M 15 14
M 15 14
M 15 14
June 10,2015
THE D I RECTOR
M-15-14
FROM:
Purpose
The purpose of this memorandum is to provide implementation guidance for the Federal Information
Technology Acquisition Reform Act (FITARA) 1 and related information technology (IT) management
practices.
Background
FITARA was enacted on December 19,2014. FITARA outlines specific requirements related to:
To implement the requirements ofFITARA, combined with the need to update policy and guidance
re lated to other modem IT practices, OMB is publishing this guidance. This guidance reflects input from
a diverse group of stakeholders, including representatives from the Chief Financial Officer (CFO), Chief
Human Capital Officer (CHCO), Chief Acquisition Officer (CAO), Assistant Secretary for Management
(ASAM), Chief Operating Officer (COO), and CIO communities.
Objectives
1. Assist agencies in establishing management practices that align IT resources with agency
missions, goals, programmatic priorities, and statutory requirements;
2. Establish govemmentwide IT management controls that will meet FITARA requirements while
providing agencies with the flexibility to adapt to agency processes and unique mission
requirements;
1
Title VIII , Subtitle D of the National Defense Authorization Act (N OAA) for Fiscal Year 2015, Pub. L. No. 11 3-29 1. Further references in the
text that refer to "FIT ARA" refer to these sect ions.
1
3. Establish a "Common Baseline" for roles, responsibilities, and authorities of the agency CIO and
the roles and responsibilities of other applicable Senior Agency Officials2 in managing IT as a
strategic resource;
4. Enable the CIO's role, with respect to the development, integration, delivery, and operations of
any type of IT, IT service, or information product to enable integration with the capabilities they
suppott wherever IT may affect functions, missions, or operations;
5. Strengthen the agency CIO ' s accountability for the agency's IT cost, schedule, performance, and
security;
6. Strengthen the relationship between agency CIOs and bureau CIOs;
7. Establish consistent governmentwide interpretation ofFITARA terms and requirements;
8. Assist agencies in establishing an inclusive governance process that will enable effective
authorities and should consult with their counsel regarding those authorities.
4. With respect to Offices of Inspectors General (OIG), this guidance should be implemented in a
manner that does not impact the independence of those offices and the authorities Inspectors
General have over the personnel, performance, procurement, and budget of the OIG, as provided
in the Inspector General Act of 1978, as amended (5 U.S.C. App 3).
5. This memorandum builds upon and will refer to existing OMB policy and guidance.
6. Where possible, this guidance incorporates agency reporting requirements introduced by
FITARA into existing OMB processes, such as PortfolioStat, the Integrated Data Collection
(IDC), 4 Acquisition Human Capital Planning, and the Federal IT Dashboard (ITDB), rather than
creating new reporting channels and tools.
7. With respect to Federal statistical agencies and units as defined in the Confidential Information
Protection and Statistical Efficiency Act of2002 (CIPSEA), 5 covered agencies under FITARA
shall implement this guidance in a manner that ensures that statistical data collected under a
pledge of confidentiality solely for statistical purposes are used exclusively for statistical
purposes, consistent with CIPSEA.
2
Senior Agency Officials, as referred to in this guidance, include positions such as the CFO, CHCO, CAO, ASAM, COO, and Program Manager.
3
Agencies listed in 31 U.S.C. § 90 I (b)( I) and (b )(2).
~ M-14-08 FY20 14 PortfolioS tat Guidance available at: https://www.whitehouse.gov/sites/default/files/omb/memoranda/20 14/m-14-08 .pdf.
