, for wide trainings the like opportunities enrichment focused engineering reverse on malware course Finally, Federal hiring practices frequently frequently practices hiring Federal Finally, development career on traditional rely today’s of many models. However, may professionals security information less paths career non-traditional take education secondary on obtaining focused Federal for difficult making it degrees, them. identify to hiring strategies initiatives government-wide Despite authority, hire direct such as the cyber the that concerns related some CIOs focuses Strategy Workforce Cybersecurity POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE position may give them more autonomy autonomy them more give position may than a work culture flexible and a more position. security information Federal additional potential issues, such as job additional potential sector a private that concern candidates’ This salary issue also creates problems in problems issue also creates salary This employees. government talented retaining identified have OMB by reviews Internal well-qualified candidates a salary that that a salary candidates well-qualified sector. with the private is competitive Moreover, CIOs repeatedly mentioned mentioned repeatedly CIOs Moreover, offer to agencies for it is difficult that may misevaluate candidates’ capabilities, candidates’ misevaluate may candidates under-qualified leading to ones. well-qualified ahead of advancing process, HR selection officials with limited with limited officials HR selection process, expertise subject matter cybersecurity process, which can be more difficult than which can be more process, if job. Even sector a private applying for whole the through does go a candidate than that in the private sector and requires and requires sector in the private than that the USAJobs navigate to candidates cannot offer competitive salaries. For salaries. competitive offer cannot Federal for the hiring process example, longer significantly takes often agencies too long, relies on a confusing website/ on a confusing long, relies too and agencies procedure, application often in the private sector. CIOs attributed attributed CIOs sector. in the private often Federal with the multiple issues this to takes the process hiring environment: for cybersecurity positions, but those positions, cybersecurity for jobs— ended up taking other candidates cybersecurity workforce. For example, example, For workforce. cybersecurity had they that explained CIOs many well-qualified candidates identified training for the Federal IT workforce workforce IT the Federal for training Federal the in particular, and, large at The Cyber Sprint highlighted the need highlighted Sprint Cyber The and retention, recruitment, improve to Expanded and Strengthened in Order in Order and Strengthened Expanded in Challenges Address Adequately to Cybersecurity. FINDING #2 FINDING Be Must Workforce IT Federal The Cybersecurity E-19 - Agency CIO Agency - regards to FISMA. Too Too FISMA. to regards asked for us to report in report to us for asked 300% more metrics (120 metrics 300% more tell what is a priority. Our Our what is a priority. tell and you are asking for 40. asking for are you and only have time for 4 things 4 for time have only metrics quarterly) are being are quarterly) metrics and others [to streamline]. I streamline]. [to and others many requirements, hard to to hard requirements, many challenge is to convince Tony Tony convince to is challenge immediate priorities. While OMB and priorities. immediate in leaders IT government-wide other to steps taken have policy cybersecurity these of and burden variety the reduce efforts continued requirements, reporting with the attention align agency better to valuable. could be highest impact actions from streamlining and centralization. streamlining from Cyber-related especially metrics, those used in PortfolioStat, the of some are most consistent of year-to-year policy IT any Despite area. this consistency, did not agencies channel as a major PortfolioStat mention discussions. Instead, cybersecurity for Reviews CyberStat to pointed agencies driving as the Assessment and the PMC The discussions. cybersecurity for force efforts cybersecurity of proliferation where an environment has led to in identifying seek guidance agencies FINDING #4 FINDING to Leads in Cybersecurity Visibility High and Metrics, Messages, Policy Multiple Priorities. face they that stated have CIOs reporting of number an increasing their to in relation requirements while OMB even efforts, cybersecurity the requirements. reduce has tried to used in annual reporting required The PMC reporting, goal CAP reports, FISMA of reviews Wing West and meetings, of number a large has led to cybersecurity according and information, metrics varied CIOs agency many Although agencies. to of is some alignment there that agree mechanisms, oversight across metrics benefit could reporting that still note they
POLICY PAPERS POLICY
STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE - Agency CIO Agency - focused/scoped with a lot of follow-up. of with a lot focused/scoped and CIO were in charge and it was very very was and it in charge were and CIO to focus on privileged users. The Deputy Secretary Secretary Deputy The users. on privileged focus to The Cyber Sprint was helpful because it allowed us it allowed because helpful was Sprint Cyber The perception that “everything is important,” is important,” “everything that perception some leaders which runs the risk of is important.” “nothing concluding FISMA metrics — many with unclear causal with unclear — many metrics FISMA a create — that other to each relationships success was that it asked agencies to to agencies it asked that was success This is actions. of on a small number focus of high number broader, the to compared of a new policy initiative. initiative. policy a new of Sprint’s the Cyber for cited factor Another within their structural constraints, and constraints, structural within their the start to buy-in prior agency obtaining objectives and timeframes; allowing allowing and timeframes; objectives within a policy some latitude agencies work that strategies execute to framework agency leadership and CIOs; providing providing and CIOs; leadership agency and achievable verifiable with agencies lessons learned from the Cyber Sprint: the Sprint: the Cyber lessons learned from between engagement continuous need for and between leadership OMB and agency to choose an approach that worked with worked that choose an approach to some listed needs. CIOs specific their between government-wide policy makers makers policy government-wide between design implementation to CIOs and agency the flexibility agencies allowed plans that by high-level White House and OMB and OMB House White high-level by collaboration as early well as leadership, a collaborative effort. CIOs suggested suggested CIOs effort. a collaborative due successful was Sprint the Cyber that involvement ongoing factors: key two to lessons learned in how OMB and the in how lessons learned in agencies involve could House White The Cyber Sprint was praised by most by praised was Sprint Cyber The its in accomplishing as a success CIOs of set valuable a provided and goals, Highly-Effective Model of OMB-to-Agency OMB-to-Agency of Model Highly-Effective Implementation. and Formulation Policy FINDING #3 FINDING a Demonstrated Sprint Cybersecurity Cybersecurity - - - - E-20 ------. Guide . Guide
https://www.whitehouse. https://www.whitehouse.gov/ http://nvlpubs.nist.gov/nistpubs/ https://www.whitehouse.gov/sites/ http://csrc.nist.gov/publications/nist http://csrc.nist.gov/publications/fips/ https://www.whitehouse.gov/sites/de
https://www.whitehouse.gov/sites/default/files/ https://www.whitehouse.gov/sites/default/files/ Information Security Management Act and Agency Privacy Privacy Agency Act and Management Security Information 9/14/2011. Management. default/files/omb/memoranda/2011/m11-33.pdf In on Federal 2015-2016 Guidance Year M-16-03. Fiscal Requirements” Management Privacy and Security formation 10/30/2015. omb/memoranda/2016/m-16-03.pdf omb/memoranda/2016/m-16-15.pdf instructions from certain follow to agencies requires FISMA example, FISMA For such as OMB and NIST. organizations Informa Federal with NIST’s comply to agencies requires reporting (FIPS) and OMB FISMA Standards Processing tion documents NIST other which in turn reference requirements, such as those describing how (SPs), Publications called Special See procedures. accreditation and certification conduct to this framework: of a summary 800-37 for SP NIST of iv” “Page http://csrc.nist.gov/publications/nistpubs/800-37-rev1/sp800- 37-rev1-final.pdf for is described in FIPS 199. Standards requirement This Informa and Information Federal of Categorization Security 2/2004. Systems. tion 800-60 SP NIST and fips199/FIPS-PUB-199-final.pdf to Systems Information and Information of Types Mapping for 8/2008. Categories. Security Legacy/SP/nistspecialpublication800-60v1r1.pdf Management the Risk Applying for 800-37. Guide SP NIST Life Security A Systems: Information Federal to Framework 2/2010. Approach. Cycle pubs/800-37-rev1/sp800-37-rev1-final.pdf Strategic as a Information Federal A-130 Managing Circular 2016. July Resource. fault/files/omb/assets/OMB/circulars/a130/a130revised.pdf Federal the for Instructions 2011 Reporting M-11-33. FY M-16-04. Cybersecurity Strategy and Implementation Plan and Implementation Strategy Cybersecurity M-16-04. 10/30/2015. Civilian Government. the Federal for (CSIP) https://www.whitehouse.gov/sites/default/files/omb/memo randa/2016/m-16-04.pdf Na Cybersecurity Sheet: “Fact Release. Press House White 02/09/2016 Plan.” Action tional the-press-office/2016/02/09/fact-sheet-cybersecurity-na tional-action-plan Obama President Sheet: “Fact Release. Press House White 01/30/2016. Initiative”. All For Science Computer Announces http://www.whitehouse.gov/the-press-office/2016/01/30/ fact-sheet-president-obama-announces-computer-sci ence-all-initiative-0 Cybersecurity Sheet: “Fact Release. Press House White 02/09/2016. Plan”. Action National gov/the-press-office/2016/02/09/fact-sheet-cybersecuri ty-national-action-plan Strategy. Workforce Cybersecurity M-16-15. Federal 06/12/2016. 23. 18. 19. 20. 21. 22. 13. 14. 15. 16. 17. ------POLICY PAPERS POLICY - https:// https://www. and “Cyberspace and “Cyberspace https:// https://www.whitehouse.
http://www.gsa.gov/portal/con STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE https://www.whitehouse.gov/sites/ http://www.gao.gov/assets/670/664022. https://www.gpo.gov/fdsys/pkg/PLAW- https://www.whitehouse.gov/sites/default/files/
ment of Homeland Security (DHS), the Department of Defense Defense of (DHS), the Department Security Homeland of ment agencies and defense civilian Federal and other (DOD), The Sprint Team, led by OMB was comprised of representa of comprised was OMB led by Team, Sprint The Depart Council (NSC), the Security National the from tives Enhancing and Strengthening the Federal Government’s Government’s the Federal and Strengthening Enhancing 6/11/2015. Cybersecurity. default/files/omb/budget/fy2016/assets/fact_sheets/enhanc ing-strengthening-federal-government-cybersecurity.pdf Research and Development Framework,” and the “National and the “National Framework,” and Development Research (April (NSTIC) Cyberspace” in Identities Trusted for Strategy 2011) of the “Comprehensive National Cybersecurity Initiative” Initiative” Cybersecurity National the “Comprehensive of the document, policy cybersecurity guiding internal (CNCI)--an “Na 2011), the (May Cyberspace” for Strategy “International “Cyber (NCIRP), OSTP’s Plan” Response Incident Cyber tional 9/14/2011. omb/memoranda/2011/m11-33.pdf summary include: a publicly-releasable documents Other CyberStat was established in the January 2011 OMB memo January in the established was CyberStat M-11-33. M-11-33 and DHS FISM 11-02 message. randum Information Federal the for Instructions 2011 Reporting FY Management. Privacy Agency and Act Management Security For Results: OMB Should Strengthen Reviews of Cross-Agency Cross-Agency of Reviews Strengthen OMB Should Results: For 5/20/2014. Goals. pdf “Cybersecurity” became one of the original “interim CAP goals” goals” CAP “interim original the of one became “Cybersecurity” as de Budget, President’s 2013 in 2012 in the FY announced Managing GAO-14-526. Goals. on CAP report scribed in GAO Cybersecurity Accomplishments”. 5/12/2011. Accomplishments”. Cybersecurity whitehouse.gov/the-press-office/2011/05/12/fact-sheet-ad ministrations-cybersecurity-accomplishments and Communications Infrastructure”: Infrastructure”: and Communications gov/assets/documents/Cyberspace_Policy_Review_final.pdf Administration’s The Sheet: “Fact Release. Press House White sheet and expected attendees” 5/29/2009. attendees” and expected sheet www.whitehouse.gov/the-press-office/cybersecuri ty-event-fact-sheet-and-expected-attendees Information and Resilient Trusted Assuring a Review: Policy 12/17/2002. 107publ347/pdf/PLAW-107publ347.pdf fact event “Cybersecurity Release. Press House White For more information about the OPM breach, see: breach, about the OPM information more For www.opm.gov/cybersecurity/cybersecurity-incidents/ 2002. of Act 107–347. E-Government No. Law Public For more information on Continuous Diagnostics and Miti Diagnostics and Continuous on information more For see: Program, (CDM) gation tent/177883 (CSIP) for the Federal Civilian Government. 10/30/2015. Civilian Government. the Federal for (CSIP) https://www.whitehouse.gov/sites/default/files/omb/memo randa/2016/m-16-04.pdf OMB/circulars/a130/a130revised.pdf Plan and Implementation Strategy M-16-04. Cybersecurity Circular A-130: Managing Information as a Strategic Resource. Resource. Strategic a as Information A-130: Managing Circular https://www.whitehouse.gov/sites/default/files/omb/assets/
12. 11. 10. 9. 8. 7. 6. 4. 5. 3. 2. 1. Notes Cybersecurity
- - - - - E-21 - and see Login. https://niccs.us- http://www.gao.gov/new. https://18f.gsa.gov/2016/05/10/build https://www.performance.gov/content/ https://www.performance.gov/content/ https://www.nist.gov/itl/nstic/our-focus https://www.whitehouse.gov/sites/default/ https://pages.18f.gov/identity-intro/ https://pages.18f.gov/identity-intro/ https://interact.gsa.gov/document/gsa-it-sched http://fas.org/irp/offdocs/nspd/hspd-12.html cybersecurity#progress-update Ibid en to efforts government-wide about information more For see: M-16-21. code, source Federal of public review courage Transparen Efficiency, Achieving Policy: Code Source Federal Soft Source Open Reusable and through and Innovation cy, 8/8/2016. ware. files/omb/memoranda/2016/m_16_21.pdf Contracts and Acquisition about the IT information more For Contracts and Acquisition IT F: Chapter see Policy area, policy Management to Schedule 70 IT “GSA Administration. Services General SIN”. Services Cybersecurity Adaptive Highly Incorporate 08/17/2016. ule-70-incorporate-highly-adaptive-cybersecurity-ser vices-sins Studies. And Careers Cybersecurity For Initiative National 10/4/2016. Engineering”. Reverse “Malware cert.gov/training/search/anrc/malware-reverse-engineering NIST. “National Strategy for Trusted Identities in Cyberspace Cyberspace in Identities Trusted for Strategy “National NIST. Focus”. (NSTIC): Our authentication shared a modern “Building post. blog 18F 5/10/2016. platform”. ing-a-modern-shared-authentication-platform/ homepage: gov a Common for HSPD-12. Policy Bush. W. George President Contractors. and Employees Federal for Standard Identification 8/27/2004. Set Should Verification:Agencies ID Personal GAO-11-751. Standardized of the Capabilities on Using Priority a Higher . 9/20/2011. Cards Identification items/d11751.pdf Cybersecurity”. Goal: Priority “Cross-Agency Performance.gov. 2015 Q4 Update. FY cybersecurity#progress-update Cybersecurity”. Goal: Priority “Cross-Agency Performance.gov. 2015 Q4 Update. FY 40. 41. 42. 43. 44. 34. 35. 36. 37. 38. 39.
