Management and Oversight of Federal Information Technology

June 10, 2015

M-15-14

From: Shaun Donovan- Director

SUBJECT: Management and Oversight of Federal Information Technology

A New Foundation for Technology Management – June 10, 2015

It has been over four months since I was appointed the U.S. Chief Information Officer (CIO). In that time I have come to appreciate both the complexity of Federal information technology (IT) as well as the unprecedented opportunity of technology to accelerate the quality and timeliness of services delivered to the American people… Read more at Whitehouse.gov

Sections and Attachments

OMB Memorandum M-15-14: Management and Oversight of Federal Information Technology
Attachment A: Common Baseline for IT Management and CIO Assignment Plan
Attachment B: Definitions of Terms for the Purposes of this Guidance
Attachment C: Template for Agency Common Baseline Self-Assessment and Plan
Attachment D: Fiscal Year (FY) 2015 PortfolioStat
Attachment E: Investment and Portfolio Management Maturity Framework
Attachment F: Additional Agency Human Capital Plan Requirements
Attachment G: Related Forthcoming Policies Roadmap
Attachment H: Cross-Walk of FITARA Requirements
Attachment I: Summary of Agency Deadlines and Requirements
Attachment J: Common Acronyms and Abbreviations
Attachment K: Applying FITARA Common Baseline to Statistical Agencies and Units

Endnotes

OMB Memorandum M-15-14: Management and Oversight of Federal Information Technology

Purpose

The purpose of this memorandum is to provide implementation guidance for the Federal Information Technology Acquisition Reform Act (FITARA)1 and related information technology (IT) management practices.

Background

FITARA was enacted on December 19, 2014. FITARA outlines specific requirements related to:

  1. Agency Chief Information Officer (CIO) Authority Enhancements
  2. Enhanced Transparency and Improved Risk Management in IT Investments
  3. Portfolio Review
  4. Federal Data Center Consolidation Initiative
  5. Expansion of Training and Use of IT Cadres
  6. Maximizing the Benefit of the Federal Strategic Sourcing Initiative
  7. Governmentwide Software Purchasing Program

To implement the requirements of FITARA, combined with the need to update policy and guidance related to other modern IT practices, OMB is publishing this guidance. This guidance reflects input from a diverse group of stakeholders, including representatives from the Chief Financial Officer (CFO), Chief Human Capital Officer (CHCO), Chief Acquisition Officer (CAO), Assistant Secretary for Management (ASAM), Chief Operating Officer (COO), and CIO communities.

Objectives

The objectives of the requirements outlined in this memorandum are to:

  1. Assist agencies in establishing management practices that align IT resources with agency missions, goals, programmatic priorities, and statutory requirements;
  2. Establish governmentwide IT management controls that will meet FITARA requirements while providing agencies with the flexibility to adapt to agency processes and unique mission requirements;
  3. Establish a “Common Baseline” for roles, responsibilities, and authorities of the agency CIO and the roles and responsibilities of other applicable Senior Agency Officials2 in managing IT as a strategic resource;
  4. Enable the CIO’s role, with respect to the development, integration, delivery, and operations of any type of IT, IT service, or information product to enable integration with the capabilities they support wherever IT may affect functions, missions, or operations;
  5. Strengthen the agency CIO’s accountability for the agency’s IT cost, schedule, performance, and security;
  6. Strengthen the relationship between agency CIOs and bureau CIOs;
  7. Establish consistent governmentwide interpretation of FITARA terms and requirements;
  8. Assist agencies in establishing an inclusive governance process that will enable effective planning, programming, budgeting, and execution for IT resources;
  9. Provide transparency on IT resources across entire agencies and programs; and
  10. Provide appropriate visibility and involvement of the agency CIO in the management and oversight of IT resources across the agency to support the successful implementation of cybersecurity policies to prevent interruption or exploitation of program services.

Scope and Applicability

  1. Covered agencies: CFO Act agencies3 and their divisions and offices are subject to the requirements outlined in FITARA and this memorandum, except where otherwise noted. The Department of Defense (DOD), the Intelligence Community, and portions of other agencies that operate systems related to national security are subject to only certain portions of FITARA, as provided for in the statute, and shall meet with OMB no later than 60 days following the final release of this guidance to clarify the applicability of this guidance throughout their organizations and activities, including alternative requirements or exceptions.
  2. Additionally, all other Executive Branch agencies are encouraged to apply the principles described in this guidance to their management of IT, consistent with their legal authorities.
  3. Covered agencies shall implement this guidance in a manner consistent with other legal authorities and should consult with their counsel regarding those authorities.
  4. With respect to Offices of Inspectors General (OIG), this guidance should be implemented in a manner that does not impact the independence of those offices and the authorities Inspectors General have over the personnel, performance, procurement, and budget of the OIG, as provided in the Inspector General Act of 1978, as amended (5 U.S.C. App 3).
  5. This memorandum builds upon and will refer to existing OMB policy and guidance.
  6. Where possible, this guidance incorporates agency reporting requirements introduced by FITARA into existing OMB processes, such as PortfolioStat, the Integrated Data Collection (IDC),4 Acquisition Human Capital Planning, and the Federal IT Dashboard (ITDB), rather than creating new reporting channels and tools.
  7. With respect to Federal statistical agencies and units as defined in the Confidential Information Protection and Statistical Efficiency Act of 2002 (CIPSEA),5 covered agencies under FITARA shall implement this guidance in a manner that ensures that statistical data collected under a pledge of confidentiality solely for statistical purposes are used exclusively for statistical purposes, consistent with CIPSEA.

Many of the requirements of this memorandum refer to the agency CIO’s involvement with the decision processes and policies related to “information technology resources” throughout the agency, including IT within programs. To establish a consistent governmentwide interpretation of the Federal resources included in this scope, the following definition shall be used for “information technology resources.”

Information technology resources” includes all:

A. Agency budgetary resources, personnel, equipment, facilities, or services that are primarily used in the management, operation, acquisition, disposition, and transformation, or other activity related to the lifecycle of information technology;

B. Acquisitions or interagency agreements that include information technology and the services or equipment provided by such acquisitions or interagency agreements; but

C. Does not include grants to third parties which establish or support information technology not operated directly by the Federal Government.

This definition and this memorandum refer to the term “information technology,” which for the purposes of this memorandum is defined as:

A. Any services or equipment, or interconnected system(s) or subsystem(s) of equipment, that are used in the automatic acquisition, storage, analysis, evaluation, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the agency; where

B. such services or equipment are ‘used by an agency’ if used by the agency directly or if used by a contractor under a contract with the agency that requires either use of the services or equipment or requires use of the services or equipment to a significant extent in the performance of a service or the furnishing of a product.

C. The term “information technology” includes computers, ancillary equipment (including imaging peripherals, input, output, and storage devices necessary for security and surveillance), peripheral equipment designed to be controlled by the central processing unit of a computer, software, firmware and similar procedures, services (including provisioned services such as cloud computing and support services that support any point of the lifecycle of the equipment or service), and related resources.

D. The term “information technology” does not include any equipment that is acquired by a contractor incidental to a contract that does not require use of the equipment.

This definition is based on the definition of information technology found in the Clinger-Cohen Act of 1996.6 Additional definitions used in this memorandum are available in Attachment A.

Revising other IT management policies to reflect this scope

To establish consistency across IT management and acquisition policies, OMB Circular A-130, OMB Circular A-11, and the Federal Acquisition Regulation (FAR) will be updated to reflect these definitions of “information technology resources” and “information technology,” as appropriate.

Section B: Implementation of the Common Baseline

  1. The “Common Baseline” (Attachment A) provides guidance on the CIO’s and other Senior Agency Officials’ roles and responsibilities for the management of IT. This Common Baseline provides a framework for agencies to implement the specific authorities that FITARA provides for CFO Act agency CIOs, and builds upon their responsibilities as outlined in the Clinger-Cohen Act of 1996.7 The Common Baseline also speaks to the roles and responsibilities of other Senior Agency Officials, as it is critical that these officials in each covered agency are engaged in the oversight of IT investments.

  2. All covered agencies shall institute policies and procedures that implement the roles, responsibilities, and requirements found in the Common Baseline. The Common Baseline provides agencies with certain flexibility to adopt procedures that meet these requirements in a manner tailored to the volume and type of work completed by the agencies. As explained further in Attachment A, agencies may adopt a plan that provides for the CIO’s direct involvement or a framework approved by the CIO that contains clear rules on the procedures by which decisions are made and articulates that the CIO remains responsible and accountable for those decisions (referred to as the “CIO Assignment Plan” in Attachment A). Further detail is provided in the “CIO Assignment Plan” section found in Attachment A.

