2007 STL Acq Ins Day -- IT Acq

67 %
33 %
Information about 2007 STL Acq Ins Day -- IT Acq
Business-Finance

Published on January 15, 2009

Author: aSGuest10636

Source: authorstream.com

Slide 1: Defense Acquisition University/St. Louis Acquisition Insight Day Acquisition of Information Technology Bill Zimmerman Professor, Information Technology DAU West Region bill.zimmerman@dau.mil 23 May 2007 Why do I care about the IT Regulations? : Why do I care about the IT Regulations? On 08 Mar 2002, OSD signed out the Clinger-Cohen Act compliance policy: “Compliance with CCA is required for all systems, including those in weapons and weapons systems programs.” “The basic requirements of the CCA that relate to the Department’s acquisition process have been institutionalized in the DoD Instruction 5000.2. The purpose of this policy memorandum is to clarify and simplify the requirement for judging compliance with the law.” “The requirement for submission of written confirmation required by DoDI 5000.2 [Table E4.T1] shall be satisfied by the components CIO’s concurrence with the Program Manger’s CCA Compliance Table.” Statutes and Policy : Statutes and Policy Clinger-Cohen Act, 1996 DoD Inst 5000.2 Government Information Security Reform Act (GISRA), 2000 Federal Information Security Management Act (FISMA), 2002 OMB Circular A-130 Slide 4: Except from Senator Cohen 1994 Report What is the CCA? : What is the CCA? February 10, 1996, Information Technology Management Reform Act (ITMRA) combined with the Federal Acquisition Reform Act (FARA) = Clinger-Cohen Act (CCA) Attempts to resolve the following perceived issues: Business process improvement before investing in IT Little or no improvement in mission performance; Implementation of ineffective information systems resulting in waste, fraud, and abuse; Outdated approaches to buying IT that do not adequately take into account the competitive and fast pace nature of the IT industry Impacts : Impacts DoD Chief Information Officer (CIO) MAIS certification of compliance Registration of Mission Critical or Mission Essential IT systems Required for all IT systems including weapon systems Institutionalized via DoDI 5000.2 Additional Laws and Changes to CCA Federal Information Security Management Act 2002 OSD Memo Clinger-Cohen Act Compliance Policy 8 March 2002 Key CCA Provisions : Key CCA Provisions Defines Information Technology and Information Technology Architecture Repeals central authority of GSA Assigns Key responsibilities to Director of OMB, including: Capital Planning and Investment Control: key assessment role IT Standards oversight through NIST Evaluate agency ROI in IT and management practices OMB has authority to adjust apportionments for IT Agencies must establish CIOs CIOs establish processes to provide for financial accountability and performance measurement for IT systems Key CCA Provisions(continued) : Key CCA Provisions(continued) Agencies must do capital planning and investment control Establish process to select, manage, and evaluate IT investments Integrate IT with budget and management processes Link IT Performance Measures to agency programs Develop processes to verify progress in IT investments Establish performance and result-based management goals Tie IT performance measures into agency goals Do BPR before making significant IT investments Ensure INFOSEC policies are adequate Requires “modular contracting”: contract award within 180 days + 18 month delivery of a discrete increment(s) that “is not dependent on any subsequent increment in order to perform its principal functions” CCA Definitions : CCA Definitions Clinger-Cohen Act definitions (cited from the law): “Information System: ‘information system’ has the meaning given such term in section 3502(8) of title 44, United States Code.” Section 3502(8) of title 44, United States Code: “The term ''information system'' means a discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.” The term ''information resources'' means information and related resources, such as personnel, equipment, funds, and information technology; CCA Definitions cont. : CCA Definitions cont. Clinger-Cohen Act (CCA) definitions (cited from the law): Information Technology “(A) The term ‘information technology’, with respect to an executive agency means any equipment or interconnected system or subsystem of equipment, that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the executive agency. “ (B) The term ‘information technology’ includes computers, ancillary equipment, software, firmware and similar procedures, services (including support services), and related resources.” CCA Definitions cont. : CCA Definitions cont. National Security System (NSS) defined (cited from the law): “(a) Operated by the United States Government, the function, operation, or use of which: Intelligence activities; Cryptologic activities related to national security; Command and control of military forces; Equipment that is an integral part of a weapon or weapons system; or Critical to the direct fulfillment of military or intelligence missions.” “(b) LIMITATION – does not include a system that is to be used for routine administrative and business applications (including payroll, finance, logistics, and personnel management applications). “ CCA Definitions cont. : CCA Definitions cont. DoDI 5000.2 definitions: “Mission-Critical Information System – “Information system” & “national security system” in the CCA Loss causes the stoppage of warfighter operations and direct mission support of warfighter operations. Designation made by a Component Head, a Combatant Commander, or their designee. “Mission-Essential Information System – “Information system” Component Head or designee determines what is basic and necessary to the organizational mission. Designation of mission essential shall be made by a Component Head, a Combatant Commander, or their designee. FAR Part 39 : FAR Part 39 Defines National Security System Directs us to OMB Circular