- - - - f - - and - - POLICY PAPERS POLICY https://www.white https://www.whitehouse. https://www.whitehouse. https://9-11commission.
https://www.fedramp.gov/ http://www.gsa.gov/portal/con STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE https://www.whitehouse.gov/sites/default/files/ http://fas.org/irp/offdocs/nspd/hspd-12.html randa/fy2005/m05-24.pdf M-05-24. Implementation of Homeland Security Presidential Presidential Security Homeland of M-05-24. Implementation Identification Common a for Policy 12 – (HSPD) Directive 8/5/2005. and Contractors. Employees Federal for Standard https://www.whitehouse.gov/sites/default/files/omb/memo President George W. Bush. HSPD-12. Policy for a Common a Common for HSPD-12. Policy Bush. W. George President Contractors. and Employees Federal for Standard Identification 8/27/2004. gov/sites/default/files/omb/memoranda/2014/m-14-03.pd 2004. Report”. “9/11 Commission gov/report/911Report.pdf M-14-03. Enhancing the Security of Federal Information and Information Federal of the Security M-14-03. Enhancing 11/18/2013 Systems. Information tion. Also see: Office of Management and Budget. “Security “Security Budget. and Management of Office Also see: tion. Computing in Cloud Systems Information of Authorization 11/08/2011. Environments”. files/2015/03/fedrampmemo.pdf ap_17_it.pdf ap_17_it.pdf to related efforts about information detailed more For Moderniza Infrastructure B: IT Chapter see Policy FedRAMP, FY2017 Budget of the United States. “Analytical Perspectives: Perspectives: “Analytical States. the United of FY2017 Budget at: Available Technology.” Information house.gov/sites/default/files/omb/budget/fy2017/assets/ M-14-03. Enhancing the Security of Federal Information and Information Federal of the Security M-14-03. Enhancing 11/18/2013. Systems. Information gov/sites/default/files/omb/memoranda/2014/m-14-03.pdf For more information on Continuous Diagnostics and Miti Diagnostics and Continuous on information more For see: Program, (CDM) gation tent/177883 M-16-15. Federal Cybersecurity Workforce Strategy. 6/12/16. Strategy. Workforce Cybersecurity M-16-15. Federal https://www.whitehouse.gov/sites/default/files/omb/memo randa/2016/m-16-15.pdf M-16-04. Cybersecurity Strategy and Implementation Plan and Implementation Strategy M-16-04. Cybersecurity 10/30/2015. Civilian Government. the Federal for (CSIP) https://www.whitehouse.gov/sites/default/files/omb/memo randa/2016/m-16-04.pdf 10/30/2015. 10/30/2015. omb/memoranda/2016/m-16-03.pdf M-16-03. Fiscal Year 2015-2016 Guidance on Federal In on Federal Guidance 2015-2016 Year Fiscal M-16-03. Requirements. Management Privacy and Security formation 33. 32. 31. 30. 29. 28. 27. 26. 25. 24. IT Acquisition and Contracts Management
With more than one out of every six dollars of federal government spending going to contractors, it is imperative that the federal government leverages its buying power, drives more consistent practices across federal agencies, shares information, and reduces duplication while providing better results for the American taxpayers. — Anne Rung, Former Administrator, Office of Federal Procurement Policy, OMB
Summary
Category management efforts1 and the Acquisition Gateway could greatly improve agency access to acquisition staff with modern IT expertise. Talent “ The Federal IT Acquisition Reform Act (FITARA) provides agency CIOs with significantly increased visibility and oversight into all IT acquisitions, requiring the CIO or a delegate to approve all Accountability purchases. Due to the complexity and slowness of the Federal acquisition process, CIOs cited numerous concerns with the ability to procure effective and innovative technology solutions, especially for cybersecurity related technology.2 82% of IT projects larger Risk than $2M do not have managers with Federal Acquisition Certification for Project or Program Managers.3 Acquisition in the Federal government is considerably more complex and cumbersome than the private sector due to requirements to ensure fair competition and avoid frivolously spending taxpayers’ dollars. Efforts have been made to expand awareness of how to leverage flexibilities within the Federal Policy Acquisition Regulations to better support agile and other modern IT development practices; however significant barriers in the acquisition workforce remain.
STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 F-1 IT Acquisition and Contracts Management
5 F-2 of an agency because of difficulties in because of agency an of innovative, and deploying procuring rapidly technologies. cybersecurity cutting-edge Federal acquisition process is the protest is the protest process acquisition Federal to losing bidders which allows process purchasing the government’s protest for the potential face Agencies decisions. agency or regulations if protests vendor Protests correctly. followed not are policies in beginning delays in significant can result in a new result sustained, may and if work, contract. a of or cancellation competition that anticipate sometimes CIOs Agency two to up will take acquisitions potential A vendor. select a ultimately to years technologies is that this delay of result when state-of-the-art considered are that are is envisioned procurement a new contract the time a by outdated often procurement lengthy The is awarded. barriers significant can also create process posture the cybersecurity improving to to the acquisition process for larger larger for process acquisition the to with complying Moreover, investments. requirements and reporting the processes doing can make the FAR from stemming expensive with the government business pool of the businesses, reducing for work to agencies for vendors potential the of unique attribute Another with. POLICY PAPERS PAPERS POLICY POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE tion environment tion environment While encouraging While encouraging 4
additional requirements needed to meet to meet needed requirements additional asides can add months small-business set Federal contracts. Federal and supporting small entrepreneurship the goal, businesses is an important of small, minority-owned, or disadvantaged disadvantaged or minority-owned, small, of of percentage businesses in a certain amount of time it takes for the Federal Federal the for time it takes of amount and services. goods acquire to government the use mandates the FAR As an example, variety of reasons, the FAR contains contains the FAR reasons, of variety lengthen the can specific rules that The Federal Acquisition Regulation (FAR) Regulation Acquisition Federal The a For process. the acquisition governs due to maintaining the existing systems systems the existing maintaining due to modern system a new and developing alongside. IT systems given the long development development the long given systems IT costs and lead times, and the increased cited during CIO interviews as major as major during CIO interviews cited face Agencies IT. in purchasing challenges legacy in updating challenges significant slowness, limitations, and uncertainties of uncertainties and limitations, slowness, frequently were process the acquisition the use of agile or other innovative innovative other agile or the use of technology and modern information The practices. purchasing and development complex. In addition, current acquisition acquisition addition, current In complex. incentivize necessarily not do processes The Federal acquisi Federal The and cumbersome, inefficient, is often Overview Overview IT Acquisition and Contracts Management Contracts and Acquisition IT IT Acquisition and Contracts Management F-3 In addition, In 6 flexibilities and outreach to the and outreach flexibilities and community; contractor the IT into CIO oversight Increase process. procurement Leverage the Federal government’s government’s the Federal Leverage as an enterprise; buy to ability and training acquisition Strengthen certification; contract of awareness Increase • • • • agility and speed by which the Federal the Federal which and speed by agility and services, goods can buy government positive represent These IT. for especially acquisition IT improving towards steps to be remains work more but practices, done. all government of full treatment A and issues is procedures acquisition this document. of outside the scope on several focuses document this Instead, have been that efforts and initiatives of the ability improve to undertaken IT. procure successfully to agencies Federal to: sought efforts These The recently enacted Federal IT Acquisition Acquisition IT Federal enacted recently The to agencies requires (FITARA) Act Reform agile development, use of their increase mechanisms such and OMB oversight Investment and as the Capital Planning track to better modified were Control agile projects. agency the improve to working has been OFPP POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE services at an enterprise level. an enterprise at services of acquisitions, enhancing innovation, enhancing innovation, acquisitions, of or goods acquired and buying commonly process to better accommodate the accommodate better to process ranging from purchases, IT of specifics the speed improving the CIO, empowering (GSA). There have been numerous efforts efforts been numerous have There (GSA). the acquisition and improve update to acting in partnership with the Office of the Office with the acting in partnership (OFCIO) Officer Information Chief Federal Administration Services and the General Management and Budget’s (OMB) Office of Office (OMB) Budget’s and Management often (OFPP), Policy Procurement Federal The principal policy leader for government- for leader principal policy The of Office is the initiatives wide acquisition the course of years rather than using more than using more rather years of the course principles. agile development practices often lead agencies towards more more towards agencies lead often practices style development waterfall traditional over systems complex building large, cycles, as many requirements as possible at the as possible at requirements as many These process. the procurement of outset fundamental shift in how program managers managers program how in shift fundamental vendors with work officers and contracting define agencies Typically, services. obtain to However, managing and procuring managing and procuring However, a requires way in such a these projects principles that should enable Federal enable Federal should principles that more missions their accomplish to agencies economically. and effectively, efficiently, Best practices in the acquisition and in the acquisition practices Best agile development favor IT of development IT Acquisition and Contracts Management F-4
Federal IT Acquisition Reform Act (FITARA) Reform Acquisition IT Federal Buying as an Enterprise: Consolidating IT IT Consolidating as an Enterprise: Buying the CIO Under Authority Procurement Standardizing as an Enterprise: Buying Configurations & Requirements Certification and Training Acquisition and Outreach Awareness Buying as an Enterprise: Enterprise: as an Buying Agreements Contract Sharing Strategic as an Enterprise: Buying Management and Category Sourcing development. their at leaders IT as the key CIOs empowers Further that procurements all agency requiring by agencies the CIO. by be approved to include IT Empowers CIOs around commodity IT IT commodity around CIOs Empowers across expands CIO approvals responsibilities, acquisitions. all IT commodity in duplication reduces and Rationalizes and and laptops, desktops licenses, software IT, mission-support areas. other skills through workforce acquisition Improves focus acquisition Cadres, Acquisition IT Specialized FAC and expanded Capital Plans, Human Agency in requirements. P/PM apply and better navigate professionals IT Helps such publications through procedures procurement TechFAR materials, Mythbusters as acquisition modular for guidance and contracting Handbook, Facilitates access to expertise offered through through offered expertise to access Facilitates GSA’s analysts, Initiative Sourcing Strategic Federal buyer’s agency or Hub, TechFAR Managers, Category labs. innovation clubs and acquisition Provides access to multi-agency contract agreements agreements contract multi-agency to access Provides while power purchasing the government’s increase to costs. decreasing simultaneously The strategies consist of numerous efforts and actions which took place over a broad period of years, and many are ongoing today. As such, specific years are not included. period of years, and many are ongoing today. from the start, into the agency’s agency’s the start, into the from IT delivering and developing for processes right. investments Initiatives Key POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE IT projects are excellent targets targets excellent are projects IT 7 represents the latest effort to effort the latest represents 8
procurements, lawmakers sought to ensure ensure to sought lawmakers procurements, integrated, CIO is fully the agency that delegated individual such as a bureau individual such as a bureau delegated IT into visibility this providing By CIO. IT-related procurements by requiring requiring by procurements IT-related include that procurements all agency via a or the CIO, by be approved IT FITARA seeks to increase the CIO’s the CIO’s increase seeks to FITARA over and authority oversight awareness, (FITARA) agencies Federal of the ability improve particular, In IT. procure successfully to The Federal IT Acquisition Reform Act Reform Acquisition IT Federal The additional time investment from program program from investment additional time proposal deliberative and more staff adoption. their which has slowed reviews, to shorten timeframes. However, However, timeframes. shorten to require acquisitions performance-based for performance-based contracts given given contracts performance-based for and technology of evolution the rapid processes digitized enhance to the ability their use of performance-based service service performance-based of use their contracts. solutions, focusing on the outcomes that that focusing on the outcomes solutions, as 2001, As early desires. the government improve to mandated were agencies the government enables companies to to enables companies the government innovative more or best-in-breed provide with the objectives, evaluating them evaluating with the objectives, By metrics. agreed-upon of on a set process, and not on objectives, focusing to meet those objectives. The government government The those objectives. meet to in line performance their then monitors the government outlines objectives outlines objectives the government and allows be met, to like would it that approach own their propose to companies Instead of mandating specific actions, specific mandating of Instead contractor, by a actions or workflow performance-based acquisition differs from differs acquisition performance-based procurements government conventional documents. requirements changing the by IT acquisitions began with adopting adopting with began acquisitions IT A acquisitions. performance-based Policy Evolution Policy to improve efforts the first of One IT Acquisition and Contracts Management F-5
10 program program 9
agreements allow an agency to to an agency allow agreements are simplified acquisitions acquisitions simplified are