2
Table of Contents
Section B: Implementation of the Common Baseline ........ ... ....... ... .... ............... ....... ...................... 4
Section C: Transparency, Risk Management, Portfolio Review, and Reporting ...... .... ..... .. ........... 6
Section D: Federal Data Center Consolidation Initiative (FDCCI) .... ............................. .. ............. 8
Section E: Information Technology Acquisition Initiatives ...... ................ ........ ... ........... ......... .... .. 9
Attachment A: Common Baseline for IT Management and CIO Assignment Plan .. ... ..... ....... .... 10
Attachment B. Definitions of Terms for Purposes ofthis Guidance ... .... .. .... ...... .... ..... ............ ... . 18
Attachment C: Template for Agency Common Baseline Self-Assessment and Plan ................... 19
Attachment E : Investment and Portfolio Management Maturity Framework ..... ........... .............. 25
Attachment F: Additional Agency Human Capital Plan Requirements ............. ... .................... ... 27
Attachment G: Related Forthcoming Policies Roadmap ............. ......... ......... ......... ...... ....... ...... ... 28
Attachment I: Summary of Agency Deadlines and Requirements ........ ... ........... ... .... ... ............... 31
Many of the requirements of this memorandum refer to the agency CIO's invo lvement w ith the decision
processes and policies related to " information technology resources" throughout the agency, including IT
within programs . To establi sh a consistent governmentwide interpretation ofthe Federal resources
included in this scope, the following definition shall be used for " information technology resources: "
A. Agency budgetary resources, personnel, equipm ent, facilities , or services that are primarily
used in the management, operation, acquisition, di sposition, and transformation, or other
activity re lated to the lifecyc le of information technology;
B. Acqui sitions or interagency agreements that include information technology and the services
or equipment provided by such acquisitions or interagency agreements; but
C. Does not include grants to third pmties w hich establi sh or suppmt information techno logy not
operated directly by the Federal Government.
2. Thi s definition and this memorandum refer to the term " information technology," whi ch for the
purposes ofthi s memorandum is defined as:
B. such services or equipment are ' used by an agency ' if used by the age ncy directly or if used
by a contractor under a contract with the agency that requ ires either use of the services or
3
equipment or requires use of the services or equipment to a significant extent in the
performance of a service or the furnishing of a product.
C. The term " information technology" includes computers, ancillary equipment (including
imaging peripherals, input, output, and storage devices necessary for security and
surveillance), peripheral equipment designed to be controlled by the central processing unit of
a computer, software, firmware and similar procedures, services (including provisioned
services such as cloud computing and support services that support any point of the lifecycle
of the equipment or service), and related resources.
D. The term " information technology" does not include any equipment that is acquired by a
contractor incidental to a contract that does not require use of the equipment.
This definition is based on the definition of information technology found in the Clinger-Cohen Act of
1996.6 Additional definitions used in this memorandum are available in Attachment A.
To establish consistency across IT management and acquisition policies, OMB Circular A-130, OMB
Circular A-ll , and the Federal Acquisition Regulation (FAR) will be updated to reflect these definitions
of " information technology resources" and " information technology," as appropriate.
1. The " Common Baseline" (Attachment A) provides guidance on the CIO' s and other Senior
Agency Officials' roles and responsibilities for the management of IT. This Common Baseline
provides a framework for agencies to implement the specific authorities that FIT ARA provides
for CFO Act agency CIOs, and builds upon their responsibilities as outlined in the Clinger-Cohen
Act of 1996. 7 The Common Baseline also speaks to the roles and responsibilities of other Senior
Agency Officials, as it is critical that these officials in each covered agency are engaged in the
oversight of IT investments.
2. All covered agencies shall institute policies and procedures that implement the roles,
responsibilities, and requirements found in the Common Baseline. The Common Baseline
provides agencies with certain flexibility to adopt procedures that meet these requirements in a
manner tailored to the volume and type of work completed by the agencies. As explained further
in Attachment A , agencies may adopt a plan that provides for the CIO ' s direct involvement or a
framework approved by the CIO that contains clear rules on the procedures by which decisions
are made and articulates that the CIO remains responsible and accountable for those decisions
(referred to as the "CIO Assignment Plan" in Attachment A). Further detail is provided in the
"CIO Assignment Plan" section found in Attachment A.
3. Each agency shall take the following actions to implement the Common Baseline:
• Complete agency self-assessment and plan. Each covered agency shall conduct a self
assessment that identifies current conformity with or gaps in conformity with the Common
Baseline, and shall articulate an implementation plan describing the changes it will make to
6
Clinger-Cohen Act (40 U. S.C. §§ 1110 1-11 704) available at http://www.gpo.gov/fdsys/pkg/USCODE-20 13-title40/html/USCODE-20 13
title40-subtitlelll.htm .
7
lbid.