  3. Each agency shall take the following actions to implement the Common Baseline:
    • Complete agency self-assessment and plan. Each covered agency shall conduct a self-assessment that identifies current conformity with or gaps in conformity with the Common Baseline, and shall articulate an implementation plan describing the changes it will make to ensure that all Common Baseline responsibilities described in Attachment A are implemented by December 31, 2015. This shall include a discussion of how agency senior leaders and program leaders will work in partnership to facilitate the successful implementation of the Common Baseline and how the agency CIO will be enabled as a strategic partner integrated in shaping Agency strategies, budgets, and operations. The deputy secretary or chief operating officer or higher is responsible for the completion of the self-assessment and plan documents. This self-assessment and implementation plan shall not exceed 25 pages and shall include the template in Attachment C or another template approved by OMB.
    • Submit to OMB for acceptance of self-assessment and implementation plan. Covered agencies shall submit this self-assessment and this implementation plan for review and approval to OMB’s Office of E-Government & Information Technology (E-Gov) as well as to the agency’s relevant OMB Resource Management Office no later than August 15, 2015. To fulfill this requirement, the agency deputy secretary or chief operating officer or higher is responsible for submitting these documents by email to egov@omb.eop.gov with the subject line: “[Agency Abbreviation] FITARA Common Baseline Implementation Plan.” OMB may request additional information from agencies before the self-assessment and implementation plan are approved. Agencies shall post the “implementation plan” portion of this document (posting the “self-assessment” is optional but encouraged) on their public website at agency.gov/digitalstrategy, and include it as a downloadable dataset in their Public Data Listing8, no more than 30 days following OMB acceptance and thereafter keep the public document up to date with access to a history of previous versions.
    • Support ongoing oversight of implementation plan and Common Baseline. Covered agencies shall follow OMB guidance from PortfolioStat sessions and other oversight activities regarding the ongoing implementation of the Common Baseline. Agencies shall notify OMB of any obstacles or incomplete implementation of the Common Baseline on an ongoing basis following the initial implementation deadline. OMB may request agencies to revise or update agency self-assessments or implementation plans during implementation as more information becomes available about the agency’s management processes.
    • Conduct annual review and update to self-assessment. Covered agencies shall update the self-assessment annually to identify any obstacles or incomplete implementation of Common Baseline responsibilities that occurred over the preceding 12 months. The first update will be due April 30, 2016, and each April 30 on an annual basis thereafter.
  4. The following additional actions will be taken to support agencies’ implementation of the Common Baseline:
    • Federal CIO Council (the Council) shall develop and share on-going support and tools. Through the end of fiscal year (FY) 2016, the Council will dedicate time in its meetings to discuss current topics related to the implementation of the Common Baseline at least once every quarter. The Council should consult with the CFO Council in the development of materials to support changes related to the Common Baseline across management domains. The Council will also assist agencies in implementing the Common Baseline by sharing examples of agency governance processes and IT policies on a public website at https://management.cio.gov.
    • Support President’s Management Council (PMC) follow-up. By June 30, 2015, the PMC will select three members from the Council to provide an update on governmentwide implementation of FITARA on a quarterly basis through the end of FY2016. These updates will improve each agency’s awareness of policies and processes which have worked well at other agencies.

Section C: Transparency, Risk Management, Portfolio Review, and Reporting

  1. Covered agencies shall continue to report required data to OMB as part of the quarterly IDC, per current instructions . OMB will continue to update IDC instructions posted on the MAX Federal Community on a quarterly basis9.
    • Standardized cost savings metrics and performance indicators. As a part of the IDC reporting requirements, agencies shall continue to provide cost savings and cost avoidance achieved as a result of strategies that the agency has decided to adopt. Based on this information, agencies will be provided a summary scorecard that provides agency-specific performance metric data and portfolio analysis agenda items.
    • Sharing with the public and Congress. As required by the Consolidated Further Continuing Appropriations Act, 2015 and (P.L. 113-235)10, OMB will continue to report quarterly to Congress on the cost savings, avoidance, and reductions in duplicative IT investments resulting from the above agency efforts. OMB will also provide a summary of these savings by agency on a publicly accessible website. Agency reporting requirements for these topics are included in the IDC instructions.
  2. Covered agencies shall continue to provide information to the ITDB, as required by OMB’s capital planning and investment control (CPIC) guidance, which is issued annually in conjunction with the release of OMB Circular A-1111. As a part of that guidance, the following approaches will be used to meet FITARA requirements:
    • Monthly reporting. Covered agencies shall continue to provide updates of risks, performance metrics, project, and activity data for major IT investments to the ITDB as soon as the data becomes available, or at least once each calendar month.
    • Data improvement program. If OMB or the agency CIO determines data reported to the ITDB is not timely and reliable, the CIO (in consultation with the agency head) must notify OMB through the IDC and establish within 30 days of this determination an improvement program to address the deficiencies. The CIO will collaborate with OMB to develop a plan that includes root cause analysis, timeline to resolve, and lessons learned. In addition, the CIO will communicate to OMB the steps the agency is taking to execute the data improvement program and the progress the agency is making. Agencies will provide updates on the status of this program on a quarterly basis as a part of their IDC submission until the identified deficiency is resolved.
    • TechStat Sessions. A TechStat is a face-to-face, evidence-based accountability review of an IT program with agency leadership12. TechStat sessions are a tool for getting ahead of critical problems in an investment, turning around underperforming investments, or terminating investments if appropriate. For all agency-led TechStat reviews of investments, the agency shall contact egov@omb.eop.gov with the subject line, “[Agency Acronym] TechStat Notification,” at least two weeks ahead of the TechStat session. Agencies shall follow the agency’s TechStat policy and procedures based on the CIO.gov TechStat Toolkit when managing TechStat sessions. Agencies shall report the outcomes and outputs of all TechStat sessions through the quarterly IDC, including: the assessment described in Attachment E: Investment and Portfolio Management Maturity Framework, a root cause analysis of performance issues, corrective action plans which address these causes, and a timeline for implementing the corrective actions. More detailed reporting guidance will be provided in the quarterly IDC instructions.
    • High risk rating. Given the size and complexity of the multi-billion dollar Federal IT Portfolio, it is critical to maintain a focus on the health of IT investments across the government. As required by CPIC guidance, the CIO evaluations reported to the ITDB for all major IT investments must reflect the CIO’s assessment of the current level of risk for any major investment’s ability to accomplish its goals based on factors described in the CPIC guidance.
    • Automatic TechStats. Moreover, if an investment has a high risk rating (red CIO evaluation in the ITDB) for three consecutive months beginning July 1, 2015, agencies must hold a TechStat session on that investment. The session must be held within 30 days of the completion of the third month. If this investment remains categorized with a red CIO evaluation one year following the TechStat session then OMB may take appropriate performance and/or budgetary actions until the agency has addressed the root cause and ensured the investment’s ability to complete the remaining activities within planned cost and schedule.
  3. As explained in Attachment D, PortfolioStat is a data-driven tool that agencies use to assess the current maturity of their IT portfolio management processes and select PortfolioStat action items to strengthen their IT portfolio. Covered agencies shall hold PortfolioStat sessions on a quarterly basis with OMB, the agency CIO, and other attendees. (These sessions were previously annual and required the attendance of the agency deputy secretary (see Implementing PortfolioStat (M-12-10)13, Fiscal Year 2013 PortfolioStat Guidance: Strengthening Federal IT Portfolio Management (M-13-09))14, and Fiscal Year 2014 PortfolioStat (M-14-08))15.

During these sessions, agencies will16: * Discuss and update a multi-year strategy to identify and reduce duplication and waste within the IT portfolio of the agency, including component-level investments and to identify projected cost savings resulting from such strategy; * Identify or develop ways to increase the efficiency and effectiveness of the IT investments of the agency; * Identify or develop opportunities to increase the use of shared-service delivery models; * Identify potential duplication and waste; * Develop plans for actions to optimize the IT portfolio, programs, and resources of the agency; * Review investments included in High Impact Programs; and * Develop ways to better align the IT portfolio, programs, and financial resources of the agency to long term mission requirements or strategic plans required by law.

Agencies must report the status of PortfolioStat action items in the IDC at least quarterly. Annually by April 30, agency heads shall review and certify the status of PortfolioStat action items with the agency CIO and send to OMB.
OMB will focus on the metrics highlighted in PortfolioStat materials, data submitted through the quarterly IDC process, and agency IT Major Business Case information developed through the CPIC process to assess agency PortfolioStat progress. Complete FY 2015 PortfolioStat guidance is included in Attachment D.

Section D: Federal Data Center Consolidation Initiative (FDCCI)

OMB FDCCI Guidance17, which was issued in March 2012, outlined the goals, responsibilities, and reporting requirements for agencies through the end of FY 2015. Covered agencies shall continue to provide updates regarding phase one of FDCCI in their quarterly IDC submissions. OMB will publish updated FDCCI guidance by the end of FY 2015, which will describe the second phase of the initiative and will refresh and refocus the data center optimization strategy on the efficient and effective use of resources and implementation of the statutory requirements of FITARA.

Section E: Information Technology Acquisition Initiatives

  1. IT Acquisition Cadres. FITARA’s requirements for IT acquisition cadres builds upon OMB’s Office of Federal Procurement Policy (OFPP) July 2011 memorandum on building specialized IT acquisition cadres18. As originally required by the memorandum, Acquisition Workforce Development Strategic Plan for Civilian Agencies – FY 2010 – 201491 of October 27, 2009, civilian CFO Act agencies shall continue to send their annual Acquisition Human Capital Plans to OMB OFPP. The latest iteration of those Plans was due April 15, 2015. Additional guidance from OMB issued in February 2015 requires agencies to address new reporting elements required by FITARA. Details regarding these new reporting elements are found in Attachment F.

  2. Category Management and the Federal Strategic Sourcing Initiative (FSSI)20. Agencies will be required to comply with an upcoming new rule regarding purchases of services and supplies of types offered under an FSSI agreement without using an FSSI agreement. In February 2015, the FAR Council initiated rulemaking to implement this provision of FITARA, which creates a preference for strategically sourced vehicles. Once finalized, agencies will be required to include in the contract file a brief analysis of the comparative value, including price and non-price factors, between the services and supplies offered under the FSSI and services and supplies offered under the source or sources used for the purchase. This rule will be in addition to other strategies that OFPP is developing around category management, a practice adopted by industry where spending is managed by categories of common spending, like IT and Transportation, and led by experts who promote governmentwide best practices and help agencies avoid unnecessary duplicative spending and activities. OMB formally launched the Category Management initiative21 in December 2014.

  3. Governmentwide Software Purchasing Program. The General Services Administration (GSA), in collaboration with OMB, shall create, and allow agencies access to, governmentwide enterprise software licenses through new awards as part of category management. These awards shall, at a minimum, allow for the purchase of a license agreement that is available for use by all Executive agencies22.