Indefinite-Delivery, Indefinite Quantity Quantity Indefinite Indefinite-Delivery, (IDIQ) once vendor with a terms negotiate additional future and then make pre-existing using that purchases agreement. Schedules Supply Federal The or similar for contracts of consists Blanket Purchase Agreements Agreements Purchase Blanket (BPA) fill use to agencies Federal that for needs repetitive anticipated the allow BPAs services. supplies or a portion negotiate to government with up front contracts potential of purchases future so that vendors describes As GSA streamlined. are agreements purchase them, “blanket and such contracting eliminate as the search costs open market prepare the need to sources, for requirement and the solicitations, the acquisition.” synopsize to be multi-agency may BPAs Some needs across aggregate while others for time over or multiple programs of area need or of type a particular services. or products • • • agencies can share contracts. can share agencies Buying as an Enterprise: as an Enterprise: Buying Agreements Contract Sharing the has expanded government The offered and products services IT of variety contract multi-agency shared through leverage agencies which help mechanisms, These power. buying the government’s and contracts, vehicles, agreements, of forms various mechanisms allow other for options many” buy once, “negotiate use. to agencies acquisition IT OMB’s of focus major A these expand and publicize to is efforts obstacles agencies and address options is a brief in using them. Below encounter which by methods the of some of listing POLICY PAPERS POLICY - Anne Rung Anne - STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE Former Administrator, Office of Federal Federal of Office Administrator, Former “With over 3,300 contracting offices and often and offices 3,300 contracting “With over thousands of contracts for the same goods and the same goods for contracts thousands of Standardizing Requirements and Requirements Standardizing Configurations. Sharing Contract Agreements, Contract Sharing and Category Sourcing Strategic Management, Procurement IT Consolidating and the CIO, Under Authority the Committee on Oversight and Government Government and Oversight on the Committee Technology and On Government Operations of of Operations Government and On Technology Reform United States House of Representatives of House States United Reform 2015 before the Subcommittees on Information Information on Subcommittees the 2015 before Procurement Policy, OMB in testimony June 10, OMB in testimony Policy, Procurement • • • • services – many with the same vendor – the Federal the Federal – vendor the same with – many services Government buys like many small, separate entities.” entities.” small, separate many like buys Government competition. The discussion below focuses The discussion below competition. government’s the Federal on improving through: enterprise as an to buy attempts timelines (critical given expectations in expectations (critical given timelines broader ensure and marketplace) today’s than many fragmented, isolated decisions. isolated fragmented, than many create can efforts these Additionally, acquisition opportunities to accelerate the ultimate goal is to make smarter smarter to make goal is the ultimate rather level an aggregate decisions at can happen both within an agency and an agency within can happen both as an enterprise Buying amongst agencies. – “buying in bulk” than simply is more Federal agencies can generate economies economies can generate agencies Federal This savings. significant scale and realize of rather than as thousands of separate separate of than as thousands rather acquisition pooling By offices. unrelated and expertise, contracts, requirements, to improve the ability to make decisions decisions make to the ability improve to as an enterprise and agreements A common theme of government-wide government-wide of theme common A trying has been initiatives acquisition Buying as an Enterprise Buying IT Acquisition and Contracts Management F-6
Multi-agency contract mechanisms contract Multi-agency within the buy agencies which help government the Federal scale of - program SmartBUY GSA’s for approach government-wide on common licenses enterprise software Management Category (BPAs) Agreements Purchase Blanket Quantity Indefinite Indefinite-Delivery, agreements (IDIQ) Schedules Supply Federal Acquisition Government-wide (GWAC) Contracts power purchasing an agency’s Increase costs decreasing while simultaneously use larger, to agencies Encourage agreements contract shared forms various allow agreements These options many” buy once, “negotiate of use to agencies for award of Salesforce BPA Salesforce of award • • • • • • • • • • from GSA news release on release news GSA from vehicle.” services consolidated power of the government into a into the government of power Federal Government. This unique, This Government. Federal efficiency and effectiveness in the in effectiveness and efficiency “The Salesforce BPA is a significant is a significant BPA Salesforce “The - Tom Sharpe, FAS Commissioner, FAS Sharpe, Tom - will reduce the number of duplicative duplicative of the number will reduce overall costs by leveraging the buying leveraging by costs overall customers, and improving acquisition acquisition and improving customers, contracts for these services and lower and lower services these for contracts first-of-its-kind, cross-agency initiative initiative cross-agency first-of-its-kind, step forward in supporting FITARA, our our in supporting FITARA, forward step Buying as an Enterprise: an Enterprise: as Buying Agreements Contract Sharing Summary Effort of Major Initiatives of Goals Effort POLICY PAPERS POLICY enabled are types of types of are STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE 11 mobile services (FSSI- mobile services 13 IT consulting and development and development consulting IT other limitations, conditions, or conditions, limitations, other requirements. related GWACs through its Federal its Federal through GWACs related Service. Acquisition contracts multi-agency Other such as the flexibilities, statutory by various subject to are Act, Economy Contracts (GWAC) (GWAC) Contracts with more contracts multi-agency limitations fewer and flexibility contracts. multi-agency than other IT of variety a operates GSA specific purchasing program which program specific purchasing offer to 70 Schedule leverages for options software enterprise agencies. Acquisition Government-wide more than one supplier at varying varying at one supplier than more GSA), by usually (awarded prices 70 Schedule GSA’s example, for GSA’s technology. information for enterprise for program SmartBuy topic- a of example is an software comparable goods or services from from services or goods comparable 12 • • of their current contract ahead of schedule. ahead of contract current their of consolidated contracts, but the timing of of but the timing contracts, consolidated them allow does not contracts current their out transition to costly be too it may or to, is clear, in many situations, agencies agencies situations, in many is clear, these of one to switch wish to may offering more options to agencies are agencies to options more offering flexibilities. similar use of make to likely savings for while the potential However, agencies through efforts such as Category such as Category efforts through agencies agreements new expands, Management (Networx, which will be succeeded by by will be succeeded which (Networx, Solutions). Infrastructure Enterprise with collaboration As OMB and GSA’s (SmartBUY), and telecommunications Wireless), Implementation, Integration and Support Support and Integration Implementation, BPA), software 70), enterprise Schedule (IT agreements for products and services and services products for agreements Salesforce (GSA’s such as cloud platforms These mechanisms have provided provided mechanisms have These and contracts shared to access agencies (http://www.gsa.gov/portal/ http://www.gsa.gov/graphics/fas/ITS_ content/121238) General Services Administration. “Your Single Acquisition Source Acquisition Single “Your Administration. General Services (Endnotes) 1 Technology”. Reference Guide for GSA COMPARISON_Matrix.pdf IT Acquisition and Contracts Management F-7 19
Provide access to shared groups of of groups shared to access Provide professionals acquisition IT experienced around expertise support and offer to needs IT agencies’ FSSI Management Category Gateway Acquisition Hub TechFAR Labs Innovation Acquisition and between within duplication Reduce agencies agile use of on and focus Increase methodologies • • • • • • • • Buying as an Enterprise: an Enterprise: as Buying Management Category and Sourcing Strategic Summary Effort of Major Initiatives of Goals Effort The The 16 POLICY PAPERS POLICY OMB 14
STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE
15 18 OMB has also encouraged OMB has also encouraged 17 advocates. at the agency level through agency agency through level the agency at innovation “acquisition or clubs” “buyer’s innovation acquisition led by labs” services. expertise acquisition pool their to agencies by GSA, provides a platform for a for a platform provides GSA, by on with a focus experts of community digital and modern IT agile methodology Outsourcing, and Telecommunications. Telecommunications. and Outsourcing, Hub, also hosted TechFAR Additionally, was appointed for IT in 2015, who now who now in 2015, IT for appointed was IT of (“Hallways”) areas leads the six IT Security, Consulting, Hardware, Software, Gateway programs launched in 2014. in launched programs Gateway manager” “category government-wide first OMB and GSA expanded the approach to to the approach expanded OMB and GSA the through sub-categories six IT-related Acquisition and Management Category sourcing approach beyond its original areas its original areas beyond approach sourcing in 2012. focus of such as mobile service contracts. such as mobile service this strategic extending explore began to patterns to better leverage its purchasing its purchasing leverage to better patterns overall and improve costs, reduce power, areas, acquisition in selected performance” and collaborative process of critically critically of process and collaborative spending analyzing an organization’s Since 2005, the Federal Strategic Sourcing Sourcing Strategic 2005, the Federal Since a “structured offered has (FSSI) Initiative best practices in industry, acquisition, and acquisition, in industry, best practices technology. with emerging familiarity their IT needs. This approach to pooling pooling to approach This needs. IT their available it and making centrally expertise to access greater can provide agencies to experienced IT acquisition professionals professionals acquisition IT experienced regarding expertise support and offer to OMB and GSA have worked to provide provide to worked have GSA OMB and of groups shared to access agencies Buying as an Enterprise: as Buying and Sourcing Strategic Management Category IT Acquisition and Contracts Management F-8 24 OMB incorporated OMB incorporated 23 Over time, OMB followed up on these followed time, OMB Over and PortfolioStat with 2013 projects in regular actual savings their tracked Congress. to reports these IT from savings the proposed the plans into consolidation commodity 2014, FY for process budget overall agencies for ways including offering turn their would they how describe to in investment into IT commodity cuts to programs. technology innovative Figure F1: PortfolioStat Commodity IT Reduction Targets Targets Reduction IT Commodity F1: PortfolioStat Figure POLICY PAPERS POLICY
As a 22 21
To assess assess To STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE 20 cost implications by 2015. by implications cost commitments from agencies to to agencies from commitments $2.5 billion in target over achieve commodity IT consolidation plans consolidation IT commodity and approved reviewed were that in plans resulted These OMB. by result of the PortfolioStat process, process, the PortfolioStat of result develop to required were agencies portfolio” that focused on the that portfolio” at IT commodity of consolidation 2012. in March an agency initiative, a “face-to-face, evidence- “face-to-face, a initiative, IT an agency’s based review...of use shared services. use shared this goal, towards progress agency OMB launched the PortfolioStat to drive down costs, improve improve costs, down drive to and IT” commodity for service OMB directed agencies to “pool “pool to agencies OMB directed power purchasing agency’s their organization entire their across as part of a broader effort to effort a broader as part of CIO authorities, strengthen programs and bureaus. programs 2011, August in example, For of CIOs and extend their influence influence their and extend CIOs of agency into acquisitions IT over aligned with agency-wide strategies. Over Over strategies. with agency-wide aligned have OMB and Congress both years, the the responsibility increase to steps taken duplication, missed opportunities for for missed opportunities duplication, not are that and procurements savings, programs or bureaus directly without without directly bureaus or programs the of knowledge or the supervision unnecessary can lead to This CIO. agency rather than to the agency as a whole. As a whole. as a agency the than to rather within made often are purchases IT result, Federal dollars are often appropriated appropriated often are dollars Federal bureau, level lower or a program to directly Buying as an Enterprise: as Buying Procurement IT Consolidating the CIO Under Authority IT Acquisition and Contracts Management F-9
26 Expand the responsibility and influence and influence Expand the responsibility into acquisitions IT over CIOs agency of and bureaus programs Plans Consolidation IT Commodity PortfolioStat Developed management true portfolio Encompass all IT for • • • • Procurement Authority Under the CIO Under Authority Procurement Summary Effort of Major Initiatives of Goals Effort Buying as an Enterprise: Consolidating IT IT Consolidating as an Enterprise: Buying Finally, this attempt to further empower empower to further attempt this Finally, been have to appears CIOs agency consistent of a lack by hampered the although example, For oversight. on focused (2012) PortfolioStat first IT, commodity of the consolidation PortfolioStat of version year’s the next from away focus the (2013) shifted IT. commodity of the consolidation Commodity established agencies While of Plans as a part Consolidation IT evidence is no 2012, there PortfolioStat asked or on these plans OMB followed-up in- of status send updated to agencies completed of results or projects progress projects. POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE provided examples of what what of examples provided 25 consolidated. consolidated. the approach. Without a clear definition, definition, clear a Without the approach. able to were and programs bureaus be could that including systems avoid constituted “commodity IT,” actually actually IT,” “commodity constituted could help strengthen term the defining Second, while the supporting OMB Second, memoranda consolidating their agencies commodity IT, IT, commodity agencies their consolidating to the authority given not were but they it. accomplish actually CIOs take this action. Without these steps, this action. take CIOs for responsibility given were CIOs agency agencies actually receive their funding or funding or their receive actually agencies funding into visibility the CIOs’ improving help could and bureaus the program at for commodity IT,” there was no real no real was there IT,” commodity for so. Changing how do mechanism to “the CIO shall pool their purchasing purchasing pool their “the CIO shall organization entire their across power service and improve costs down drive to a number of steps which could address address which could steps of a number that declared although OMB this. First, agency CIOs did not necessarily see a necessarily did not CIOs agency procurement shift in their significant are There reasons. several for authorities Despite the new CIO Authorities policy policy Authorities CIO new the Despite initiative, PortfolioStat the of creation and IT Acquisition and Contracts Management F-10
- Agency CIO Agency - Created standard configurations configurations standard Created and agency- laptops, desktops, for license software to wide approaches management Management Category M-16-02 15-1 Policy Management M-16-12 Category 16-1 Policy Centralization Management Software Plan no less than 80% Mandated for an agency across standardization and desktops laptops could these areas across Alignment increased savings, significant achieve stronger and a efficiencies, operational posture cybersecurity • • • • • • doesn’t treat them that way. that them treat doesn’t IaaS, etc. are utilities, but the FAR the but utilities, are etc. IaaS, how to acquire utility services that services utility acquire to how aren’t defined as such in the FAR is FAR the as such in defined aren’t a huge issue. Cloud First says SaaS, SaaS, says Cloud First issue. a huge Getting acquisition officers trained on officers acquisition Getting Buying as an Enterprise: Standardizing Standardizing an Enterprise: as Buying Configurations and Requirements Summary Effort of Major Initiatives of Goals Effort POLICY PAPERS POLICY 28 This This . In . In 29