A-130 (to be discussed later) Requires use of risk management Requires use of modular contracting where appropriate OMB Circular A-130 : OMB Circular A-130 This Circular establishes policy for the management of Federal information resources. OMB includes procedural and analytic guidelines for implementing specific aspects of these policies as appendices. Appendix I, Federal Agency Responsibilities for Maintaining Records About Individuals Appendix II, Implementation of the Government Paperwork Elimination Act Appendix III, Security of Federal Automated Information Resources Appendix IV, Analysis of Key Sections OMB A-130 Tenants : OMB A-130 Tenants Information Management Policy - The Enterprise Architecture and supporting information technology helps to enable the IM Policy Provide Information to the Public - Agencies are required to provide government information to the public Manage Information Systems and Information Technology - Requires an IT Capital Plan and an Information Resource Management Strategic Plan Enterprise Architecture – Requires an Enterprise architecture as part of a Strategic Architecture Plan Security in Information Systems IA must be part of the Enterprise Architecture Acquire Information – Acquisition should be part of the IT Capital Plan DoDI 5000.2 : DoDI 5000.2 On 12 May 2003, DoDI 5000.2 was signed: “The MDA shall not approve program initiation or entry into any phase that requires milestone approval for an acquisition program (at any level) for a mission-critical or mission essential IT system until the DoD Component CIO confirms or certifies (for MAIS only) that the system is being developed in accordance with [the Clinger-Cohen Act]”. “The DoD Component shall not award a contract for the acquisition of a mission-critical or mission-essential IT system, at any level, until the following have been accomplished: (a) The DoD Component registers the system with the DoD CIO; (b) The DoD CIO determines the system has an appropriate information assurance strategy; and (c) The DoD Component CIO confirms that the system is being developed in accordance with the CCA…. How to comply with CCA : How to comply with CCA Complete CCA Compliance Table (11 element table) Eight elements are acquisition related and may be addressed using standard acquisition documentation (for example: ICD, CDD, APB, Concept of Operations, AoA, ASR, LCCE, Acquisition Strategy, etc.) Core function of the Department Outcome-based performance measures linked to strategic goals Process redesign to reduce cost, improve effectiveness, maximize COTS Best Source being used Analysis of Alternatives Life Cycle Cost Estimate (LCCE) Clearly established measures and accountability Three elements are IT related Global Information Grid (GIG) architecture (may be addressed using standard acquisition documentation: C4ISP/ISP, Interoperability/Net-Ready KPP) Information Assurance Strategy (IAS) IT registration Do C4ISR Systems require CCA Compliance? : Do C4ISR Systems require CCA Compliance? Clinger-Cohen compliance applies to national security systems Includes C4ISR systems. Good test - If an ISP is required, it will be subject to Clinger-Cohen For ACAT ID systems, the confirmation goes from Component CIO to both the DoD CIO and the MDA. A "weapons system" (not a C4ISR system) may be subject to registration, even if not certified Final ruling made by the MDA We all must become IT Architects : We all must become IT Architects Why do we need architectures? Enables stakeholders with different views/perspectives Deals with complexities Better defines requirements Defines & views the system from their interests Allows collaboration on system decisions Coordinates implementation Manages change and risk An Architecture has Multiple Views : An Architecture has Multiple Views A view represents the whole system with focus on a set of critical constraints (i.e., from that viewpoint) In a good architecture each view is: Complete relative to that viewpoint Consistent with respect to other views - Operational: Usage - System: Design - Technical: Builder/Building codes Clinger-Cohen Act10 Anniversary : Clinger-Cohen Act10 Anniversary What has happened in the past 10 years? CCA directed federal agencies to reduce IT spending by 5% and a 5% increase in capability In 1996 spending - $64B Spending has risen 9% per year Defies measurement-OMB cannot determine if the spending target were met Source: Series of articles at GovExec.com http://www.govexec.com/dailyfed/0706/071106cc.htm Federal Enterprise Architecture (FEA) : A BUSINESS-DRIVEN APPROACH FEA entirely business-driven Foundation is the Business Reference Model Describes the government’s Lines of Business & services Provides a common framework for improvement in a variety of key areas such as: Budget Allocation Information Sharing Performance Measurement Budget / Performance Integration Cross-Agency Collaboration E-Government Component-Based Architectures Go to: http://www.whitehouse.gov/omb/egov/a-1-fea.html Federal Enterprise Architecture (FEA) What were spending factors? : What were spending factors? Y2K Homeland Security requirements Military operations in Afghanistan & Iraq Cybersecurity requirements Outsourcing – expected to reach $17B by 2010 Online Resources : Online Resources Federal Transition Framework (FTF) http://www.whitehouse.gov/omb/egov/a-2-EAFTF.html Single information source for cross-agency IT Uses simple, familiar and organized structure Contains government-wide IT policy objectives and cross-agency initiatives including: OMB-sponsored initiatives, e.g., E-Gov and LoB initiatives Government-wide initiatives, e.g., Internet Protocol Version 6 (IPV6), Homeland Security Presidential Directive 12 (HSPD 12) Questions? : Questions? IT acquisition career field IT acquisition related subjects Feel free to contact me: Bill Zimmerman Rock Island Arsenal (309) 782-0475 bill.zimmerman@dau.mil Also visit DAU’s Acquisition Community Website: http://akss.dau.mil/jsp/default.jsp