Attachment A: Common Baseline for IT Management and CIO Assignment Plan

All covered agencies shall adopt specific controls for the management of IT from the “Common Baseline” below. The Common Baseline prescribes a basic set of specific responsibilities and processes that all covered agencies shall have in place no later than December 31, 2015. A set of definitions follows the Common Baseline to further clarify the specific responsibilities.

Throughout the Common Baseline:

  • All references to “CIO” refer to department/headquarters CIOs, and only references to “bureau CIO” refer to the CIO or official-with-CIO-duties within a bureau or any component organization of the agency (see definitions).
  • If an agency has a “budget officer” separate from the CFO, then references to “CFO” shall also refer to the budget officer.
  • If an agency has a “senior procurement executive” separate from the CAO, then references to “CAO” shall also refer to the senior procurement executive.

The DOD, the Intelligence Community, and portions of other agencies that operate systems related to national security are subject to only certain portions of FITARA and shall meet with OMB no later than 60 days following the final release of this guidance to clarify the applicability of this guidance throughout their organizations and activities, including alternative requirements or exceptions.

Budget Formulation and Planning

Visibility of IT resources
  • A1. CIO Role/Responsibility: Visibility of IT resource plans/decisions to CIO. The CFO and CIO jointly shall define the level of detail with which IT resource levels are described distinctly from other resources throughout the planning, programming, and budgeting stages. This should serve as the primary input into the IT capital planning and investment control documents submitted with the budget (formerly Exhibits 53 and 300).
  • A2. CXO Role/Responsibility: Visibility of IT resource plans/decisions in budget materials. The CFO and CIO jointly shall define the level of detail with which IT resource levels are described as detailed in A1.
  • Statutory Language: The head of each covered agency … shall ensure that the Chief Information Officer of the agency has a significant role in—(i) the decision processes for all annual and multi-year planning, programming, budgeting, and execution decisions” 40 U.S.C. § 11319(b)(1)(A)
CIO role in pre-budget submission
  • B1. CIO Role/Responsibility: CIO role in pre-budget submission for programs that include IT and overall portfolio. The agency head shall ensure the agency-wide budget development process includes the CFO, CAO, and CIO in the planning, programming, and budgeting stages for programs that include IT resources (not just programs that are primarily IT oriented). The agency head, in consultation with the CFO, CIO, and program leadership, shall define the processes by which program leadership works with the CIO to plan an overall portfolio of IT resources that achieve program and business objectives and to develop sound estimates of the necessary IT resources for accomplishing those objectives.
  • B2. CXO Role/Responsibility: CIO role in pre-budget submission for programs that include IT and overall portfolio. The agency head shall ensure the agency-wide budget development process includes the CFO, CAO, and CIO as described in B1 and that CIO guidelines are applied to the planning of all IT resources during budget formulation. The CFO and program leadership shall work jointly with the CIO to establish the processes and definitions described in B1.
  • Statutory Language: “The head of each covered agency … shall ensure that the Chief Information Officer of the agency has a significant role in—(i) the decision processes for all annual and multi-year planning, programming, budgeting, and execution decisions” 40 U.S.C. § 11319(b)(1)(A)
CIO role in planning program management
  • C1. CIO Role/Responsibility: CIO role in planning program management. The CIO shall be included in the internal planning processes for how the agency uses IT resources to achieve its objectives. The CIO shall approve the IT components of any plans, through a process defined by the agency head that balances IT investments with other uses of agency funding. This includes CIO involvement with planning for IT resources at all points in their lifecycle, including operations and disposition or migration.
  • C2. CXO Role/Responsibility: CIO role in program management. CIO, CFO, and program leadership shall define an agency-wide process by which the CIO shall advise on all planning described in C1.
  • Statutory Language: “The head of each covered agency … shall ensure that the Chief Information Officer of the agency has a significant role in—(i) the decision processes for all annual and multi-year planning, programming, budgeting, and execution decisions” 40 U.S.C. § 11319(b)(1)(A)
CIO role in budget request
  • D1. CIO Role/Responsibility: CIO reviews and approves major IT investment portion of budget request. Agency budget justification materials in their initial budget submission to OMB shall include a statement that affirms: – the CIO has reviewed and approves the major IT investments portion of this budget request; – the CFO and CIO jointly affirm that the CIO had a significant role in reviewing planned IT support for major program objectives and significant increases and decreases in IT resources; and – the IT Portfolio (formerly Exhibit 53) includes appropriate estimates of all IT resources included in the budget request.
  • D2. CXO Role/Responsibility: CIO and CFO Certify IT Portfolio. The CFO shall work with the CIO to establish the affirmations in D1.
  • Statutory Language: BUDGET FORMULATION.—The Director of the Office of Management and Budget shall require in the annual information technology capital planning guidance of the Office of Management and Budget the following:‘(i) That the Chief Information Officer of each covered agency … approve the information technology budget request of the covered agency. 40 U.S.C. § 11319 (b)(1)(B)(i)

Acquisition and Execution

Ongoing CIO engagement with program managers
  • E1. CIO Role/Responsibility: Ongoing CIO engagement with program managers. The CIO should establish and maintain a process to regularly engage with program managers to evaluate IT resources supporting each agency strategic objective. It should be the CIO and program managers’ shared responsibility to ensure that legacy and on-going IT investments are appropriately delivering customer value and meeting the business objectives of programs.
  • E2. CXO Role/Responsibility: Ongoing CIO engagement with program managers. Program managers shall work with the CIO to define IT performance metrics and strategies to support fulfillment of agency strategic objectives defined in the agency’s strategic plan.
  • Statutory Language: The head of each covered agency … shall ensure that the Chief Information Officer of the agency has a significant role in—(i) the decision processes for all annual and multi-year planning, programming, budgeting, and execution decisions… and (ii) the management, governance and oversight processes related to [IT]… 40 U.S.C. § 11319(b)(1)(A) The Director of the Office of Management and Budget shall require in the annual information technology capital planning guidance of the Office of Management and Budget the following: That the Chief Information Officer of each covered agency certify that information technology investments are adequately implementing incremental development, as defined in capital planning guidance issued by the Office of Management and Budget. 40 U.S.C. § 11319
Visibility of IT planned expenditure reporting to CIO
  • F1. CIO Role/Responsibility: Visibility of IT planned expenditure reporting to CIO. The CFO, CAO and CIO should define agency-wide policy for the level of detail of planned expenditure reporting for all transactions that include IT resources.
  • F2. CXO Role/Responsibility: Visibility of IT planned expenditure reporting to CIO. The CFO, CAO and CIO shall define agency-wide policy for the level of detail of planned expenditure reporting for all transactions that include IT resources.
  • Statutory Language: The head of each covered agency … shall ensure that the Chief Information Officer of the agency has a significant role in—(i) the decision processes for all annual and multi-year planning, programming, budgeting, and execution decisions… and (ii) the management, governance and oversight processes related to [IT]… 40 U.S.C. § 11319(b)(1)(A) The Director of the Office of Management and Budget shall require in the annual information technology capital planning guidance of the Office of Management and Budget the following: That the Chief Information Officer of each covered agency certify that information technology investments are adequately implementing incremental development, as defined in capital planning guidance issued by the Office of Management and Budget. 40 U.S.C. § 11319
CIO defines IT processes and policies
  • G1. CIO Role/Responsibility: CIO defines IT processes and policies. The CIO defines the development processes, milestones, review gates, and the overall policies for all capital planning, enterprise architecture, and project management and reporting for IT resources. At a minimum, these processes shall ensure that the CIO certifies that IT resources are adequately implementing incremental development (as defined in the below definitions). The CIO should ensure that such processes and policies address each category of IT resources appropriately—for example, it may not be appropriate to apply the same process or policy to highly customized mission-specific applications and back office enterprise IT systems depending on the agency environment. These policies shall be posted publicly at agency.gov/digitalstrategy, included as a downloadable dataset in the agency’s Public Data Listing, and shared with OMB through the IDC. For more information, see OMB Circular A-130: Management of Information Resources.
  • Statutory Language : The head of each covered agency … shall ensure that the Chief Information Officer of the agency has a significant role in—(i) the decision processes for all annual and multi-year planning, programming, budgeting, and execution decisions… and (ii) the management, governance and oversight processes related to [IT]… 40 U.S.C. § 11319(b)(1)(A) The Director of the Office of Management and Budget shall require in the annual information technology capital planning guidance of the Office of Management and Budget the following: That the Chief Information Officer of each covered agency certify that information technology investments are adequately implementing incremental development, as defined in capital planning guidance issued by the Office of Management and Budget. 40 U.S.C. § 11319
CIO role on program governance boards
  • H1. CIO Role/Responsibility: CIO role on program governance boards. In order to ensure early matching of appropriate IT with program objectives, the CIO shall be a member of governance boards that include IT resources (including “shadow IT” or “hidden IT”—see definitions), including bureau Investment Review Boards (IRB). The CIO shall notify OMB of all governance boards the CIO is a member of and at least annually update this notification.
  • H2. CXO Role/Responsibility: Participate with CIO on governance boards as appropriate.
  • Statutory Language: The head of each covered agency … shall ensure that the Chief Information Officer of the agency has a significant role in—(i) the decision processes for all annual and multi-year planning, programming, budgeting, and execution decisions… and (ii) the management, governance and oversight processes related to [IT]… 40 U.S.C. § 11319(b)(1)(A) The Director of the Office of Management and Budget shall require in the annual information technology capital planning guidance of the Office of Management and Budget the following: That the Chief Information Officer of each covered agency certify that information technology investments are adequately implementing incremental development, as defined in capital planning guidance issued by the Office of Management and Budget. 40 U.S.C. § 11319
Shared acquisition and procurement responsibilities
  • I1. CIO Role/Responsibility: Shared acquisition and procurement responsibilities. The CIO reviews all cost estimates of IT related costs and ensures all acquisition strategies and acquisition plans that include IT apply adequate incremental development principles (see definitions).
  • I2. CXO Role/Responsibility: Shared acquisition and procurement responsibilities. The CAO, in consultation with the CIO and—where appropriate—CFO, shall ensure there is an agency-wide process to ensure all acquisitions that include any IT: – are led by personnel with appropriate federal acquisition certifications (FACs)23, including specialized IT certifications as appropriate; – are reviewed for opportunities to leverage acquisition initiatives such as shared services, category management, strategic sourcing, and incremental or modular contracting and use such approaches as appropriate; – are supported by cost estimates that have been reviewed by the CIO; and – adequately implement incremental development.
  • Statutory Language: The head of each covered agency … shall ensure that the Chief Information Officer of the agency has a significant role in—(i) the decision processes for all annual and multi-year planning, programming, budgeting, and execution decisions… and (ii) the management, governance and oversight processes related to [IT]… 40 U.S.C. 11319(b)(1)(A) The Director of the Office of Management and Budget shall require in the annual information technology capital planning guidance of the Office of Management and Budget the following: That the Chief Information Officer of each covered agency certify that information technology investments are adequately implementing incremental development, as defined in capital planning guidance issued by the Office of Management and Budget. 40 U.S.C. § 11319
CIO role in recommending modification, termination, or pause of IT projects or initiatives
  • J1. CIO Role/Responsibility: CIO role in recommending modification, termination, or pause of IT projects or initiatives. The CIO shall conduct TechStat reviews or use other applicable performance measurements to evaluate the use of the IT resources of the agency. The CIO may recommend to the agency head the modification, pause, or termination of any acquisition, investment, or activity that includes a significant IT component based on the CIO’s evaluation, within the terms of the relevant contracts and applicable regulations.
  • Statutory Language: The CIO… monitors the performance of information technology programs of the agency, evaluates the performance of those programs on the basis of the applicable performance measurements, and advises the head of the agency regarding whether to continue, modify, or terminate a program or project; 40 USC §11315(c)(2)
CIO review and approval of acquisitions
  • K1. CIO Role/Responsibility: CIO review and approval of acquisition strategy and acquisition plan. Agencies shall not approve an acquisition strategy or acquisition plan (as described in FAR Part 7)24 or interagency agreement (such as those used to support purchases through another agency) that includes IT without review and approval by the agency CIO. For contract actions that contain IT without an approved acquisition strategy or acquisition plan, the CIO shall review and approve the action itself. The CIO shall primarily consider the following factors when reviewing acquisition strategies and acquisition plans: – Appropriateness of contract type; – Appropriateness of IT related portions of statement of needs or statement of work; – Appropriateness of above with respect to the mission and business objectives supported by the IT strategic plan; and – Alignment with mission and program objectives in consultation with program leadership.
  • K2. CXO Role/Responsibility: CAO is responsible for ensuring contract actions that contain IT are consistent with CIO-approved acquisition strategies and plans. The CAO shall indicate to the CIO when planned acquisition strategies and acquisition plans include IT. The CAO shall ensure the agency shall initiate no contract actions or interagency agreements that include IT unless they are reviewed and approved by the CIO or are consistent with the acquisition strategy and acquisition plan previously approved by the CIO. Similar process for contract modifications. CAO shall also ensure that no modifications that make substantial changes to the scope of a significant contract are approved that are inconsistent with the acquisition strategy and acquisition plan previously approved by the CIO unless the modification is reviewed and approved by the CIO.
  • Statutory Language: IN GENERAL.—A covered agency other than the Department of Defense— (I) may not enter into a contract or other agreement for information technology or information technology services, unless the contract or other agreement has been reviewed and approved by the Chief Information Officer of the agency; 40 U.S.C. § 11319 (b)(1)(C)(i)(I)
CIO approval of reprogramming
  • L1. CIO Role/Responsibility: CIO approval of reprogramming. The CIO must approve any movement of funds for IT resources that requires Congressional notification.
  • L2. CXO Role/Responsibility: CIO approval of reprogramming. The CFO shall ensure any notifications under L1 are approved by the CIO prior to submission to OMB.
  • Statutory Language: IN GENERAL.—A covered agency …—‘‘(II) may not request the reprogramming of any funds made available for information technology programs, unless the request has been reviewed and approved by the Chief Information Officer of the agency. 40 U.S.C. § 11319 (b)(1)(C)(i)(II)