OMB’s OMB’s
STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE This idea is reflected in two in two is reflected idea This 27 Centralization Plan” while reporting while Plan” Centralization Integrated OMB’s to savings all cost Collection. Data Management memorandum. Management an appoint to agencies required software enterprise agency-wide establish agency-wide manager, and inventories, license software Management a “Software implement laptops as an enterprise are needed. are as an enterprise laptops Management License Software of complexity reducing the addition, purchases license software agencies’ Category OMB’s in focus major a was procuring desktops and laptops, and laptops, desktops procuring CIOs agency several however, could they believed they indicated own pricing on their better get to efforts Additional procurements. and desktops of purchasing leverage satisfied with [a government-wide government-wide [a with satisfied configuration” standard approved] is granted. unless an exception were vehicles contract Numerous with agencies to assist identified first Category Management Management Category first made standardized memorandum requiring mandatory, configurations at that “ensure CIOs: agency that basic new agency’s their least 80% of are requirements and desktop laptop Desktops and Laptops. and Laptops. Desktops • • desktops and agency-wide approaches to to approaches and agency-wide desktops management. license software 2016 memoranda laying out standard out standard laying 2016 memoranda and laptops Federal for configurations increased operational efficiencies, operational increased cybersecurity a stronger and even posture. configurations of software and hardware hardware and software of configurations savings, significant can lead to purchased Reducing the need for variation across across variation need for the Reducing and features, in requirements, agencies Buying as an Enterprise: as Buying Requirements Standardizing and Configurations IT Acquisition and Contracts Management F-11 In 2013, 2013, In 31 More recently, in 2015, as recently, More Training Program (DITAP) Program Training government for value better Achieve acquisitions core- a digital service Develop contracting for plus specialization professionals Provide the training tools needed tools the training Provide acquisition equip the Federal to skills, with the knowledge, workforce can use emerging so they and expertise agile in a more and technologies tools manner Cadres Acquisition Specialized and training the acquisition Strengthen requirements certification Professional Acquisition IT Digital 32 • • • • • • 34 Enhanced acquisition training training acquisition Enhanced 33 Goals of of Goals Effort Acquisition Training and Certification and Training Acquisition Summary Effort of Major Initiatives Plans. staff acquisition beyond extend needs to who have managers project encompass to responsibilities. acquisition significant that the fact by need is underscored This than $2M do not larger projects IT 82% of Acquisition with a Federal managers have Project or Program for Certification Managers. For example, in 2011, OFPP issued 2011, OFPP in example, For IT “Specialized defining guidance the highlighting Cadres,” Acquisition relevance particular of skillsets and training workforce. acquisition the IT for Certification Acquisition the Federal under expand to a process began OFPP program, and training the acquisition and strengthen “FAC as (known requirements certification and program managers project for P/PM”) on the focus with a particular managers, workforce. IT FITARA, of the implementation a part of include to OMB instructedagencies acquisition IT these of analysis detailed Capital Human Agency in their cadres POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE
- Agency CIO Agency -
30 get approved this month that is 18 months that is 18 months this month approved get 70% of [my agency’s] network is at risk now. network agency’s] [my 70% of hardware for two years due to an acquisitions an acquisitions to due years two for hardware protest. It is unacceptable for a BPA to take 2.5 take to a BPA for is unacceptable It protest. behind schedule before any work is done, before is done, before work any behind schedule before years. Very understaffed and fearful of risk. It has risk. of fearful and understaffed Very years. might any protest. We were not able to buy any network network any buy to able not were We protest. any our acquisitions and hiring. — I have a project that a project and hiring. — I have acquisitions our The biggest opportunity is streamlining how we do we how is streamlining opportunity biggest The put my infrastructure at end of life with no patches. with no patches. life at end of infrastructure put my how to leverage the FAR to support these to the FAR leverage to how activities. Acquisition Professional Training Program Program Training Professional Acquisition contracting train which seeks to (DITAP), acquisition principles and on agile officers manner to solve agencies’ needs. The U.S. U.S. The needs. agencies’ solve to manner IT Digital a new created also Service Digital acquisition workforce with the knowledge, with the knowledge, workforce acquisition in using emerging skills, and expertise agile in a more and technologies tools vendors, and other Federal agencies, agencies, Federal other and vendors, the Federal equip to has sought OFPP approach. Working through the Federal the Federal through Working approach. Defense (FAI), Institute Acquisition sector private University, Acquisition workforce trained in an era of legacy legacy of in an era trained workforce development waterfall a and systems Newer digital technologies and agile and agile technologies digital Newer present frequently methodologies acquisition agency an to challenges Acquisition Training Training Acquisition Certification and IT Acquisition and Contracts Management F-12
Increase familiarity amongst IT project project amongst IT familiarity Increase of workforce and acquisition managers by options allowed and the flexibilities regulations procurement “Mythbusters” TechFAR guidelines in Additional support agile to how on Handbook development of understanding the general Improve can support processes existing how practices IT innovative • • • • as part of the Smarter IT IT Smarter the as part of 39 Summary Summary Effort of Major Initiatives of Goals Effort Awareness and Outreach Awareness Each of these initiatives did not seek to not seek did these initiatives of Each but process, procurement the change understanding general improve to rather be may procedures the existing how of practices. IT support innovative used to these myths of many through Breaking approach coordinated long-term, a requires the of understanding people’s changing to awareness improve to tried has OMB rules. “number including by these documents of have finished who officers contracting of Program” Certification Service the Digital as the such on materials which draws TechFAR, Goal. CAP Delivery
35 ,
POLICY PAPERS POLICY 25 Point 25 Point
STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE 38
Contracting Guidance Guidance Contracting
36 37 OMB’s 2012 OMB’s Development Modular Support to use existing to outlined how similarly support innovative to procedures procurements. The TechFAR Handbook provides provides Handbook TechFAR The support agile to guidelines on how modern and other development approaches management project Federal in procedures using existing regulations. before a planned award was was a planned award before outlining by forbidden generally “market of kind that where situations but permissible, only is not research” encouraged. OMB’s “Mythbusters” documents documents “Mythbusters” OMB’s that the misconception addressed vendor with a potential meeting • • • procedures or illustrate examples of of examples illustrate or procedures of examples few A FAR. in the flexibility include: these documents explanatory documents designed to dispel designed to documents explanatory procurement of misconceptions common Implementation Plan to Reform Federal IT Federal Reform to Plan Implementation “mythbuster” a series of which included guidebooks, and other documents, procurement regulations. This began regulations. procurement OMB’s of release with the 2011 familiarity amongst IT project managers managers project amongst IT familiarity the of workforce and the acquisition by options allowed and flexibilities discussed above, OMB also initiated a also initiated OMB above, discussed to increase efforts education of series Awareness and Outreach and Awareness opportunities training to the addition In IT Acquisition and Contracts Management F-13 Provide CIO with more authority as it authority more with CIO Provide investments IT to relates FITARA the for Baseline OMB Common IT of Management IT agency of knowledge Consolidate in CIO’s and strategy efforts acquisition office • • • • The Federal Information Technology Acquisition Acquisition Technology Information Federal The (FITARA) Act Reform Summary Effort of Major Initiatives of Goals Effort In 40 The The POLICY PAPERS POLICY 41 STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE For example, despite its despite example, For 42 the spend.” 11th hour, approving requisitions? I want want I requisitions? approving 11th hour, of the formulation over say more have to As one CIO put it: “what does it mean As one CIO put it: “what all approve to ‘I need says when FITARA the up at I just showing Am purchases?’ interviews, indicating there remains there indicating interviews, and clarification. improvement for room alignment. expressed CIOs language, statutory strong during this authority regarding concerns early in the process to leverage potential potential leverage to in the process early strategic and ensure efficiencies Ensuring CIO visibility is a minimal first is a minimal first visibility CIO Ensuring by CIOs are needed efforts additional step, acquisitions in involved be proactively to staff. staff. approved by the CIO of the agency.” of the CIO by approved in the earlier participate to CIOs is for goal the mission for as an enabler conversation technology services, unless the contract or or unless the contract services, technology and reviewed has been agreement other FITARA stated that an agency “may not not “may an agency that stated FITARA agreement other or a contract into enter information or technology information for processes for Agency IT investments investments IT Agency for processes process, acquisition the to regard With and manages its IT investments, FITARA FITARA investments, its IT and manages over authority CIO more Agency the gave and personnel governance, the budget, and acquisition plans. To improve how the how To improve plans. and acquisition implements, acquires, government Federal responsibilities reinforced CIO approval of of CIO approval reinforced responsibilities with partnership through acquisitions all IT strategies all acquisition around the CAO addition, the subsequent development of of development subsequent addition, the and CIO roles of Baseline Common OMB’s In December 2014, Congress attempted attempted 2014, Congress December In in the CIOs agency empower further to FITARA. passing by process acquisition The Federal Information Technology Technology Information Federal The Act (FITARA) Reform Acquisition IT Acquisition and Contracts Management F-14
43 Similar Similar 44
46 Additionally, years 2013 - 2013 years Additionally, 45 examine, then measuring agency progress progress measuring agency then examine, recommended applying or adopting spend. addressable that to approaches services any 7.5% of that OMB assumes as achieved are sourcing using strategic the Category to according savings, cost though the details Goal, CAP Management provided. not are behind this estimate 2015 particularly focused on the mobile focused on 2015 particularly contracts and mobile service device also Similarly, IT. commodity of category Modernization Infrastructure see the IT related KPIs PortfolioStat for paper policy category centers spending on the data to IT. commodity of recommended, required, or examined examined or required, recommended, for training P/PM FAC wider include IT in involved officials acquisition Common the of adoption acquisitions, elements, acquisition-related Baseline’s USDS’s in emphasized and practices described in the training acquisition Goal. CAP Delivery IT Smarter included have PortfolioStat of years Most to related indicators performance key to related approaches the acquisition key included PortfolioStat IT. commodity of some form for indicators performance savings spending or related IT commodity 2012 - 2016. from year in every Benchmarking also used in GSA’s was data Improve Benchmark and the Initiative, Goal, CAP Operations Mission-Support and FedStat. OMB has not released how each agency’s each agency’s how released OMB has not area IT each commodity spending on has in 2012 PortfolioStat examined launching since years in the 4-5 changed projects. consolidation OMB has that behaviors Other POLICY PAPERS POLICY STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE versus email satisfaction) were were email satisfaction) versus context further provide to developed more were which agencies into area. at each efficient and cost- initiative, the Benchmarking In satisfaction, customer efficiency, (e.g., a metrics and operational email box per cost of comparison In PortfolioStat, agencies reported reported agencies PortfolioStat, In they and BPAs GWACs many how area; IT each commodity used for • • more nuanced baseline by defining the defining baseline by nuanced more within spend” “addressable likely total they services type of or each business area Strategic sourcing and category and category sourcing Strategic own established their have management business areas, through commodity IT data data IT commodity through business areas, function spending calls and management calls, specifically: data initiative have gathered data to establish data gathered have initiative in common spending Federal a baseline of Examples Benchmarking and the PortfolioStat to elimination of duplicative processes or processes duplicative of elimination to purchases. category management, and commodity IT IT and commodity management, category terms has been described in consolidation reductions in spending due the potential of acquisition. Repeatedly, the potential the potential Repeatedly, acquisition. sourcing, strategic like efforts of value Federal government and by not repeating repeating not and by government Federal unnecessarily, processes acquisition IT of the cost can reduce agencies agency satisfaction with the acquisition with the satisfaction agency of the the scale leveraging better By staff. the primary focuses of OMB’s efforts in efforts OMB’s of focuses the primary the reduce to been have acquisition IT and improve services and goods IT of cost and Oversight used in oversight, metrics on the Based Metrics and Oversight and Metrics Metrics in Emphasized Objective Primary IT Acquisition and Contracts Management F-15 POLICY PAPERS POLICY 47 STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE same level of priority as policies that are are as policies that priority of same level KPIs. in PortfolioStat emphasized progress adopting its CIO and CXO adopting progress at the responsibilities roles and acquisition evaluate agency progress implementing implementing progress agency evaluate 2016 in 2015 or Baseline the Common be placing not may agencies PortfolioStat, measuring and emphasizing such adoption. such adoption. measuring and emphasizing included that not were As metrics For strategies which rely on agency on agency which rely strategies For practices, recommended of adoption on been consistent always OMB has not other category management approaches. management category other “common spend” is “under government- is “under spend” “common but it is difficult to wide management,” using are agencies widely how determine Management CAP Goal reports that as that reports Goal CAP Management the of percent 2016, zero FY Q3 of of sourcing, category management, management, category sourcing, other and consolidation, IT commodity Category The agencies. by are strategies Lessons Learned Lessons strategic adopted widely how is unclear It IT Acquisition and Contracts Management F-16