Add a comment

Related presentations

Related pages

ASME Y14.38 2007 - Engineering Acronyms - Scribd - Read ...

... the abbreviation for stainless steel “sst” is not to be split to use “s” for stainless and “stl ... ATC ACQ ACQ AAC ACR ACRFLT ... INST INS ...
Read more

Compare Credit Card Offers & Apply Online - Citi.com

Compare Citi credit cards and credit card offers. Find Citicards with ThankYou Rewards and more. Explore the benefits of being a Citi credit card member.
Read more

ISSUU - 2006-2007 Undergraduate and Graduate Catalog by ...

2006-2007 Undergraduate and Graduate Catalog ...
Read more

DEFENSE TECHNOLOGY AREA PLAN DTOs - WEAPONS

DEFENSE TECHNOLOGY AREA PLAN DTOs ... Kitchecw@acq.osd.mil: Mr. Eric McGrath ... a threefold improvement over GPS/INS guidance systems.
Read more

ASME Y14.38-2007 图纸及其相关文献用缩写_百度 ...

asme y14.38-2007 图纸及其相关文献用缩写_化学_自然科学_ ...
Read more

- Department of Homeland Security Appropriations for ...

- Department of Homeland Security Appropriations for ...
Read more

home.arcor.de

... ftp://ftp.zdnet.com/acq/downloads/pub/zd/PCMag ... html http://www.sgi.com/tech/stl/next_permutation ... Verlag NWB - Tür ins ...
Read more

oshpd.ca.gov

dev retriev ins filter vena cava ... enceph ab stl encph ab stl enceph ab weq igg ... oxygen day surg oxygen day surg*
Read more

St.Lukes Hospital - California Office of Statewide Health ...

rx cdm 2007_06 cdm st lukes 2007_06_01 ... cpap/bipap initial day cpap/bipap subsequent day ... cult stl salm & shig 4031480 4600748 cult throat
Read more

Airbus Abbreviations A320 Aircraft.pdf - Scribd - Read ...

Airbus Abbreviations A320 Aircraft.pdf ... ACO ACOB ACOC ACP ACP ACP ACQ ACQN ACR ACRT ACS ACS ACSC ... INP INR INRTL INS INSP INST INST INSTL ...
Read more