Organization and Workforce

CIO approves new bureau CIOs
  • M1. CIO Role/Responsibility: CIO approves bureau CIOs. The CIO shall be involved in the recruitment and shall approve the selection of any new bureau CIO (includes bureau leadership with CIO duties but not title—see definitions). The title and responsibilities of current bureau CIOs may be designated or transferred to other agency personnel by the agency head or his or her designee as appropriate, and such decisions may take into consideration recommendations from the agency CIO.
  • Statutory Language: PERSONNEL-RELATED AUTHORITY.—Notwithstanding any other provision of law, for each covered agency … the Chief Information Officer of the covered agency shall approve the appointment of any other employee with the title of Chief Information Officer, or who functions in the capacity of a Chief Information Officer, for any component organization within the covered agency. 40 U.S.C. § 11319 (b)(2) Delegation of authority … (b) In addition to the authority to delegate conferred by other law, the head of an agency may delegate to subordinate officials the authority vested in him-(1) by law to take final action on matters pertaining to the employment, direction, and general administration of personnel under his agency… 5 U.S.C. § 302 (b)(1)
CIO role in ongoing bureau CIOs’ evaluations
  • N1. CIO Role/Responsibility: CIO role in ongoing bureau CIOs’ evaluations. The CHCO and CIO shall jointly establish an agency-wide critical element (or elements) included in all bureau CIOs’ performance evaluations. In cases where the bureau CIO is a member of the Senior Executive Service and the agency uses the Basic SES Appraisal System, this critical element(s) is an “agency-specific performance requirement” in the Executive Performance Plan. Each such agency may determine that critical element(s) (ECQs) contain these requirements. For agencies that do not use the Basic SES Appraisal System or for bureau CIOs who are not members of the SES, then these shall be critical elements in their evaluations. The [agency] CIO must identify “key bureau CIOs” and provide input to the rating official for this critical element(s) for at least all “key bureau CIOs” at the time of the initial summary rating and for any required progress reviews. The rating official will consider the input from the [agency] CIO when determining the initial summary rating and discusses it with the bureau CIO during progress reviews.
  • N2. CXO Role/Responsibility: CIO role in ongoing bureau CIOs’ evaluations. The CHCO and CIO shall jointly establish an agency-wide critical element (or elements) for the evaluation of bureau CIOs as described in N1.
  • Statutory Language: The Chief Information Officer of an agency…assesses the requirements established for agency personnel regarding knowledge and skill in information resources management and the adequacy of those requirements for facilitating the achievement of the performance goals established for information resources management; assesses the extent to which the positions and personnel at the executive level of the agency and the positions and personnel at management level of the agency below the executive level meet those requirements; 40 U.S.C. § 11315(c)(3) (Clinger-Cohen Act)
Bureau IT Leadership Directory
  • O1. CIO Role/Responsibility: Bureau IT Leadership Directory. CIO and CHCO will conduct a survey of all bureau CIOs and CIO and CHCO will jointly publish a dataset identifying all bureau officials with title of CIO or duties of a CIO. This shall be posted as a public dataset based on instructions in the IDC by August 15, 2015 and kept up-to-date thereafter. The report will identify for each: – Employment type (e.g. GS, SES, SL, ST, etc.) – Type of appointment (e.g. career, appointed, etc.) – Other responsibilities (e.g. full-time CIO or combination CIO/CFO) – Evaluation “rating official” (e.g. bureau head, other official) – Evaluation “reviewing official” (if used) – Whether [agency] CIO identifies this bureau CIO as a “key bureau CIO” and thus requires the [agency] CIO to provide the rating official input into the agency-wide critical element(s) described in N1.
  • O2. CXO Role/Responsibility: Bureau IT Leadership Directory. CHCO will work with CIO to develop the Bureau IT Leadership Directory as described in O1.
  • Statutory Language: The Chief Information Officer of an agency…assesses the requirements established for agency personnel regarding knowledge and skill in information resources management and the adequacy of those requirements for facilitating the achievement of the performance goals established for information resources management; assesses the extent to which the positions and personnel at the executive level of the agency and the positions and personnel at management level of the agency below the executive level meet those requirements; 40 U.S.C. § 11315(c)(3) (Clinger-Cohen Act)
IT Workforce
  • P1. CIO Role/Responsibility: IT Workforce. The CIO and CHCO will develop a set of competency requirements for IT staff, including IT leadership positions, and develop and maintain a current workforce planning process to ensure the department/agency can (a) anticipate and respond to changing mission requirements. (b) maintain workforce skills in a rapidly developing IT environment, and (c) recruit and retain the IT talent needed to accomplish the mission.
  • P2. CXO Role/Responsibility: IT Workforce. CIO and CHCO —and CAO where relevant— shall develop a set of competency requirements for IT staff, including IT leadership positions, and develop and maintain a current workforce planning process to ensure the department/agency can (a) anticipate and respond to changing mission requirements. (b) maintain workforce skills in a rapidly developing IT environment, and (c) recruit and retain the IT talent needed to accomplish the mission.
  • Statutory Language: The Chief Information Officer of an agency…assesses the requirements established for agency personnel regarding knowledge and skill in information resources management and the adequacy of those requirements for facilitating the achievement of the performance goals established for information resources management; assesses the extent to which the positions and personnel at the executive level of the agency and the positions and personnel at management level of the agency below the executive level meet those requirements; 40 U.S.C. § 11315(c)(3) (Clinger-Cohen Act)
CIO reports to agency head (or deputy/COO)
  • Q1. CIO Role/Responsibility: CIO reports to agency head (or deputy/COO). As required by the Clinger Cohen Act and left in place by FITARA, the CIO “shall report directly to such agency head to carry out the responsibilities of the agency under this subchapter.” This provision remains unchanged, though certain agencies have since implemented legislation under which the CIO and other management officials report to a COO, Undersecretary for Management, Assistant Secretary for Administration, or similar management executive; in these cases, to remain consistent with the Clinger Cohen requirement as left unchanged by FITARA, the CIO shall have direct access to the agency head (i.e., the Secretary, or Deputy Secretary serving on the Secretary’s behalf) regarding programs that include information technology.
  • Statutory Language: The head of each agency shall designate a Chief Information Officer who shall report directly to such agency head to carry out the responsibilities of the agency under this subchapter. 44 U.S.C. § 3506 (Clinger-Cohen Act)