- Agency CIO Agency - to take 2.5 years. 2.5 take to I have a project that a project I have this month that is 18 this month *might* get approved approved get *might* before any protest. It is It protest. any before unacceptable for a BPA a BPA for unacceptable before any work is done, work any before months behind schedule months
can leave agencies agencies can leave without the ability network purchase to the until hardware is settled. protest budgeting the Federal of challenges The of such as the possibility environment, the end of at expiring funding available such delays. can exacerbate year, the agency encourages environment This more to be (COs) Officers Contracting when selecting procurement risk-averse an for limit the potential to strategies the to minimize effort This protest. award the at schedule and planning risks comes as price such factors other of expense diminish the and may and performance, These product. of the end effectiveness to increased can lead situations types of agencies. risk for FINDING #2 FINDING to Due and Uncertainty Delays are Length Process Procurement IT. Effective to Obstacles the that stated CIOs of number A much too takes process procurement changing rapidly with keep up to time needs and customer cybersecurity CIOs Moreover, technology. demands for long how over with uncertainty must deal will there whether will take, the process and be protests, are the results what These be. to likely delays types of POLICY PAPERS POLICY
STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE
understand what their options are, partly partly are, options their what understand Federal lack of or short tenures because of experience. procurement CIOs are often highly dependent on their on their dependent highly often are CIOs to community in the acquisition partners initiatives have led to new acquisition new to led have initiatives on has been reluctance there approaches, them. adopt widely to agencies the part of resources to achieve government-wide government-wide achieve to resources these Although and efficiencies. savings In addition to educating agencies, OMB to educating addition In to dedicated on initiatives has focused pool its common helping the government that their acquisition partners remain partners acquisition their that these flexibilities. explore to reluctant procedures available to support innovative support innovative to available procedures still these are acquisition, IT to approaches shared CIOs agencies. by underutilized together on several informational informational on several together and the flexibilities publicize campaigns to by Agencies. by worked have OMB and GSA Although FINDING #1 Existing Awareness, Better Despite Underutilized Are Flexibilities Acquisition threat environment. threat The acquisition process needs to evolve to evolve to needs process acquisition The impede than needs rather IT agency serve constant today’s in specifically success technology management and have not not and have management technology extent. a great to tools used the available resources and available tools, agency agency tools, and available resources with internal to struggle continue CIOs with modern align not do that processes agency IT personnel. As OMB and GSA and GSA As OMB personnel. IT agency improving towards work to continue and Findings and has process acquisition Federal The for frustration of source constant been a Observations Agency IT Acquisition and Contracts Management F-17 and cost consequences. consequences. and cost FINDING #5 Negatively Mechanisms Funding Agency the Federal of Ability the Impact as an Enterprise.” “Buy to Government process the appropriations Finally, on agencies an additional burden creates enterprise-wide leverage to attempting or bureaus offices buying as programs, and appropriations, discrete receive to limits the ability law appropriations organizations other funds to transfer enterprise consolidated facilitate to have often agencies As a result, purchases. the same products, for contracts multiple and software, database such as Oracle with different or prices different paying configurations. One CIO described feeling required to to required feeling described CIO One operations network the agency’s use agency help the to contract support goals, aside set small business its achieve proved vendor the selected but indicated work. the perform fully to unable first to pressure described CIOs Other through available vendors that prove could FedRAMP or BPAs, schedules, supply requirements, the government’s meet not competition wide a than conducting rather This the best solution. reach designed to or vendors existing for built-in preference vendors, potential pool of limited other goals, limits certain while promoting and vendor the best to access government which can risk performance introduces security, schedule, unintended other have
48 POLICY PAPERS POLICY and other set set and other aside goals, demonstrate existing use of and BPAs supply Federal schedules, or use programs FedRAMP like need to achieve achieve need to small business STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE - Agency CIO Agency - - Agency CIO Agency - Acquisitions are about fairness about are Acquisitions but it should be and equality, buying power. about better Acquisitions are more about more are Acquisitions about are they than “fairness” an issue] that’s [and best price cost effective solutions. effective cost may cause agencies to artificially exclude artificially to cause agencies may and with appropriate vendors potential government-wide procurement rules and procurement government-wide As such the perceived. or real strategies, factors often arise from the agency’s agency’s the arise from often factors with compliance in demonstrating interest vendor selection criteria increases the increases selection criteria vendor meet to be unable may awardees risk that These requirements. the government’s According to CIOs, pressure to incorporate incorporate to pressure CIOs, to According into factors see as secondary they what Restrictions to Accessing Vendors Create Create Vendors Accessing to Restrictions Needs. IT Meeting to Risks Unintentional FINDING #4 and 18F’s focus on hiring acquisition staff staff on hiring acquisition focus and 18F’s experience. modern technology with more address this, such as: category managers managers as: category this, such address of growth continued categories, IT for USDS and cadres, acquisition IT specialized ability to perform the services required required the services perform to ability could help efforts Recent agencies. by relying on partners in the acquisition acquisition in the on partners relying in who lack the background community vendors’ evaluate to necessary modern IT to Address Challenges. Address to with challenges described CIOs Multiple Evaluating Complex, Innovative Innovative Complex, Evaluating Technology Greater Without Technology Underway are Efforts However Expertise, FINDING #3 FINDING Challenges Face Staff Acquisition IT Acquisition and Contracts Management
F-18
https:// https:// https://www. http://www.gsa. and M-04-08. https://www.whitehouse. and M-05-25. SmartBUY and M-05-25. SmartBUY For more information information more For https://www.whitehouse.gov/ http://www.gsa.gov/portal/ https://www.congress.gov/113/plaws/publ291/ https://www.whitehouse.gov/sites/default/files/ https://www.whitehouse.gov/sites/default/ https://www.whitehouse.gov/sites/default/files/ http://www.gsa.gov/portal/content/121238 www.whitehouse.gov/sites/default/files/omb/procurement/ memo/simplifying-federal-procurement-to-improve- performance-drive-innovation-increase-savings.pdf Introduction”. Hub: “TechFAR Service. Digital U.S. techfarhub.cio.gov/ omb/memoranda/fy04/m04-08.pdf 8/25/2005. with Oracle. Agreement gov/sites/default/files/omb/memoranda/fy2005/m05-25.pdf files/omb/procurement/comp_src/implementing_strategic_ sourcing.pdf Sourcing. Strategic through Acquisition M-13-02. Improving 12/5/2012. omb/memoranda/2013/m-13-02_0.pdf the Marketplace: Transforming Memorandum. OFPP Performance, Improve to Procurement Federal Simplifying 12/4/2014. Savings. Increase and Innovation, Drive Policy, OMB, has described the Salesforce BPA as representing as representing BPA OMB, has described the Salesforce Policy, category to drive efforts Administration’s the the “best of By IT. of in the delivery innovation and increase management leverage will be able to we these BPAs, to driving agencies best the deliver we while ensuring that talent agile industry’s Administration. Services General taxpayer.” American the for value Integration Salesforce for and Support BPA Awards “GSA Services”. in Federal Quality and Improving Cost M-03-14. Reducing 2/25/2004. Software. Commercial of Purchases whitehouse.gov/omb/memoranda_m03-14 of Duplication Avoiding and SmartBuy of Use Maximizing Initiatives. 24 E-Gov President’s with the Activities Agency 2/25/2004. Sourcing. Strategic Implementing OMB Memorandum. 5/20/2005. M-01-15. Performance Goals and Management Initiatives for for Initiatives and Management Goals Performance M-01-15. 3/9/2001. 2002 Budget. the FY sites/default/files/omb/assets/omb/memoranda/m01-15.pdf Act. Reform Acquisition Technology Information Federal Defense National the of D VIII, Subtitle Title 12/19/2014. Public Law 2015, Year Fiscal for Act (NDAA) Authorization 113-291: No: PLAW-113publ291.pdf#page=148 and A: Management Chapter see Policy about FITARA, IT of Oversight Acquisition Single “Your Administration. Services General Technology”. GSA for Guide Reference Source gov/graphics/fas/ITS_COMPARISON_Matrix.pdf Purchase “Blanket Administration. Services General (BPAs)” Agreements content/199353 Obtain Agencies Federal Workforce: Acquisition GAO-13-231. into Insight Limited but Have Requirements, Meet to Training 3/28/2013. Investment. Training of and Benefits Costs http://www.gao.gov/assets/660/653437.pdf Procurement Federal of Office Administrator, Former Rung, Anne 17. 15. 16. 13. 14. 7. 8. 9. 10. 11. 12.
POLICY PAPERS POLICY http://fas.org/ https://www.sba.gov/ https://itdashboard.gov https://www.challenge.gov/ and M-16-12. Category Category and M-16-12. https://www.whitehouse. STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE http://www.nextgov.com/technology- and Congressional Research Service. “GAO “GAO Service. Research and Congressional and M-16-02. Category Management Policy 15-1: Policy Management and M-16-02. Category
Development Program Challenge”. Challenge”. Program Development challenge/digital-service-contracting-professional-training- and-development-program-challenge-2/ contracting officers on agile acquisition principles and how acquisition principles and on agile officers contracting support these activities. Challenge. to the FAR leverage to and Training Professional Contracting Service “Digital gov. sgp/crs/misc/R40227.pdf Acquisition IT Digital new Service’s Digital U.S. The train seeks to (DITAP) Program Training Professional going to be’”. 8/2/2016. be’”. to going news/2016/08/gsa-officials-increased-bid-protests-how-its- going-be/130417/ 6/21/2015. Analysis”. and Trends Protests: Bid to compete over fewer potential contracts as agencies face face as agencies contracts potential fewer over compete to of and the use sequestration on by brought pressure budget Nextgov. See government. to fund the resolutions continuing it is how ‘This is Protests: Bid Increased on Officials “GSA com. Some of the potential factors include a depleted acquisition acquisition include a depleted factors the potential of Some and morale low with high turnover, struggles that workforce resulting in less staff new talented attracting in difficulty companies on pressure increased or than ideal acquisition, contracting/contracting-officials/goaling years, recent in protests been filing more have Vendors known. fully not are why for though the underlying reasons goals throughout the year. For more information on agency on agency information more For year. the throughout goals see Small groups, various to awards and contracts goals “Contracting”. Administration. Business through market research, however, in many situations, an situations, in many however, research, market through evaluate and Information For a Request must conduct agency an annual must set Agencies small business sources. potential against achievements agencies’ monitors and SBA goal work. If two small businesses are capable of performing the performing capable of small businesses are two If work. for must be set-aside generally acquisition then the work, In Two.” of called the “Rule small businesses, in a process quickly of care can be taken this analysis some situations, The small business set aside is mandated by statute. The FAR FAR The statute. by aside is mandated small business set The to requirements all potential evaluate agencies that requires the performing capable of a small business is if determine Dashboard, Based on OMB’s PortfolioStat 2016 methodology, 2016 methodology, PortfolioStat on OMB’s Based Dashboard, 1, December after which completed projects includes all IT greater of cost lifecycle and a project in progress, are 2014 or source: data than $2 million. Original technologies, see Policy Chapter E: Cybersecurity E: Cybersecurity Chapter see Policy technologies, or senior- mid-level, entry-level, of certification P/PM FAC IT from feed data the Projects of on an analysis Based level; https://www.whitehouse.gov/sites/default/files/omb/ memoranda/2016/m-16-02.pdf and initiatives about cybersecurity information more For pdf Common of Management and Acquisition the Improving 10/6/2015. Desktops. and Laptops Technology: Information Management Policy 16-1: Improving the Acquisition Acquisition the 16-1: Improving Policy Management Technology: Information Common of and Management 6/2/2016. Licensing. Software gov/sites/default/files/omb/memoranda/2016/m-16-12_1. the Acquisition and Management of Common Information Information Common of Management and Acquisition the 10/16/2015. Desktops. and Laptops Technology: https://www.whitehouse.gov/sites/default/files/omb/ memoranda/2016/m_16_20.pdf M-16-20. Category Management Policy 15-1: Improving 15-1: Improving Policy Management Category M-16-20.
6. 5. 4. 3. 2.