Common Baseline CIO Assignment Plan

It is critical that the agency CIO retain accountability for the roles and responsibilities identified in the Common Baseline. As agency environments vary considerably, CIOs may find that decisions about some IT resources included in the Common Baseline may be more appropriately executed by other agency officials, such as a bureau CIO or even parts of program or procurement communities. This must be done in a way to allow the agency CIO to retain accountability.

For the responsibilities other than those detailed in D1 and M1 of the above chart (budget approval and bureau CIO appointment), the CIO may designate other agency officials to act as a representative of the CIO in aspects of the above processes in a rules-based manner, such as by a dollar threshold, type of planned IT activity, or by bureau. This designation shall be developed in consultation with the CFO, CAO, CHCO, and other Senior Agency Officials, as appropriate. Even if a representative is substituted for the CIO, the CIO retains accountability for the assigned role or responsibility and thus must ensure the overall suitability of selected officials. Because the selected official represents the CIO, CIOs should monitor the ongoing suitability of this designation and revise as appropriate. This allows the CIO to define a rules-based manner to select representatives such members of the CIO’s office, or a bureau CIO, to represent the CIO for portions of the Common Baseline responsibilities described above (such as for contract review of purchases of less than a certain dollar threshold).

Agencies which plan to use such a rules-based method must describe it in a “CIO Assignment Plan” (Plan) and submit it for OMB approval as detailed in Section B above. Plans must show evidence that the CIO retains accountability for the designated alternative agency officials’ involvement and decisions and that the appropriate level of rigor shall be executed by this official in place of the CIO. The agency shall post the Plan publicly at agency.gov/digitalstrategy and include it as a downloadable dataset in the agency’s Public Data Listing not more than 30 days following the Plan’s approval by OMB.

Related statutory language from FITARA:

  • “A covered agency… may use the governance processes of the agency to approve such a contract or other agreement if the Chief Information Officer of the agency is included as a full participant in the governance processes.” Also, “[t]he head of each agency shall ensure that the Chief Information Officer of the agency has a significant role in… the decision processes for all annual and multi-year planning, programming, budgeting, and execution decisions, related reporting requirements, and reports related to IT and …the management, governance and oversight processes related to [IT].” 40 U.S.C. § 11319(b)(1)(A) and (C)(i)(III)

Summary of Common Baseline

Common baseline for IT Management

Return to the Top

Attachment B: Definitions of Terms for the Purposes of this Guidance

Agency CIO - The Chief Information Officer at the headquarters level of a department or establishment of the government as defined in Section 20 of OMB Circular A-11 (contrast with ‘bureau CIO’).

Bureau CIO - Official with the title or role of Chief Information Officer within a principal subordinate organizational unit of the agency, as defined in Section 20 of OMB Circular A-11, or any component organization of the agency (contrast with ‘agency CIO’).

Major IT Investment - An IT investment requiring special management attention because of its importance to the mission or function to the government; significant program or policy implications; high executive visibility; high development, operating, or maintenance costs; unusual funding mechanism; or definition as major by the agency’s capital planning and investment control process. Agencies should also include all “major automated information system” as defined in 10 U.S.C. 2445 and all “major acquisitions” as defined in the OMB Circular A-11 Capital Programming Guide consisting of information resources. OMB may work with the agency to declare IT investments as major IT investments. Agencies must consult with assigned OMB desk officers and resource management offices (RMOs) regarding which investments are considered “major.” Investments not considered “major” are “non-major.”

Reprogramming - Any movement of funds for IT resources that requires Congressional notification.

Adequate Incremental Development - For development of software or services, planned and actual delivery of new or modified technical functionality to users occurs at least every six months.

Information Technology - As described in Section A above:

A. Any services or equipment, or interconnected system(s) or subsystem(s) of equipment, that are used in the automatic acquisition, storage, analysis, evaluation, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the agency; where

B. such services or equipment are ‘used by an agency’ if used by the agency directly or if used by a contractor under a contract with the agency that requires either use of the services or equipment or requires use of the services or equipment to a significant extent in the performance of a service or the furnishing of a product.

C. The term “information technology” includes computers, ancillary equipment (including imaging peripherals, input, output, and storage devices necessary for security and surveillance), peripheral equipment designed to be controlled by the central processing unit of a computer, software, firmware and similar procedures, services (including provisioned services such as cloud computing and support services that support any point of the lifecycle of the equipment or service), and related resources.

D. The term “information technology” does not include any equipment that is acquired by a contractor incidental to a contract that does not require use of the equipment.

IT Resources - As described in Section A above: All agency budgetary resources, personnel, equipment, facilities, or services that are primarily used in the management, operation, acquisition, disposition, and transformation, or other activity related to the lifecycle of information technology; acquisitions or interagency agreements that include information technology and the services or equipment provided by such acquisitions or interagency agreements but does not include grants to third parties which establish or support information technology not operated directly by the Federal Government.

“Shadow IT” or “Hidden IT” - Refers to spending on IT that is not fully transparent to the agency CIO and/or IT resources included as a portion of a program that is not primarily of an “information technology” purpose but delivers IT capabilities or contains IT resources. For example, a grants program that contains a portion of its spending on equipment, systems, or services that provide IT capabilities for administering or delivering the grants.

Contract - A mutually binding legal relationship obligating the seller to furnish the supplies or services (including construction) and the buyer to pay for them. It includes all types of commitments that obligate the Government to an expenditure of appropriated funds and that, except as otherwise authorized, are in writing. In addition to bilateral instruments, contracts include (but are not limited to) awards and notices of awards; job orders or task letters issued under basic ordering agreements; letter contracts; orders, such as purchase orders, under which the contract becomes effective by written acceptance or performance; and bilateral contract modifications. Contracts do not include grants and cooperative agreements covered by 31 U.S.C. § 6301, et seq. For discussion of various types of contracts, see Part 16. – FAR definitions

Return to the Top

Attachment C: Template for Agency Common Baseline Self-Assessment and Plan

OMB will issue revised IDC reporting instructions that describe how agencies shall submit their self-assessment and plan using the below template or another template approved by OMB. Each element of the Common Baseline will be evaluated, along with accompanying evidence and steps to close the incompletely addressed areas.

Table for Baseline Template

Return to the Top

Attachment D: Fiscal Year (FY) 2015 PortfolioStat

This Attachment describes changes to the PortfolioStat process used in FY 2015, including reporting requirements for agencies. This attachment also describes the goals and topics which agencies and OMB will address through the FY2015 PortfolioStat process.

PortfolioStat25 was established in FY 2012 to assess the maturity of Federal IT portfolio management, consolidate and eliminate duplicative spending on Commodity IT,26 and improve agency processes to drive mission and customer-focused IT solutions. PortfolioStat is an evidence-based, data-driven review of agency IT portfolio management with agency leadership that continues to drive significant cost savings and efficiencies. To date, agencies have saved over $2.59 billion,27 exceeding the $2.5 billion in savings opportunities identified in the original FY 2012 PortfolioStat sessions.

Each year this process has evolved to better align Federal IT policy goals to agency IT portfolios. As part of this evolution, starting in FY 2015 we have changed PortfolioStat from being an annual review session to quarterly reviews. OMB now collects agency progress data on a quarterly basis28 and as such has an obligation to provide timely performance feedback throughout the year. Sharing this feedback quarterly will better allow OMB to track progress and recommend course corrections more frequently.

In alignment with the Administration’s core IT objectives, PortfolioStat sessions will focus on three key areas: (1) driving value in Federal IT investments, (2) delivering world-class digital services, and (3) protecting Federal IT assets and information. Prior to each quarterly PortfolioStat session, agencies will be provided a scorecard including agency-specific performance metric data (see Fiscal Year 2015 PortfolioStat Performance Metrics below for specific metrics) and portfolio analysis agenda items.

  1. The agenda of PortfolioStat sessions between OMB and agencies will focus on the following initiatives:

PortfolioStat Action Items. Agencies will discuss the status of each PortfolioStat action item reported through the IDC with OMB.

High Impact Programs. Agencies will use Attachment E: Investment and Portfolio Management Maturity Framework to describe the strategy, progress, critical milestones, risk, and expected impact of investments included in High Impact Programs. OMB will continue to work with agencies to designate investments included in High Impact Programs.

Agency Digital Service Teams and United States Digital Service (USDS). OMB will review the agency’s progress in laying the organizational groundwork and establishing Digital Service Teams, the agency’s plan for effectively leveraging those resources, and the status of the performance of USDS activities.

Commodity IT. Agencies will discuss how they use category management29 to consolidate commodity IT assets, eliminate duplication between assets, and improve procurement and management of hardware, software, network, and telecom services. Furthermore, agencies will share lessons-learned related to commodity IT procurement policies and efforts to establish enterprise-wide inventories of related information.

IT Management Roles and Responsibilities. Agencies will discuss the status of their plans to implement the Common Baseline (Attachment A) and monitor the effectiveness of the CIO’s execution of the included roles and responsibilities. This should include discussion of the CIO’s relationship with other Senior Agency Officials, as well as those officials’ execution of listed roles and responsibilities.

Portfolio Management Maturity. Agencies will use the categories described in Attachment E: Investment and Portfolio Management Maturity Framework to evaluate the maturity of the agency’s People, Technology, Governance, Process, and Acquisition capabilities related to IT resources. Agencies should describe how their policies implement the portfolio management, capital planning, and other processes required in OMB Circular A-130, OMB Circular A-11’s capital planning and investment control guidance, and other OMB IT management policies, including this guidance. For example, agencies should describe how agency priority goals, agency strategic objectives, the IT investment portfolio, the Information Resource Management (IRM) Strategic Plan, and the Enterprise Roadmap relate to each other and support the efficient and effective accomplishment of agency program and business objectives. Finally, agencies should describe how they select the system development lifecycle frameworks used in IT development activities, such as the use of incremental development and modular approaches prioritized by customer requirements.

Data Center, Cloud, and Shared Services Optimization. Agencies will discuss their progress using cloud computing and shared services to optimize data center activities and achieve overall IT objectives. This includes a discussion of how the agency is using FedRAMP services and ensuring cloud services meet applicable FISMA requirements.

Cybersecurity. In addition to the “Protect” metrics in Fiscal Year 2015 PortfolioStat Performance Metrics below, PortfolioStat discussions will draw on topics covered in each agency’s quarterly Cybersecurity Self-Assessments.

World-Class Customer Service. Agencies shall discuss how their portfolio management practices emphasize the customer-centric themes of the U.S. Digital Services Playbook,30 OMB’s capital planning and investment control guidance31, and the Smarter IT Cross-Agency Priority (CAP) Goal32. Agencies should describe where in their policies the following are implemented: the Playbook’s “Understand what people need” play, the capital planning guidance requirement for major investments to measure customer satisfaction performance metrics, and the Smarter IT CAP Goal’s focus on improving outcomes and customer satisfaction with Federal services.

Open Data. Experts have calculated that the potential economic benefits of open data are in the trillions of dollars33. The Federal government has made significant strides in opening up data to drive economic growth. Currently there are over 117,000 data sets available on data.gov http://www.data.gov/. As a next step, agencies should improve the quality and types of datasets. Agencies should continue to evaluate their enterprise data inventory, conduct outreach to understand the users of their data, improve customer feedback mechanisms, and release datasets—subject to privacy, confidentiality, security, or other valid restrictions.

Streamlining reporting. OMB will continue to seek opportunities to reduce agency burden through revising reporting requirements and improving reporting channels through the ITDB and IDC as well as work with agencies to develop opportunities to improve the timeliness and reliability of reported ITDB data.

  1. Quarterly PortfolioStat activities will take place in three phases: (1) Preparation; (2) Session; and (3) Post-Session. The following provides details on each phase with guidance on the schedule and requirements to ensure PortfolioStat is consistently implemented.

Phase 1: Preparation. Following each quarterly agency IDC submission, OMB will analyze the latest data, consider trends in performance metrics over time, and review past PortfolioStat topics and PortfolioStat action items to identify topics for the upcoming PortfolioStat session’s discussion. OMB will send these topics, analysis, and proposed agenda for each agency to the agency’s PortfolioStat lead. Agencies are encouraged to work closely with OMB to provide clarifications and improvements to the preparation prior to the quarterly PortfolioStat session.

Phase 2: Session. Agency PortfolioStat leads shall work with OMB to schedule a PortfolioStat session to be held within eight weeks following the relevant IDC quarter’s submission deadline. In the session, OMB and the agency CIO will review updates to the agency’s Strategic IRM Plan and Enterprise Roadmap, trending data from the agency’s IDC and IT Dashboard submissions, discuss preceding quarterly PortfolioStat action items, status of investments included in High Impact Program(s), and select performance metrics. Based on the discussion, OMB and the agency will identify and agree on PortfolioStat action items (with specific deadlines) which OMB will send to the agency within two weeks of the completed session. Where appropriate, results from these sessions shall be integrated into agency budget submissions and Congressional Budget Justifications.

Phase 3: Post-Session. Upon receipt of PortfolioStat action items, agency PortfolioStat leads shall work with OMB to include updates on the status of these items in the next quarterly PortfolioStat. Agencies that do not meet a deadline identified in a PortfolioStat action item shall brief the Federal CIO and the agency head at least once per quarter until the action item is complete. Agencies shall describe progress implementing each PortfolioStat action item as a part of quarterly IDC reporting. At least once per year, agency heads shall review with the agency CIO and certify that the reported status of each PortfolioStat action item is accurate and send this certification to OMB.

Fiscal Year 2015 PortfolioStat Performance Metrics34

Drive Value in Federal IT Investments

Metric Metric Definition
Deliver on Budget Percent of IT projects within 10% of budgeted cost (% “Green” cost variance on the IT Dashboard)
Deliver on Schedule Percent of IT projects within 10% of budgeted schedule (% “Green” schedule variance on the IT Dashboard)
Development, Modernization, and Enhancement (DME) Spending Percent of IT spending that is DME or provisioned services spending (DME normal + DME provisioned services + operations & maintenance provisioned services spending)
IPv6 Adoption Percent of operational “Internet Protocol version 6” (IPv6) enabled domains

Deliver World Class Services

Metric Metric Definition
Commodity IT Spending Infrastructure spending per person
Planned Delivery versus Actual Delivery Average planned duration and average actual duration of completed activities providing key deliverables, usable functionality, iterative release, or production release for activities completed within the last year.
Incremental or Agile Development Average planned duration of future, in-progress, and completed activities providing key deliverables, usable functionality, iterative releases, or production releases by start year.
Open Data Leading Indicators Performance on Project Open Data Dashboard35 leading indicators
DAP Script Installed Percent of second-level domains with the Digital Analytics Program (DAP) script installed
Potential Mobile Savings Estimated savings the agency could achieve in mobile device contracts as estimated by the GSA FSSI Economic Model

Protect Federal IT Assets and Information36

Metric Metric Definition
Information Security Continuous Monitoring (ISCM) Average percentage of IT assets subject to an automated inventory, configuration, or vulnerability management capability.
Identity Credential and Access Management (ICAM) Percentage of all users required to use a Personal Identity Verification (PIV) card to authenticate to the agency network.
FedRAMP Implementation Percentage of Authorities to Operate (ATOs) that are FedRAMP37 compliant38
Security Incidents Number of information security incidents reported to the United States Computer Emergency Readiness Team (US-CERT), by type

Return to the Top

Attachment E: Investment and Portfolio Management Maturity Framework

When conducting TechStat reviews, PortfolioStat reviews, or evaluating investments related to High Impact Programs, agencies shall use the following framework for describing investment and portfolio management maturity with OMB. These scores may be compared or aggregated across bureaus, agencies, or governmentwide to provide a summary of overall IT management maturity. This model may be updated over time as common root causes of implementation challenges or other common management issues are identified.

Agencies shall evaluate their performance in each of the following areas by comparing their performance to a set of criteria provided by OMB describing performance at three levels: (1) “Reacting”, (2) “Implementing”, and (3) “Optimizing”. More information will be provided as a part of the PortfolioStat process.

Management

  • Program/Project Management
  • Portfolio Management
  • Enterprise
  • Strategy
  • Financial Management

People

  • Leadership
  • Accountability
  • Talent/HRM
  • Customer-Centric

Process

  • Governance
  • Agile
  • Transparency
  • Complexity

Technology

  • Security
  • Scalability
  • Open
  • Reuse

Acquisition

  • Strategic Sourcing
  • Flexibility
  • Scope
  • Lock-in

Return to the Top

Attachment F: Additional Agency Human Capital Plan Requirements

In February 2015, OMB added the following additional requirements for civilian CFO Act agencies to those established in Acquisition Workforce Development Strategic Plan for Civilian Agencies – FY2010 – 2014.39

####Additional FITARA Related Sections for Agency Human Capital Plan

IT Acquisition Cadres: Has your agency developed an information technology (IT) acquisition cadre or used a memoranda of understanding with other agencies that have such cadres or personnel with experience relevant to your agency’s IT acquisition needs? Select Yes or No If yes, please elaborate. If no, please explain your agency’s plans for developing an IT acquisition cadre or explain why you are not developing an IT acquisition cadre.

Personnel Development: Has your agency taken steps to develop personnel assigned to IT acquisitions, including cross-functional training of acquisition IT and program personnel? Select Yes or No If yes, please elaborate. If no, please explain if and how your agency plans to develop personnel assigned to IT acquisitions.

Specialized Career Path for IT Program Managers: Has your agency utilized the specialized career path for IT program managers as designated by OPM? Select Yes or No Has your agency strengthened IT program management? Select Yes or No If yes, how many IT program managers have you designated? If no, does your agency plan to utilize the specialized career path? When? If your agency has strengthened IT program management, please explain how it has done so. If your agency has not strengthened IT program management yet, please explain if it plans to do so and how. If it is not planning to strengthen IT program management, please explain why.

Direct Hire Authority: Has your agency utilized direct hire authority relating to personnel assigned to IT acquisitions? Select Yes or No If yes, how many times and for what job series has your agency utilized direct hire authority in this area. If no, please explain your agency’s plans to utilize direct hire authority in this area or explain why it does not plan to use this authority.