1. Notes IT Acquisition and Contracts Management F-19 https:// https:// . https:// https://www. https:// https://www. https://www.dhs.gov/ https://www.performance.gov/ https://www.whitehouse.gov/sites/ https://www.congress.gov/113/plaws/publ291/ https://www.whitehouse.gov/sites/default/ https://www.whitehouse.gov/sites/default/files/ Performance.gov. “Cross-Agency Priority Goal: Smarter IT IT Smarter Goal: Priority “Cross-Agency Performance.gov. 2016 Q2 Update. FY Delivery”. node/3403/view?view=public#progress-update Act. Reform Acquisition Technology Information Federal Defense National the of D VIII, Subtitle Title 12/19/2014. Public Law 2015, Year Fiscal for Act (NDAA) Authorization 113-29: No: PLAW-113publ291.pdf#page=148 IT Dashboard, September 21, 2016. Based on OMB’s on OMB’s 21, 2016. Based September Dashboard, IT projects includes all IT 2016 methodology, PortfolioStat in progress, are or 1, 2014 December after which completed than $2 million. greater of cost lifecycle and a project itdashboard.gov/drupal/data/datafeeds?format=csv Reform to Plan Implementation 25-Point Kundra. Vivek 12/9/2010. Management. IT Federal sites/default/files/publications/digital-strategy/25-point- implementation-plan-to-reform-federal-it.pdf Addressing “Myth-Busting”: Memorandum. OFPP Industry with Communication Improve to Misconceptions 2/2/2011. Process. Acquisition during the whitehouse.gov/sites/default/files/omb/procurement/ Memorandum and OFPP memo/Myth-Busting.pdf Further and Misconceptions Addressing 2”: “Myth-Busting Process. Acquisition During the Communication Improving 5/7/2012. omb/procurement/memo/myth-busting-2-addressing- misconceptions-and-further-improving-communication- during-the-acquisition-process.pdf Introduction”. Hub: “TechFAR Service. Digital U.S. techfarhub.cio.gov/ Development. Modular Support to Guidance Contracting 6/14/2012. files/omb/procurement/guidance/modular-approaches-for- information-technology.pdf M-16-12. Category Management Policy 16-1: Improving 16-1: Improving Policy Management Category M-16-12. Information Common of Management and Acquisition the 6/2/2016. Licensing. Software Technology: www.whitehouse.gov/sites/default/files/omb/ memoranda/2016/m-16-12_1.pdf Acquisition IT “Digital Institute. Acquisition Federal The Newhart”. Joanie with (DITAP) Training Professional www.fai.gov/media_library/items/show/27 Information Specialized for Guidance Memorandum. OFPP 7/13/2011. Cadres. Acquisition Technology whitehouse.gov/sites/default/files/omb/procurement/memo/ guidance-for-specialized-acquisition-cadres.pdf Acquisition the Federal to Revisions Memorandum. OFPP 12/16/2013. Managers. Project and Program for Certification http://www.fai.gov/drupal/sites/default/files/FAC%20 PPM%20Policy_121613.pdf Information Federal of and Oversight M-15-14. Management 6/10/2015. Technology. default/files/omb/memoranda/2015/m-15-14.pdf or senior- mid-level, entry-level, of certification FAC-P/PM from feed data the Projects of on an analysis Based level; 39. 40. 35. 36. 37. 38. 29. 30. 31. 32. 33. 34. POLICY PAPERS POLICY https://www. and GAO-15- http://www.gao.gov/ . and M-12-10. Implementing . and M-12-10. Implementing STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE https://www.whitehouse.gov/sites/ https://www.whitehouse.gov/sites/ the Acquisition and Management of Common Information Information Common of Management and Acquisition the 10/16/2015. and Desktops. Laptops Technology: https://www.whitehouse.gov/sites/default/files/omb/ memoranda/2016/m-16-02.pdf efforts related to cybersecurity-specific acquisitions, see Policy Policy acquisitions, see to cybersecurity-specific related efforts E: Cybersecurity Chapter 15-1: Improving Policy Management M-16-02. Category For example, by reducing the variety of desktop software software desktop of variety the reducing by example, For to became easier would it installed government-wide, were vulnerabilities software that ensure to networks secure about information detailed more For removed. or mitigated Strengthening Federal IT Portfolio Management. 3/27/2013. 3/27/2013. Management. Portfolio IT Federal Strengthening https://www.whitehouse.gov/sites/default/files/omb/ memoranda/2013/m-13-09.pdf PortfolioStat. 3/30/2012. PortfolioStat. default/files/omb/memoranda/2012/m-12-10.pdf Guidance: 2013 PortfolioStat Year M-13-09. Fiscal M-11-29. Chief Information Officer Authorities. 8/8/2011. Officer Information M-11-29. Chief https://www.whitehouse.gov/sites/default/files/omb/ memoranda/2011/m11-29.pdf M-12-13. Fiscal Year 2014 Budget Guidance. 5/18/2012. Guidance. 2014 Budget Year M-12-13. Fiscal https://www.whitehouse.gov/sites/default/files/omb/ memoranda/2012/m-12-13.pdf Strengthening Federal IT Portfolio Management. 3/27/2013. Management. Portfolio IT Federal Strengthening https://www.whitehouse.gov/sites/default/files/omb/ memoranda/2013/m-13-09.pdf and Effectively Tracked. 4/16/2015. 4/16/2015. Tracked. and Effectively products/GAO-15-296 Guidance: 2013 PortfolioStat Year M-13-09. Fiscal Actions Are Needed to Achieve Portfolio Savings. 11/6/2013. Portfolio Achieve to Needed Are Actions http://www.gao.gov/assets/660/658883.pdf Agency Additional OMB and Technology: 296. Information Realized Are Savings Portfolio Ensure to Needed Actions addressed all the requirements issued by OMB and that OMB and that issued by all the requirements addressed the potential that concluded materials agency of review GAO’s GAO-14- than reported. greater be even may savings for Agency Additional OMB and Technology: 65. Information memoranda/2012/m-12-10.pdf questioned have and others GAO however, since, years the In one agency only that noting these savings, of validity the default/files/omb/memoranda/2011/m11-29.pdf 3/30/2012. PortfolioStat. M-12-10. Implementing https://www.whitehouse.gov/sites/default/files/omb/ and access management, security, and web infrastructure); infrastructure); web and security, management, and access other and resources, human (finance, and business systems Officer Information M-11-29. Chief functions). administrative 8/8/2011. Authorities. OMB defined “commodity IT” as IT infrastructure (data (data infrastructure as IT IT” “commodity OMB defined and mobile devices); computers desktop networks, centers, tools, identity collaboration (email, systems IT enterprise General Services Administration. “Acquisition Gateway”. Gateway”. “Acquisition Administration. Services General https://hallways.cap.gsa.gov/login-information Digital Acquisition Innovation Lab. 3/9/2016. Lab. 3/9/2016. Innovation Acquisition Digital whitehouse.gov/sites/default/files/omb/procurement/memo/ acquisition-innovation-labs-and-pilot-for-digital-acquisition- innovation-lab-memorandum.pdf OMB Memorandum. Acquisition Innovation Labs & Pilot for for Pilot Labs & Innovation Acquisition OMB Memorandum. 28. 27. 26. 25. 24. 23. 22. 21. 20. 19. 18. IT Acquisition and Contracts Management - - - - - F-20
. For more information about government-wide Bench government-wide about information more . For https://www.performance.gov/node/3397/view?view= Performance.gov. “Cross-Agency Priority Goal: Benchmark and and Benchmark Goal: Priority “Cross-Agency Performance.gov. Up Progress Quarterly Operations”. Mission-Support Improve date. public and Management A: Chapter Policy see marking initiative, IT of Oversight IT to related efforts about information detailed more For B: Chapter Policy see initiatives, Modernization Infrastructure Modernization Infrastructure IT Officer Acquisition such as Chief Officials Agency Senior Human Capital Chief (CFO), Officer Financial Chief (CAO), Oper Chief (CIO), Officer Information Chief (CHCO), Officer and “Management defined in M-15-14. (COO); Officer ating ” 6/10/2015. Technology Information Federal of Oversight https://www.whitehouse.gov/sites/default/files/omb/memo randa/2015/m-15-14.pdf B: Chapter Policy see FedRAMP, about information more For Modernization Infrastructure IT 45. 46. 47. 48. - - - - - POLICY PAPERS POLICY https://www.whitehouse. https://www.performance.gov/ STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE cult to accurately compare agency data from year to year to year from data agency compare accurately cult to its CPIC guidance and GSA’s Benchmarking effort continued continued effort Benchmarking and GSA’s its CPIC guidance is It areas. other in help desks and data spending collect to the used efforts collection data varied these whether unclear may be diffi reporting instructions, so it and same definitions node/3399/view?view=public#progress-update collec data areas IT commodity its removed OFCIO Although to categories related center data restored the IDC, it tion from into PortfolioStat into Man Category Goal: Priority “Cross-Agency Performance.gov 2016 Q3 Update. FY agement.” proved FITARA agency plans.” OMB collects Common Baseline Baseline Common OMB collects plans.” agency FITARA proved in agencies from updates and milestones Self-Assessments responsibili the implementing progress their evaluate to order been incorporated not but these have FITARA, by required ties Measurement: There are no PortfolioStat key performance performance key no PortfolioStat are There Measurement: the However, the CIO. of the role which evaluate indicators ap of the “number reports Goal CAP Delivery IT Smarter environment. M-15-14. Management and Oversight of Federal Federal of and Oversight Management M-15-14. environment. 6/10/2015. Technology. Information gov/sites/default/files/omb/memoranda/2015/m-15-14.pdf revising the Federal Acquisition Regulation (FAR) to expand expand to (FAR) Regulation Acquisition the Federal revising broadening the technology,” of “information the definition and services cloud computing include clearly to purview CIO’s agency to the related contractors by operated IT significant OMB’s FITARA implementation guidance also committed to committed also guidance implementation FITARA OMB’s 44. 43. 42. 41. POLICY PAPERS Executing on the Future of IT
The recommendations provided below are drawn primarily from the findings surfaced during interviews with Federal agency CIOs, conversations with the Office of the Federal Chief Information Officer (OFCIO), and research conducted using government data, reports, and testimony. These findings were analyzed to develop the following overall themes, which form the basis for the subsequent recommendations.
Themes
Rather than a top-down model of pushing out new policies to agencies, OFCIO Adopt a should embrace a model that incorporates agency viewpoints and feedback Customer-focused throughout the entire process, including implementation and oversight. This includes the creation of feedback loops, outreach mechanisms, and prioritizing Approach workforce development.
Many agencies reported significant challenges in meeting the shifting priorities and proliferation of new OMB policies and initiatives. By focusing on executing a more limited number of policies and initiatives, agencies and OMB can Focus on improve outcomes. For example, the FITARA Common Baseline is the first Execution step in a much longer process to improve the management of government IT. Moving forward, OMB should work with agencies to not just fully implement the Common Baseline, but to set evolving standards for improving agencies’ IT management, budgeting, acquisition, and workforce.
Government-wide policies and initiatives often set implementation targets Orient that do not always align with agency operations and mission. This can lead to inconsistencies in data reported on key performance indicators. An outcome- Around oriented focus on measuring performance would drive higher quality reporting Outcomes and could provide more insight into policy areas such as open government and open data.
Agencies should leverage FITARA and other authorities to drive better cooperation between bureaus and the agency CIO, as well as between Act as an all senior agency officials. Similarly, OMB should coordinate between its management and budget offices, as well as other government-wide policy Enterprise stakeholders, such as OSTP, to provide clear policy guidance and lines of communication to agencies. The end goal is to have an enterprise-wide view of IT policies and investments to drive better decisions and outcomes.
STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 REC-1 Executing on the Future of IT REC-2 Findings Addressed Findings Agency Operations Do Not Always Align Always Not Do Operations Agency (A5) OMB Reporting With and Oversight in Messaging Changes From Agencies Can Discourage Metrics (B2) Action Taking Government- Apply to Struggle Agencies (A6) Environments Their to wide Policies • • • governance processes. For example, example, For processes. governance and data gather could Dashboard the IT in stakeholders customer from feedback OMB Also, evaluation. to the CIO addition with agencies working should continue customer-facing of establish catalogs to of effectiveness evaluate and to services in supporting those technology agency services. emphasize continuous testing of testing continuous emphasize value customer through assumptions than rather delivery and iterative metrics is best.” what “know providers assuming IT should possible, OMB the extent To this shift in thinking into incorporate and oversight, formulation, its policy
EXECUTING ON THE FUTURE OF IT OF FUTURE THE ON EXECUTING STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE
the customer experience. This parallels parallels This experience. the customer management private-sector innovative which such as “lean startup” practices web analytics, and net promoter scores, scores, promoter analytics, and net web into insight continuous can provide to establish the appropriate customer- establish the appropriate to tools. and measurement based metrics surveys, stakeholder customer like Tools an agency should work with program with program work should an agency officials agency senior and other leaders their customers and their needs. and their customers their of all levels at CIOs forward, Going groups like USDS and 18F and will require will require and USDS and 18F like groups of understanding their deepen to CIOs operational measures such as cost savings cost savings such as measures operational builds on This closures. center data or at government within the underway work the primary way to measure the success the success measure to way the primary traditional more as opposed to IT, of such, agencies and CIOs should apply should apply and CIOs such, agencies and sector the private from best practices as experience customer overall look to business partners focused on delivering on delivering focused business partners As programs. to agency results impactful beyond that of merely providing basic IT basic IT providing merely of that beyond and computing as desktop such services be true need to CIOs Today’s networking. The role of the CIO has evolved well well has evolved the CIO of role The Recommendation #1 Recommendation Programs Agency with CIO Engagement Increasing Experience: on Customer Focusing Recommendations Executing on the Future of IT REC-3 Findings Addressed Findings Agency Operations Do Not Always Align Align Always Not Do Operations Agency (A5) OMB Reporting With and Oversight in Messaging Changes From Agencies Discourage Can Metrics (B2) Action Taking Establish regular communications communications regular Establish on data feedback get to with agencies agency from the efforts collection with (e.g., alignment perspective of burden reporting, agency internal collection). data • • • its established information collection its established information Requests. Data such as Budget processes Though DART, as proposed here, is focused focused is here, as proposed DART, Though data, IT-related of on collection solely data encompass to evolve could role their OMB Management other for governance team The OFFM). (e.g., OFPP, Offices with closely efforts also coordinate could leveraging Division, Review Budget OMB’s well as its analytical capabilities as both EXECUTING ON THE FUTURE OF IT OF FUTURE THE ON EXECUTING STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE they are still needed; are they a data of the removal Recommend need is no clear there where element metrics used for not (e.g., data that for and public reporting); or Review potential data collections data potential Review is not data new that ensure to efforts; current of duplicative data all OFCIO review Periodically if to determine elements collection data; and regular rules standard Establish well as as cycles, collection data across terminology and tools common OFCIO; Standardize around a set of tools and tools of a set around Standardize agency of the collection for templates • • • • • Integrated Data Collection (IDC), the team (IDC), the Collection Data Integrated should: improving data management. data improving in OFCIO’s started work the upon Building guidance to ensure data quality and quality data ensure to guidance on direction strategic and set consistency, Data Analysis and Research Team (DART), (DART), Team Research and Analysis Data reporting standardize and manage would and consistent clear provide processes, reduce inefficiencies and inaccuracies in its and inaccuracies inefficiencies reduce the This group, processes. collection data By creating a new team dedicated to the dedicated team a new creating By all data of oversight and coordination can substantially OFCIO efforts, collection Standardize Data Collection: Establish Data Analysis and Research Team at OFCIO Team Research and Analysis Data Establish Collection: Data Standardize Recommendation #2 Recommendation Executing on the Future of IT REC-4 . The development (and (and development The .