Peer Reviews: Has your agency conducted peer reviews of IT acquisitions? Select Yes or No If yes, please elaborate on the number and types of IT acquisitions reviewed. If no, please explain your agency’s plans to conduct peer reviews of IT acquisition or explain why it does not plan to conduct peer reviews of IT acquisitions.

Pilot Programs: Has your agency utilized pilot programs of innovative approaches to developing the IT acquisition workforce, such as industry-government rotations? Select Yes or No If yes, please explain what pilot program you have used or are using. If no, please explain your agency’s plans to utilize pilot programs of innovative approaches to developing the IT acquisition workforce or why it does not plan to utilize these programs.

Return to the Top

Some requirements and objectives described throughout this document are related to forthcoming new policies or changes to existing guidance/instructions to be released later in FY2015, such as:

Updates to OMB Circular A-130: Management of Federal Information Resources
  • Legislative Requirements Addressed: FISMA Modernization, overall IT management, governance and role of CIO, privacy, and information management
  • Estimated Timeframe: December 2015
A-11 budget preparation requirements:
  • CIO/CFO statements in overall budget submission (OMB Justification) (Sections 25, 31, 51.3)
  • Section 55 capital planning and investment control reporting requirements (formerly Exhibit 53 and Exhibit 300)
  • Legislative Requirements Addressed: FITARA Section 831: CIO Authorities
  • Estimated Timeframe: June 2015
E-Gov Integrated Data Collection (IDC) reporting instructions
  • Legislative Requirements Addressed: Reporting requirements throughout FITARA
  • Estimated Timeframe: June 2015 (New instructions to be published)
  • Legislative Requirements Addressed: FITARA Section 836: FSSI
  • Estimated Timeframe: Opened February 2015, completion estimated in FY2016
OMB Circular A-123: Management’s Responsibility for Internal Controls
  • Inclusion of IT management in material weaknesses identified in annual assurance statement.
  • Legislative Requirements Addressed: FITARA Section 831: CIO Authorities
  • Estimated Timeframe: June 2015
Data Center Optimization Policy
  • Legislative Requirements Addressed: FITARA Section 834: Data Center Consolidation
  • Estimated Timeframe: By end of FY2015

Return to the Top

Attachment H: Cross-Walk of FITARA Requirements

The materials below summarize which portions of the above guidance address which sections of FITARA.

1. CIO Authorities

Contract review
  • Law:Section 831: CIO Authority Enhancements, Subsection (b)(1)(C)(i)(I)
  • Memo: Page 4: Implementation of the Common Baseline, Page 12: Attachment A (F1)
Reprogramming review
  • Law: Section 831: Subsection (b)(1)(C)(i)(II)
  • Memo: Page 4 and Page 11 (B1)
Adequate incremental development
  • Law: Section 831: Subsection (b)(1)(B)(ii)
  • Memo: Page 4 and Page 14 (M1)
Budget approval
  • Law: Section 831: Subsection (b)(1)(B)(i)
  • Memo: Page 4 and Page 11 (A1, C1)
Bureau CIO approval Section 831:
  • Law: Subsection (b)(2)
  • Memo: Page 4 and Page 14-15 (N1, O1)
Other responsibilities
  • Law: Section 831: Subsection (b)(1)(C)(i)(III), Subsection (b)(1)(A)(i), Subsection (b)(1)(A)(ii)
  • Memo: Page 4 and Pages 11-17

2. Transparency

Federal IT Dashboard
  • Law: Section 832: Enhanced Transparency and Improved Risk Management in Information Technology Investments, Subsection (3)(3)(A)
  • Memo: Page 6: Transparency, Risk Management, Portfolio Review, and Reporting
Agency IT Dashboard data
  • Law: Section 832: Subsection (3)(3)(B)(i)
  • Memo: Page 6
CIO Evaluations Guidance from OMB
  • Law: Section 832: Subsection (3)(3)(B)(i)
  • Memo: Page 6
IT Dashboard Data Must Be Provided Bi-Annually
  • Law: Section 832: Subsection (3)(3)(B)(ii)
  • Memo: Page 6
Required Agency/Project Data Improvement Programs
  • Law: Section 832: Subsection (3)(3)(D)
  • Memo: Page 6
TechStat Trigger
  • Law: Section 832: Subsection (4)
  • Memo: Page 7
TechStat Topics
  • Law: Section 832: Subsection (4)(A)
  • Memo: Page 7
OMB TechStat Reporting to Congress
  • Law: Section 832: Subsection (4)(B)
  • Memo: Page 7
DME Freeze One Year Post TechStat
  • Law: Section 832: Subsection (4)(D)
  • Memo: Page 7

3. Portfolio Reviews

#####PortfolioStat

  • Law: Section 833: Portfolio Review, Subsection (c)(1)
  • Memo: Page 7: Transparency, Risk Management, Portfolio Review, and Reporting
PortfolioStat Process Requirements
  • Law: Section 833: Subsection (c)(1)
  • Memo: Page 7 and Page 21-24 Attachment D: FY2015 PortfolioStat
PortfolioStat Metrics, Cost Savings, and Avoidance
  • Law: Section 833: Subsection (c)(2)
  • Memo: Page 7-8 and Attachment D
PortfolioStat Annual Review
  • Law: Section 833: Subsection (c)(3)
  • Memo: Page 8 and Attachment D
Quarterly Reports
  • Law: Section 833: Subsection (c)(5)
  • Memo: Page 8 and Attachment D

4. Data Center Consolidation Section

FDCCI
  • Law: Section 834: Federal Data Center Consolidation Initiative
  • Memo: Page 8: Federal Data Center Consolidation Initiative (FDCCI)
Agency Reporting
  • Law: Section 834(b)(1)(A)
  • Memo: Page 8
Agency Annual Inventory
  • Law: Section 834(b)(1)(A)(i)
  • Memo: To be addressed in forthcoming guidance and/or IDC instructions
Agency Annual Strategy
  • Law: Section 834(b)(1)(A)(ii)
  • Memo: To be addressed in forthcoming guidance and/or IDC instructions
Agency Annual Statement
  • Law: Section 834(b)(1)(D)
  • Memo: To be addressed in forthcoming guidance and/or IDC instructions
Agency Quarterly Updates
  • Law: Section 834(b)(1)(E)(i)(II)
  • Memo: Page 8

#####OMB Reporting and Requirements

  • Law: Section 834(b)(2)
  • Memo: To be addressed in forthcoming guidance and/or IDC instructions
GAO Review
  • Law: Section 834(b)(4)
  • Memo: Not specified
Cybersecurity and Cloud Computing
  • Law: Section 834(c)
  • Memo: Not specified

5-7. Acquisition/Procurement Sections

IT Acquisition Cadres
  • Law: Section 835: Expansion of Training and Use of Information Technology Cadres
  • Memo: Page 9: Information Technology Acquisition Requirements
FSSI Strategic Sourcing
  • Law: Section 836: Maximizing the Benefit of the Federal Strategic Sourcing Initiative
  • Memo: Page 9: Information Technology Acquisition Requirements
Governmentwide Software Purchasing Program
  • Law: Section 837: Governmentwide Software Purchasing Program
  • Memo: Page 9: Information Technology Acquisition Requirements

Return to the Top

Attachment I: Summary of Agency Deadlines and Requirements

Common Baseline for IT Management
  • Agencies which operate systems related to national security: Meet with OMB within 60 days following the final release of the guidance to discuss requirements
  • Complete agency self-assessment and plan, as well as CIO Assignment Plan, if used, and submit to OMB for approval: By August 15, 2015
  • Publish agency implementation plan and CIO Assignment Plan to the agency’s public website and include in public data listing: Within 30 days of receiving OMB approval of plan
  • Publicly publish Bureau IT Leadership Directory as a dataset in public data listing as instructed in IDC: List in agency public data listing by August 15, 2015 and kept up to date thereafter
  • IT processes and policies publicly posted at agency.gov/digitalstrategy and include as a dataset in public data listing as instructed in IDC: By August 30, 2015 and kept up to date thereafter
  • OMB shall be notified of all governance boards the CIO is a member of via IDC: By August 30, 2015 and kept up to date thereafter via IDC
  • Include IT statements regarding CIO involvement in budget formulation (see OMB Circular A-11 for FY2017): September 2015 with preliminary budget materials
  • Agency-wide critical element(s) included in all bureau CIOs’ performance evaluations: By December 31, 2015
  • Adopt Common Baseline: By December 31, 2015
  • Conduct annual agency review and update self-assessment: By April 30, 2016 and each April on an annual basis
IT Dashboard (Enhanced Transparency)
  • Monthly reporting to IT Dashboard: As data are available, or at least once per calendar month for each major IT investment
  • Data improvement program: Address unreliable or untimely IT Dashboard data within 30 days; provide status update as a part of quarterly IDC
TechStat (Improved Risk Management)
  • Notify OMB of Planned TechStat Session: At least 2 weeks in advance via email
  • Automatic TechStat sessions for high risk rated investments (three months): Within 30 days of the completion of the third month where CIO evaluation is “Red” (“three months” begins July 1, 2015)
  • Report TechStat outcomes and outputs: Via IDC
  • Automatic OMB performance and budgetary actions: Completion of four consecutive quarters where CIO evaluation is still “Red” following an automatic TechStat (beginning July 1, 2015)
PortfolioStat (Portfolio Review)
  • PortfolioStat Sessions: Quarterly: Within 8 weeks following the IDC submission deadline
  • Agency receives PortfolioStat action items from OMB: Within 2 weeks of PortfolioStat session
  • Agencies send updates on status of action items : Quarterly via IDC
  • Agency heads review and certify the status of PortfolioStat action items with the agency CIO and send certification to OMB: Annually via IDC
  • Agencies brief Federal CIO and agency head on status of action items which have missed a deadline until complete: Quarterly following a missed deadline
IT Acquisition Requirements
  • Continued submission of Acquisition Workforce Development Strategic Plans: April 15, 2015, and annually thereafter

Return to the Top

Attachment J: Common Acronyms and Abbreviations

  • ASAM: Assistant Secretaries for Administration/Management
  • ATO: Authority to Operate
  • CAO: Chief Acquisition Officer
  • CAP Goal: Cross Agency Priority Goal
  • CFO: Chief Financial Officer
  • CFO Act: Chief Financial Officer Act of 1990
  • CHCO: Chief Human Capital Officer
  • CIO: Chief Information Officer
  • COO: Chief Operating Officer
  • COSH: Cost per Operating System per Hour
  • CPIC: Capital Planning and Investment Control
  • CXO: Senior Agency Official such as CAO, CFO, CHCO, CIO, COO
  • DAP: Digital Analytics Program
  • DME: Development, Modernization, and Enhancement
  • ECQ: Executive Core Qualifications
  • E-Gov: Office of E-Government and Information Technology
  • FAC-PPM: Federal Acquisition Certification for Program and Project Managers
  • FAR: Federal Acquisition Regulation
  • FAR Council: Federal Acquisition Regulatory Council
  • FDCCI: Federal Data Center Consolidation Initiative
  • FISMA: Federal Information Security Management Act/Federal Information Security Modernization Act
  • FITARA: Federal Information Technology Acquisition Reform Act
  • FSSI: Federal Strategic Sourcing Initiative
  • FTE: Full Time Equivalent
  • FY: Fiscal Year
  • GAO: Government Accountability Office
  • GSA: General Services Administration
  • GS: Grade Schedule
  • ICAM: Identity Credential and Access Management
  • IDC: Integrated Data Collection
  • IPv6: Internet Protocol version 6
  • IRB: Investment Review Board
  • IRM: Information Resource Management
  • ISCM: Information Security Continuous Monitoring
  • IT: Information Technology
  • ITDB: Federal IT Dashboard
  • NIST: National Institute for Standards and Technology
  • O&M: Operations and Maintenance
  • OFPP: Office of Federal Procurement Policy
  • OMB: Office of Management and Budget
  • OS: Operating System
  • PIV: Personal Identity Verification
  • PL: Public Law
  • PMC: President’s Management Council
  • PUE: Power Usage Effectiveness
  • SAO: Senior Agency Official, as referred to in this guidance, includes positions such as the CFO, CHCO, CAO, ASAM, COOs, and Program Managers
  • SES: Senior Executive Service
  • SL: Senior Level
  • ST: Scientific or Professional Position
  • U.S.C.: United States Code
  • US-CERT: United States Computer Emergency Readiness Team
  • USDS: United States Digital Service

Return to the Top


Endnotes

  1. Title VIII, Subtitle D of the National Defense Authorization Act (NDAA) for Fiscal Year 2015, Pub. L. No. 113-29. Further references in the text that refer to “FITARA” refer to these sections.

  2. Senior Agency Officials, as referred to in this guidance, include positions such as the CFO, CHCO, CAO, ASAM, COO, and Program Manager.

  3. Agencies listed in 31 U.S.C. § 901 (b)(1) and (b)(2).

  4. M-14-08 FY2014 PortfolioStat Guidance available at: https://www.whitehouse.gov/sites/default/files/omb/memoranda/2014/m-14-08.pdf.

  5. 44 U.S.C. § 3501 note.

  6. Clinger-Cohen Act (40 U.S.C. §§ 11101-11704) available at http://www.gpo.gov/fdsys/pkg/USCODE-2013-title40/html/USCODE-2013-title40-subtitleIII.htm.

  7. Ibid.

  8. See Open Data Policy-Managing Information as an Asset (M-13-13) available at: https://www.whitehouse.gov/sites/default/files/omb/memoranda/2013/m-13-13.pdf.

  9. See https://community.max.gov/x/LhtGJw.

  10. Public law 113-235 contains: “Provided further, That the Director of the Office of Management and Budget shall submit quarterly reports not later than 45 days after the end of each quarter to the Committees on Appropriations of the House of Representatives and the Senate and the Government Accountability Office identifying the savings achieved by the Office of Management and Budget's governmentwide information technology reform efforts: Provided further, That such reports shall include savings identified by fiscal year, agency, and appropriation.”

  11. OMB Circular A-11 available at: https://www.whitehouse.gov/omb/circulars_a11_current_year_a11_toc. OMB IT budget capital planning guidance available at: https://www.whitehouse.gov/omb/e-gov/strategiesandguides.

  12. CIO.gov TechStat Toolkit available at: https://cio.gov/drivingvalue/techstat/browse-toolkit.

  13. Implementing PortfolioStat (M-12-10) available at: https://www.whitehouse.gov/sites/default/files/omb/memoranda/2012/m-12-10_1.pdf.

  14. Fiscal Year 2013 PortfolioStat Guidance: Strengthening Federal IT Portfolio Management (M-13-09) available at: https://www.whitehouse.gov/sites/default/files/omb/memoranda/2013/m-13-09.pdf.

  15. Fiscal Year 2014 PortfolioStat (M-14-08) available at: https://www.whitehouse.gov/sites/default/files/omb/memoranda/2014/m-14-08.pdf.

  16. The following bullets reflect requirements outlined in FITARA Section 833 (c)(1).

  17. Implementation Guidance for the Federal Data Center Consolidation Initiative (March 2012) available at https://www.whitehouse.gov/sites/default/files/omb/assets/egov_docs/cio_memo_fdcci_deliverables_van_roekel_3-19-12.pdf.

  18. Guidance for Specialized Information Technology Acquisition Cadres, https://www.whitehouse.gov/sites/default/files/omb/procurement/memo/guidance-for-specialized-acquisition-cadres.pdf.

  19. Acquisition Workforce Development Strategic Plan for Civilian Agencies – FY 2010 – 2014, https://www.whitehouse.gov/sites/default/files/omb/assets/procurement_workforce/AWF_Plan_10272009.pdf.

  20. M-13-02, Improving Acquisition through Strategic Sourcing, December 5, 2012, https://www.whitehouse.gov/sites/default/files/omb/memoranda/2013/m-13-02_0.pdf.

  21. OMB Memorandum, Transforming the Marketplace: Simplifying Federal Procurement to Improve Performance, Drive Innovation, and Increase Savings, December 4, 2014, https://www.whitehouse.gov/sites/default/files/omb/procurement/memo/simplifying-federal-procurement-to-improve-performance-drive-innovation-increase-savings.pdf.

  22. As defined in 5 U.S.C. § 105.

  23. Federal acquisition certifications such as FAC-C (Contracting), FAC-P/PM (Project and Program Managers), and FAC-COR (Contracting Officers Representative)

  24. Federal Acquisition Regulation: Part 7 available at https://www.acquisition.gov/sites/default/files/current/far/html/FARTOCP07.html.

  25. See OMB M-12-10, M-13-09 and M-14-08. PortfolioStat is a tool that agencies use to assess the current maturity of their IT portfolio management process, using data and analytics to make decisions on eliminating duplication, augment current CIO-led capital planning and investment control processes, and move to shared solutions in order to maximize the return on IT investments across the portfolio

  26. See OMB M-11-29 CIO Authorities memorandum

  27. The Consolidated and Further Continuing Appropriations Act, 2015 (P.L. 113-235), includes an appropriation for the Office of Management and Budget to administer the Information Technology Oversight and Reform fund and requires the submission of quarterly reports “identifying the savings achieved by the Office of Management and Budget’s governmentwide information technology reform efforts” with the “savings identified by fiscal year, agency and appropriation.”

  28. See OMB M-13-09. This information is collected through the Integrated Data Collection (IDC) established in FY 2013 PortfolioStat. Quarterly IDC deadlines are the last days in May, August, November and February.

  29. See the OMB Office of Federal Procurement Policy Transforming the Marketplace (December 4, 2014) memorandum available at: https://www.whitehouse.gov/sites/default/files/omb/procurement/memo/simplifying-federal-procurement-to-improve-performance-drive-innovation-increase-savings.pdf.

  30. U.S. Digital Services Playbook, available at: https://playbook.cio.gov/.

  31. IT Budget Capital Planning Guidance available at: https://www.whitehouse.gov/omb/e-gov/strategiesandguides.

  32. Smarter IT Delivery Cross-Agency Priority Goal, available at: http://www.performance.gov/node/3403?view=public#overview.

  33. Open data: Unlocking innovation and performance with liquid information (McKinsey & Company, October 2013) available at: http://www.mckinsey.com/insights/business_technology/open_data_unlocking_innovation_and_performance_with_liquid_information.

  34. These metrics will be available on MAX and any future updates to performance metrics will be published there.

  35. Project Open Data Dashboard available at: http://labs.data.gov/dashboard/offices.

  36. Protect metrics are each based on a component of the Cybersecurity Cross-Agency Priority Goal described on Performance.gov. Each of these components is described in detail at: http://www.dhs.gov/xlibrary/assets/nppd/ciofismametricsfinal.pdf. The Cybersecurity CAP goal metrics are currently being revised for FY 2015 and therefore the performance metrics in this area are subject to change.

  37. Memorandum for Chief Information Officers: Security Authorization of Information Systems in Cloud Computing Environments (December 8, 2011)

  38. FedRAMP Compliant Systems: https://www.fedramp.gov/marketplace/compliant-systems/.

  39. Available online at: http://www.whitehouse.gov/sites/default/files/omb/assets/procurement_workforce/AWF_Plan_10272009.pdf.