JSON, XML) in addition to traditional JSON, XML) in addition to traditional the can improve This formats. PDF and oversight agencies of ability progress policy monitor to groups analytics, data tools, web through management performance and other tools. manner can reduce confusion and confusion can reduce manner impact and successful increase across policies of implementation should OFCIO the government. with the CIO and often early engage to ability their leveraging Council, the IT across solicit opinions from actions. inform better to community Structure Common of Establishment Policies for can template a standard of usage) include policies always ensure such as intended elements common mechanisms, purpose, oversight policies, and existing to linkages This can requirements. reporting reduce help agencies to serve to ability their and improve confusion and draft both Furthermore, execute. in policies can be published finalized using a standard format a structured (e.g., schema and open formats duplication with existing policies, policies, existing with duplication Additionally, and laws. regulations, current upon its expand OMB should comments solicit public to efforts on its draft feedback and agency policies. also build upon the can OFCIO Council’s the CIO of reorientation which is structure, committee CIOs align agency better designed to to committees and the Council’s process, development policy OFCIO Figure). (see this change facilitate to in such a the CIO Council Using • . EXECUTING ON THE FUTURE OF IT OF FUTURE THE ON EXECUTING . Policy objectives objectives . Policy STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE reviewed to prevent conflicts and conflicts prevent to reviewed agencies, industry, and Congress to to and Congress industry, agencies, opportunities to address new surface the broader needs across pressing policies new Any community. IT should be rigorously initiatives or Development of Customer-Driven Customer-Driven of Development and Formulation Policy for Process Implementation when there best achieved often are all stakeholders is buy-in from with work OMB should involved. Additionally, work should continue continue work should Additionally, establish a comprehensive to map policies and to library policy IT Administration overarching to objectives. Continue current review efforts of efforts review current Continue overlap reduce to policies IT existing outdated retire and redundancy, alignment policies, and improve priorities. Administration with Rationalization of Current Policies Current of Rationalization • • both agencies’ needs and the priorities agencies’ both activities Potential Administration. the of include: oversight. Ultimately, the goal is to develop to develop goal is the Ultimately, oversight. meets that approach a customer-oriented formulates policies and initiatives, but policies and initiatives, formulates upon expand to exists the opportunity and implementation in both work this Recently, OMB has undertaken efforts efforts undertaken OMB has Recently, it how to structure greater provide to ability to keep pace and effectively meet and effectively pace keep to ability objectives. OMB’s the lack of a consistent approach to approach a consistent the lack of with coupled management performance agency policies taxes of number the sheer with the mission objectives or business or objectives with the mission Furthermore, agency. in each processes Numerous CIOs reported that many many that reported CIOs Numerous and initiatives policy government-wide align always did not requirements reporting Continue Shift Towards Agency (Customer) Driven Policy Development and Implementation and Development Policy Driven (Customer) Agency Towards Shift Continue Recommendation #3 Recommendation Executing on the Future of IT REC-5
Findings Addressed Findings Gauge (C4) Gauge to Leads in Cybersecurity Visibility High and Metrics Messages, Policy Multiple (E4) Priorities Agency Operations Do Not Always Align Align Always Not Do Operations Agency (A5) OMB Reporting With Government- Apply to Struggle Agencies (A6) Environments Their to wide Policies IT Modernizing to Approach Current Align Necessarily not Does Infrastructure (B1) Needs Agency with and Oversight in Messaging Changes from Agencies Can Discourage Metrics (B2) Action Taking and Government Open of Outcomes to Hard Be Can Efforts Data Open • • • • • • EXECUTING ON THE FUTURE OF IT OF FUTURE THE ON EXECUTING STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE Figure Rec-1: CIOC Proposed Relationship Model with OFCIO Model Relationship CIOC Proposed Rec-1: Figure . OMB’s internal internal . OMB’s information about policy discussions policy about information requirements. and implementation once the policies are implemented. implemented. the policies are once leadership agency Additionally, effective more make will be able to and budget-related business process more to access have they decisions if concerns during policy development. development. during policy concerns consult could addition, OMB In Drafting directly. with agencies these concerns address policies that and outcomes better should drive conflicts budget in fewer result should increase collaboration in collaboration should increase and development policy of the area This increased implementation. to OMB could allow collaboration budget agency-specific consider Linking management and budget and budget management Linking decisions functions and budget management • participation in the policymaking process. in the policymaking participation This organizational chart provided by the Federal CIO Council (CIOC) represents the reorientation of the CIOC to better facilitate agency agency facilitate better to of the CIOC reorientation the represents (CIOC) Council CIO Federal the by chart provided organizational This Continue Shift Towards Agency Driven Policy Development and Implementation (continued) Implementation and Development Policy Driven Agency Towards Shift Continue Recommendation #3 Recommendation Executing on the Future of IT REC-6 Findings Addressed Findings Agency Operations Do Not Always Align Align Always Not Do Operations Agency (A5) OMB Reporting With Government- Apply to Struggle Agencies (A6) Environments Their to wide Policies IT Modernizing to Approach Current Align Necessarily not Does Infrastructure (B1) Needs Agency with to Leads in Cybersecurity Visibility High and Metrics Messages, Policy Multiple (E4) Priorities Existing Awareness, Better Despite Underutilized Are Flexibilities Acquisition (F1) Agencies by Challenges Face Staff Acquisition Innovative Complex, Evaluating Technology Without Great Technology Expertise (F3) • • • • • • However, hiring and retaining a service- and retaining hiring However, mix of with the right workforce oriented Going step. the first is only experience develop OMB should also forward, current assess their loops to feedback and support provided, of quality the staff, agencies example, needs. For emerging customer with regular be provided could OFCIO to measure surveys satisfaction metrics against performance desk officer implementation of such as timeliness in communicating support, clarity working in and effectiveness requirements, objectives. policy achieve to with agencies EXECUTING ON THE FUTURE OF IT OF FUTURE THE ON EXECUTING STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE young policy professionals through through professionals policy young the CIO the use of expanding Days, Shadow Job IT Council’s efforts. related and other internships, Using the CIO Council committees as committees CIO Council the Using staff potential for ground a proving work to opportunity the offering by to activities policies or on committee and employees; government interested more and training Recruiting Revisiting its hiring and contractor contractor its hiring and Revisiting to prioritize selection processes agency for screen directly and more and customer-focused experience mindset; rotational programs (e.g., agency (e.g., agency programs rotational Innovation Presidential detailees, the continuous ensure to Fellows) agencies between talent of exchange and OMB; Expanding upon current agency agency Expanding upon current • • • • and agency efforts. OMB can increase its OMB can increase efforts. and agency by: find such staff to ability that new policies and oversight practices practices policies and oversight new that best in lessons learned and grounded are government-wide previous from practices facilitate better relationships between between relationships better facilitate while also ensuring OMB and agencies experience to support policy formulation, formulation, support policy to experience This oversight. and implementation, can help experience of combination contractors) with the right blend of hands- blend of with the right contractors) and government-wide on, agency-based As OMB takes a more customer-focused customer-focused a more takes As OMB it is with agencies, working to approach and employees (both staff have to essential Bolster OMB’s Personnel to Focus on Customer Service Model Service on Customer Focus to Personnel OMB’s Bolster Recommendation #4 Recommendation Executing on the Future of IT REC-7 between agency performance and and performance agency between Common the of full implementation Baseline; Common the FITARA Aligning with outcome-focused Baseline accessible, easily are that measures to stakeholders Federal allowing of the impact evaluate effectively agencies; across FITARA for Exploring advocating to CIO- directly appropriations in programs or offices managed environments; select agency Rethink how PortfolioStat supports supports PortfolioStat how Rethink and key agenda management OMB’s consider In particular, priorities. IT customer and FITARA incorporating into directly more efforts service consider Additionally, the agenda. and Secretaries including Deputy each agency at leaders CXO other IT of the importance elevate to initial the case in the was issues (as 2012); FY sessions in PortfolioStat FITARA agency Reviewing to ensure plans implementation actions are planned agency that gaps to close lingering sufficient • • • • EXECUTING ON THE FUTURE OF IT OF FUTURE THE ON EXECUTING STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE government-wide initiatives, initiatives, government-wide implementation; FITARA especially Making regular use of the President’s the President’s use of regular Making (composed Council Management place to Secretaries) Deputy of on high priority attention proper • evaluating oversight and execution. Specific execution. and oversight evaluating actions include: recommended management structure and operations are are and operations structure management OMB should issue outcomes. improving on focused up memorandum a follow Second, OMB should consider how to how OMB should consider Second, in these changes not or whether evaluate agency IT systems. First, OMB needs First, systems. IT agency the met have agencies that ensure to Baseline. the Common of requirements However, much more remains to be done be to remains much more However, of management improving continue to OMB took an important first step by by step first an important OMB took Baseline. Common instituting the FITARA acquisition community, the HR community, community, the HR community, acquisition and the programs community, the financial themselves. OMB should work with agency leadership with agency work OMB should with the CIO engagement increase to efforts, IT-related decisions at many at many decisions IT-related efforts, without significant made still are agencies Accordingly, CIO. the from involvement with their peers across the CXO suite. Yet Yet suite. the CXO across peers with their implementation FITARA recent despite CIOs are much more effective and capable and effective much more are CIOs and priorities Administration achieving of engaged fully are when they goals IT agency FITARA 2.0: Facilitate Additional CXO Collaboration at Agencies and with OMB and Agencies at Collaboration CXO Additional Facilitate 2.0: FITARA Recommendation #5 Recommendation Executing on the Future of IT REC-8 Findings Addressed Findings Reaction to FITARA Implementation is Implementation to FITARA Reaction (A2) Mixed is Only Baseline Common FITARA The Process Longer in a Much Step the First (A3) IT Agency Improving Successfully the Requires Functions Management of the Members All of Participation (A4) Suite Executive Leadership Gets Only Infrastructure Fails (B3) IT When Attention • • • • EXECUTING ON THE FUTURE OF IT OF FUTURE THE ON EXECUTING STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE benefits, and business value. and business benefits, Strategy, and Transparency (IT COST) COST) (IT Transparency and Strategy, and and taxonomies frameworks into improvements related other control capital planning investment CIOs to provide reporting data costs, IT into visibility improved OGP); and thinking the to integrate Continue Business Technology behind the (TBM) Council’s Management Opportunity, Cost, IT on Commission to ensure consistent prioritization prioritization consistent ensure to key across communication) (and OFCIO, (e.g. offices OMB M-Team key OFFM) and other OPPM, OFPP, GSA/ OSTP, OIRA, (e.g., stakeholders Increase regular coordination at the at the coordination regular Increase level and the staff principal level • • FITARA 2.0: Facilitate Additional CXO Collaboration at Agencies and with OMB (continued) with OMB and Agencies at Collaboration CXO Additional 2.0: Facilitate FITARA Recommendation #5 Recommendation Executing on the Future of IT REC-9 . Share . Share . Continue to . Continue Findings Addressed Findings acquisition by making every RFI every making by acquisition in (post-release) available and RFP on a open format a standardized, all potential and allow website single posted any to access easy vendors set-aside of (regardless opportunity status). to Due and Uncertainty Delays are Length Process Procurement (F2) IT Effective to Obstacles Create Vendors Accessing to Restrictions Needs IT Meeting to Risks Unintentional (F4) Processes Procurement Government Evolving to Adapt to Lack the Flexibility (E1) Threats Cyber Make Greater Use of Existing Existing of Use Greater Make New and Explore Certifications Certifications streamline and standardize procurement of performance as project well as programs activities and functions management certifications of the use through Acquisition such as the Federal Project and Program for Certification (FAC-P/PM). Managers Sharing Information Increased across internally RFI responses appropriate), (as government the into visibility increase • • • • • . EXECUTING ON THE FUTURE OF IT OF FUTURE THE ON EXECUTING Pilot ideas Pilot STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE . Designate (or have agencies have (or . Designate the sharing or reuse of contracts contracts of reuse the sharing or of and the application GWACS) (e.g., worked that practices procurement acquisitions. in prior well demonstrate leading performance leading performance demonstrate product/service in particular Category GSA’s extending areas, build to approach Management experts throughout of communities can also promote COEs The agencies. Requests for Proposals (RFPs), to to (RFPs), Proposals for Requests best practices. develop Excellence of Centers Acquisition (COEs) which offices acquisition nominate) to gather feedback from the from feedback gather to community vendor and government the understandability, regarding past of results and actionability, and (RFIs) Information for Requests levels to improve trust and reliability and reliability trust improve to levels and IT. staff procurement between via be measured SLAs could These easy for approach a scorecard-like and monitoring. review Systems. Feedback Service-Level Agreements (SLAs) Agreements Service-Level regarding expectations clear Set timelines and service procurement • • • procurement community, CIOs, and CIOs, community, procurement recommendations Specific industry. include: opportunities to foster a productive a productive foster to opportunities the between relationship working Building on recent joint efforts by OFPP OFPP by efforts joint on recent Building Management, Category (e.g., and OFCIO of a number are there Mythbusting), Strengthening the Partnership Between IT and Procurement Communities and Procurement IT Between the Partnership Strengthening Recommendation #6 Recommendation Executing on the Future of IT REC-10 Findings Addressed Findings Authority and Role of CIOs Vary Vary CIOs of and Role Authority (A1) Agencies Between Stakeholders of Range Broad The (C2) Governance Complicates Difficulty Express CIOs Agency Open to Resources in Dedicating Initiatives Data and Open Government (C1) Continuing to make greater use of of use greater to make Continuing services shared and IT commodity on more focus to will enable CIOs efforts. mission-oriented strategic, to be CIOs will allow this Ultimately trade- the for maker the decision and mission significant between offs priorities. operational • • • • government-wide policy stakeholders. policy government-wide Finally, OMB should clearly outline the OMB should clearly Finally, other and OFCIO between relationships within organizations and offices IT-related President and of the Office the Executive USDS, OSTP, (e.g., the government across for path a clear provide to OIRA, GSA) with the appropriate engage to agencies EXECUTING ON THE FUTURE OF IT OF FUTURE THE ON EXECUTING STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE Entitlement & Beneficiary Services or Services Beneficiary & Entitlement & Infrastructure). Economy of “Chief” positions involved in positions involved “Chief” of Multiple functions. IT-related depending models can be defined mission (i.e. agency on the type of such as FedStat, used in definitions Development of a “model office” a “model office” of Development for as a template which can serve structuring in their follow to agencies office The model operations. own relationships, out reporting can lay and authorities responsibilities, and even the private sector. The The sector. the private and even (DOT) Transportation of Department the where one example, provides with the CIO for directly works CTO roles. defined clearly each having Sharing best practices and proven and proven best practices Sharing OCIO organizational models for Federal across from structures governments, other agencies, • • wide and agency levels. This can beThis levels. wide and agency as follows: accomplished To address these issues, the role of the CIO of issues, the role these address To should be positions IT-related and other government- at the clarified both further the strategic use of information to drive to drive information use of the strategic decisions. infrastructure management and operations and operations management infrastructure and efforts than on mission-related rather place within the agency leadership team. leadership the agency within place spending reported CIOs many Moreover, focused on time their of the majority Officers) has made it difficult for many for made it difficult has Officers) and their role their understand to CIOs The recent proliferation of IT-related “Chief” “Chief” IT-related of proliferation recent The Chief Officers, Digital (e.g., Chief positions Technology Chief Officers, Innovation Clarify the Role of the CIO: Put the “Information” Back in CIO the “Information” the CIO: Put of the Role Clarify Recommendation #7 Recommendation Executing on the Future of IT REC-11 Findings Addressed Findings Management Functions Requires the the Requires Functions Management of the Members All of Participation (A4) Suite Executive Align Always Not Do Operations Agency (A5) with OMB Reporting and Oversight in Messaging Changes from Agencies Discourage Can Metrics (B2) Action Taking Leadership Gets Only Infrastructure Fails (B3) It When Attention Difficulty Expressed CIOs Agency Open to Resources in Dedicating Initiatives Data and Open Government (C1) Stakeholders of Range Broad (C2) Governance Complicates a Demonstrated Sprint Cybersecurity OMB-to- of Model Highly-Effective and Formulation Requirement Agency (E3) Implementation Successfully Improving Agency IT IT Agency Improving Successfully • • • • • • • As a part of maintaining consistent consistent maintaining of As a part OMB with agencies, communication performance a list of should maintain and challenges, gaps and measurement those address to projects plan short-term year. the throughout gaps and challenges is an there OMB should ensure Finally, provide to agencies for channel effective challenges, policy needs, on their feedback concerns. and implementation EXECUTING ON THE FUTURE OF IT OF FUTURE THE ON EXECUTING STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE framework. agencies should be encouraged to develop develop to should be encouraged agencies this around business objectives IT their oversight or measurement process used process measurement or oversight towards progress continued ensure to practicable, Whenever those objectives. “line-of-sight” alignment between top top between alignment “line-of-sight” goals, and the lower-level objectives, the current environment’s needs. As OMB needs. environment’s the current policies, new implement and agencies provide can framework this performance priorities even as individual actions and as individual actions even priorities meet to change may requirements policy By starting with higher-level goals that goals that with higher-level starting By time, OMB over constant relatively remain on its highest focused agencies can keep should be widely distributed across the across distributed widely should be government. and agency goals should then align to then align to should goals and agency strategy This framework. this broader a multi-year vision that sets forth the forth sets vision that a multi-year efforts. IT Federal for direction strategic indicators, performance policies, new All As a part of a renewed President’s President’s a renewed As a part of OMB should publish Agenda, Management (e.g., human capital, financial management, management, human capital, financial (e.g., the incoming that procurement) to accomplish. would like Administration objectives and measurable goals across across goals and measurable objectives areas management the government-wide The start of an Administration is an Administration an start of The overarching to establish an ideal time key the which identifies strategy Establish a Standard Performance Management Framework Management Performance Standard a Establish Recommendation #8 Recommendation Executing on the Future of IT REC-12 Findings Addressed Findings Existing Policies and Statutes Can Statutes and Policies Existing (C3) Efforts Data Open with Conflict Existing Awareness, Better Despite Underutilized Are Flexibilities Acquisition (F1) Agencies by Challenges Face Staff Acquisition Innovative Complex, Evaluating Technology Without Great Technology Expertise (F3) Potential the Have Tools New and Savings Cost Accelerate to (B5) Rationalization Infrastructure is Not Workforce IT Federal The Address to Equipped Adequately (E2) in Cybersecurity Challenges Developing tools and processes to to and processes tools Developing and lessons best practices share communities publicize learned, and disciplines; IT across practice of with engagement Increasing tools using modern by participants in social networking mobile and like web listservs, to traditional addition and forums; portals, and discussion CIO government-wide a Revamping those to provide effort Bootcamp positions a leadership IT to new Federal of background common regulations, laws, management IT policies, and practices. • • • • • • • • EXECUTING ON THE FUTURE OF IT OF FUTURE THE ON EXECUTING STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE and external communications to the communications and external practicable; extent management, particularly around around particularly management, flexibilities; hiring and acquisition and terms Standardizing reporting used in OMB definitions operations, agency requirements, program-and-IT collaboration at the collaboration program-and-IT level; agency efforts “mythbusting” Conduct address basis to on an ongoing IT throughout misconceptions of interest for new communities communities new for interest of with OMB and aligned practice of customer priorities. HUD’s agency a provide coordinators relationship hardwire to how of example good Increasing collaboration between between collaboration Increasing cross- OMB, the CIO Council, organizations governance agency and agencies, USSM), other (e.g., areas identify to councils CXO other • • • management and communities of practice. practice. of and communities management could include: efforts These designate the CIO Council as the official as the official the CIO Council designate knowledge IT government-wide hub for problems, lower confusion, and streamline and streamline confusion, lower problems, compliance and policy oversight agency and OMB should empower efforts. between agencies and OMB, could help OMB, could and agencies between commonto solutions successful spread CIOs emphasized that greater greater that emphasized CIOs and IT the across communication including communities, management Focus on Knowledge Management: Collaborate, Coordinate, and Communicate and Coordinate, Collaborate, Management: on Knowledge Focus Recommendation #9 Recommendation Executing on the Future of IT REC-13 Findings Addressed Findings Transfer of Funds Between Agencies Agencies Between Funds of Transfer (D2) Challenges Presents Negatively Mechanisms Funding Agency the Federal of Ability the Impact as an Enterprise” “Buy to Government (F5) • • This fund can be centrally managed by by managed centrally fund can be This and should agency designated a OMB or and with current coordinated be tightly initiatives government-wide emerging IT and services shared modernize to Shared such as Unified infrastructure, (USSM) and the Management Services (DCOI). Initiative Optimization Center Data is providing this effort to precursor key A for the primary definition an authoritative shared and modernization IT of concepts office management central A services. these to provide well-positioned be would definitions. EXECUTING ON THE FUTURE OF IT OF FUTURE THE ON EXECUTING STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE modernization efforts to drive to drive efforts modernization the government. across consistency Establish a standard approach and approach a standard Establish transferring for authorities sufficient and agencies; and to funds between expertise centralized Provide infrastructure for and oversight Provide multi-year funds, outside multi-year Provide budgets, agency traditional of for prioritized specifically and modernization infrastructure adoption; services shared • • • of IT funding. This fund can: This funding. IT of OMB should continue its recent work with work recent its continue OMB should source establish a centralized to Congress leadership make it challenging for agencies agencies it challenging for make leadership and move infrastructure IT modernize to these issues, address To services. shared to transferring funding between agencies, agencies, between funding transferring agency from attention and a lack of As heard throughout the interviews, the interviews, throughout As heard capital planning upfront for requirements rules for complex and investment, Establish Central Funding for Shared Services and Infrastructure Modernization and Infrastructure Services Shared for Funding Central Establish Recommendation #10 Recommendation Executing on the Future of IT REC-14 Currently, agency agency Currently, Findings Addressed Findings quantitative, rigorous format. rigorous quantitative, is Not Workforce IT Federal The Address to Equipped Adequately (E2) in Cybersecurity Challenges a Demonstrated Sprint Cybersecurity of OMB-to- Model Highly-Effective and Formulation Requirement Agency (E3) Implementation Publicly-Available Dashboards Dashboards Publicly-Available of Areas Potential Illustrating Improvement. on implementing performance published in the is safeguards and quarterly Report annual FISMA in PDF Goal CAP Cybersecurity release OMB started to formats. supplement to workbooks Excel the but it should take this reporting, oversight strengthen to step next sortable making an interactive, by Open modeled on Project dashboard it as easy make to Dashboard Data each agency’s identify as possible to in a improvement for areas key • • • Extend Extend
Promoting Promoting EXECUTING ON THE FUTURE OF IT OF FUTURE THE ON EXECUTING Scaling the lessons Scaling STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE infrastructure capabilities, such as infrastructure Recommendation (see small agencies #12); and expertise and technology on building technology and expertise OMB can infrastructure, this shared on customer focus to CIOs allow activities. IT and mission-focused particular can be of approach This with limited to organizations benefit Centralized IT infrastructure. infrastructure. IT Centralized to establish a shared efforts modern, secure government-wide, can which all agencies infrastructure cybersecurity focusing By adopt. Sprint-Based Approach to Policy Policy to Approach Sprint-Based Implementation. the Cybersecurity learned from to and applying them other Sprint gaps; implementation agency key Cybersecurity Workforce. Cybersecurity and scaling with new, Experimenting retention hiring and successful process and incentives, strategies, talent; cybersecurity for reforms Awareness & Education. & Education. Awareness behaviors cybersecurity-supportive the Federal and norms throughout increased through workforce and education, awareness, training, outreach; • • • • additional improvement: the government’s overall cybersecurity cybersecurity overall the government’s for remain opportunities However, posture. OMB has made significant progress in progress made significant OMB has vulnerabilities longstanding addressing improve to infrastructure IT in agency Providing Common Cybersecurity Resources for Agencies for Resources Cybersecurity Common Providing Recommendation #11 Recommendation Executing on the Future of IT REC-15 Findings Addressed Findings Agencies Struggle to Apply Government- Apply to Struggle Agencies (A6) Environments Their to wide Policies IT Modernizing to Approach Current Necessarily Not Does Infrastructure (B1) Needs Agency with Align Agencies Between Funds of Transfer (D1) Challenges Presents is Not Workforce IT Federal The Address to Equipped Adequately (E2) in Cybersecurity Challenges • • • • EXECUTING ON THE FUTURE OF IT OF FUTURE THE ON EXECUTING STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE them government-wide. first pilot service offerings and operating and operating offerings service pilot first introducing models on a small-scale before (e.g., HR, FM). Additionally, this approach approach this Additionally, HR, FM). (e.g., Federal larger for as a model serve could to an opportunity providing agencies, include more complex services such as such services complex include more functions office back and administrative partners. At a minimum, the focus should a minimum, the focus At partners. network, (e.g., services be on basic IT to expanded could be hosting, email) but be managed by designating one or more more one or designating by be managed as managing providers service shared This capability could either be housed in an be housed either could capability This services with shared office agency existing (e.g., USSM), or expertise management of delivery, reliability, and security of IT IT of and security reliability, delivery, of small agencies. at services cost savings can be achieved. Additionally, Additionally, can be achieved. savings cost the speed can improve IT centralizing areas such as cybersecurity and digital such as cybersecurity areas IT establishing a centralized By services. significant small agencies, for capability which have limited internal resources and resources internal limited which have skills in critical IT lack specialized often Significant economies of scale can be scale can of economies Significant services. shared use of through achieved small agencies, for true is particularly This Establish Centralized IT Capability for Small Agencies Small for Capability IT Centralized Establish Recommendation #12 Recommendation Executing on the Future of IT REC-16 Findings Addressed Findings with OMB Reporting (A5) with OMB Reporting Leadership Gets Only Infrastructure Fails (B3) It When Attention and Government Open of Outcomes to Hard Be Can Efforts Data Open (C4) Gauge Agency Operations Do Not Always Align Align Always Not Do Operations Agency • • • Measurable Goals and Policy Requirements. Requirements. and Policy Goals Measurable it easier make to steps take OMB should with engage to groups oversight other for For topics. management on IT agencies agency write also OMB should example, consistent, using requirements reporting it easier to make reporting data structured to IG community agency and the GAO for data reported comparing audits by conduct records. against agency OMB EXECUTING ON THE FUTURE OF IT OF FUTURE THE ON EXECUTING STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE transparency and availability of agency data agency of and availability transparency the Federal like tools public-facing through Dashboard. IT OMB should also work with these groups with these groups work OMB should also the to increase opportunities identify to priorities and work with them to identify to identify with them work priorities and raised concerns potential and remediate Additionally, in audits, as appropriate. should more directly engage with GAO with GAO engage directly should more specific policies and around and the IGs GAO and IGs as follows: and IGs GAO Efforts. & Oversight Audits Targeted coverage and Congressional scrutiny. OMB scrutiny. and Congressional coverage of level a preserve need to will course of with partner but can look to independence, in part because their findings are published findings are in part because their press by and can be accompanied publicly specialized audit skills, methodologies and audit skills, methodologies specialized to can serve and IGs GAO Moreover, tools. on specific issues, attention agency focus quality as well as to strengthen oversight of of oversight strengthen as to well as quality bring and IGs GAO management. IT agency delivers for its citizens. As such, OMB As such, its citizens. for delivers appropriate, where partner, should look to data improve both to with these groups ultimately they share the same goal: an the same share they ultimately that government effective and efficient While OMB, GAO, and the Inspectors Inspectors and the GAO, OMB, While to be times appear can at (IGs) General objectives, different towards working Expand Engagement With Audit and Oversight Groups to Improve Data Availability Data Improve to Groups Oversight and Audit With Engagement Expand Recommendation #13 Recommendation Executing on the Future of IT REC-17 EXECUTING ON THE FUTURE OF IT OF FUTURE THE ON EXECUTING Requirement Formulation and Implementation and Formulation Requirement Priorities and Metrics, Messages, Policy Multiple to Leads in Cybersecurity Visibility High by Agencies Underutilized Are Flexibilities Acquisition Existing Awareness, Better Despite IT Effective to Obstacles are Length Process Procurement to Due and Uncertainty Delays Without Technology Innovative Complex, Evaluating Challenges Face Staff Acquisition Expertise Technology Great Needs IT Meeting to Risks Unintentional Create Vendors Accessing to Restrictions to government Federal the of ability Impact the Negatively Mechanisms Funding Agency as an Enterprise” “Buy Existing Policies and Statutes Can Conflict with Open Data Efforts Data Open with Conflict Can Statutes Policies and Existing Gauge to Hard Be Can Efforts Data and Open Government Open of Outcomes Challenges Present Agencies Between Funds of Transfer Lower to and Can Lead and Burden Risk Agency Increases Services Shared Providing Service of Quality Cyber Evolving to Adapt to Lack the Flexibility Processes Procurement Government Threats in Challenges Address to Equipped Adequately is Not Workforce IT Federal The Cybersecurity of OMB-to-Agency Model a Highly-Effective Demonstrated Sprint Cybersecurity Agency Needs Agency Taking from Agencies Can Discourage Metrics and Oversight in Messaging Changes Action Fails It When Attention Leadership Gets Only Infrastructure Services Cloud New of Adoption Safe Accelerated Not Has FedRAMP rationalization and infrastructure savings cost to accelerate the potential have tools New and Government Open to Resources Dedicating in Difficulty Expressed CIOs Agency Initiatives Data Open Governance Complicates Stakeholders of Range Broad Authority and role of CIOs vary between agencies between vary CIOs of and role Authority is mixed of FITARA to implementation Reaction process a much longer in step the first is only Baseline Common FITARA The of all the participation requires functions Management IT agency improving Successfully suite the Executive of members reporting with OMB align always do not operations Agency environments their policies to government-wide apply to struggle Agencies with Align Necessarily not Does Infrastructure IT Modernizing to Approach Current Findings STATE OF FEDERAL IT REPORT / PUBLIC RELEASE VERSION 1.0 / PUBLIC RELEASE REPORT IT FEDERAL OF STATE E3 E4 F1 F2 F3 F4 F5 C3 C4 D1 D2 E1 E2 B1 B2 B3 B4 B5 C1 C2 A1 A2 A3 A4 A5 A6 ID
IT Acquisition and Acquisition IT Management Contracts Contracts Management Contracts and Acquisition IT Management Contracts IT Acquisition and Acquisition IT Management Contracts and Acquisition IT Cybersecurity and Acquisition IT Management Contracts Cybersecurity Cybersecurity Cybersecurity Federal Shared Services Shared Federal Services Shared Federal Open Data Open and Government Open Data Open Open Government and Government Open Data Open and Government Open Modernization and Government Open Data Open Modernization Infrastructure IT Modernization Infrastructure IT IT Infrastructure Infrastructure IT Modernization Infrastructure IT Oversight of IT of Oversight Infrastructure IT Modernization Management and Management IT of Oversight and Management Oversight of IT of Oversight and Management IT of Oversight Oversight of IT of Oversight and Management IT of Oversight and Management Policy Chapter Policy and Management SOFIT Findings Index Findings SOFIT