4
ensure that all Common Baseline responsibilities described in Attachment A are implemented
by December 31, 2015. This shall include a discussion of how agency senior leaders and
program leaders will work in partnership to facilitate the successful implementation of the
Common Baseline and how the agency CIO will be enabled as a strategic pm1ner integrated
in shaping Agency strategies, budgets, and operations. The deputy secretary or chief
operating officer or higher is responsible for the completion of the self-assessment and plan
documents. This self-assessment and implementation plan shall not exceed 25 pages and
shall include the template in Attachment Cor another template approved by OMB .
• Conduct annual review and update to self-assessment. Covered agencies shall update the
self-assessment annually to identify any obstacles or incomplete implementation of Common
Baseline responsibilities that occurred over the preceding 12 months. The first update will be
due April 30, 2016, and each April 30 on an annual basis thereafter.
4. The following additional actions will be taken to support agencies' implementation of the
Common Baseline:
• Federal CIO Council (the Council) shall develop and share on-going support and tools.
Through the end of fiscal year (FY) 2016, the Council will dedicate time in its meetings to
discuss current topics related to the implementation of the Common Baseline at least once
every quarter. The Council should consult with the CFO Council in the development of
materials to support changes related to the Common Baseline across management domains.
The Council will also assist agencies in implementing the Common Baseline by sharing
examples of agency governance processes and IT policies on a public website at
https://management.cio.gov.
8
See Open Data Policy-Managing Information as an Asset (M -13-13 ) available at:
https://www.whitehouse.gov/sites/default/files/omb/memoranda/20 13/m-1 3-1 3.pdf.
5
• Support President's Management Council (PMC) follow-up. By June 30, 2015, the PMC
will select three members from the Council to provide an update on governmentwide
implementation of FITARA on a quarterly basis through the end of FY20 16. These updates
will improve each agency's awareness of policies and processes which have worked well at
other agencies.
1. Covered agencies shall continue to rep01t required data to OMB as part of the quarterly IDC per
current instructions. OMB will continue to update IDC instructions posted on the MAX Federal
Community on a quarterly basis. 9
• Standardized cost savings metrics and performance indicators. As a part of the IDC
reporting requirements, agencies shall continue to provide cost savings and cost avoidance
achieved as a result of strategies that the agency has decided to adopt. Based on this
information, agencies will be provided a summary scorecard that provides agency-specific
performance metric data and portfolio analysis agenda items.
• Sharing with the public and Congress. As required by the Consolidated and Further
Continuing Appropriations Act, 2015 (P.L. 113-235) 10 OMB will continue to report quarterly
to Congress on the cost savings, avoidance, and reductions in duplicative IT investments
resulting from the above agency efforts. OMB will also provide a summary of these savings
by agency on a publicly accessible website. Agency reporting requirements for these topics
are included in the IDC instructions.
2. Covered agencies shall continue to provide information to the ITDB, as required by OMB's
capital planning and investment control (CPIC) guidance, which is issued annually in conjunction
with the release of OMB Circular A-11. 11 As a part of that guidance, the following approaches
will be used to meet FITARA requirements:
• Data improvement program. If OMB or the agency CIO determines data reported to the
ITDB is not timely and reliable, the CIO (in consultation with the agency head) must notify
OMB through the IDC and establish within 30 days ofthis determination an improvement
program to address the deficiencies. The CIO will collaborate with OMB to develop a plan
that includes root cause analysis, timeline to resolve, and lessons learned. In addition, the
CIO will communicate to OMB the steps the agency is taking to execute the data
improvement program and the progress the agency is making. Agencies will provide updates
on the status of this program on a quatterly basis as a part of their IDC submission until the
identified deficiency is resolved.
9
See https://community.max.gov/x/LhtGJw.
10
Public law 113-235 contains: " Provided further, That the Director of the Office of Management and Budget shall submit quarterly reports not
later than 45 days after the end of each quarter to the Committees on Appropriati ons of the House of Representatives and the Senate and the
Government Accountabili ty Office identifying the savings achieved by the Office of Management and Budget's governmentwide information
technology reform efforts: Provided further, That such reports shall include sav ings identified by fiscal year, agency, and appropriation. "
11
OMB Circular A-ll avai lable at: https://www.whitehouse.gov/omb/circulars all current year all toe. OMB IT budget cap ital planning
guidan ce avai !able at: https://www.whitehouse. gov/omb/e-gov/strategiesandguides.
6
• TechStat Sessions. A TechStat is a face-to-face, evidence-based accountability review of an
IT program with agency leadership. 12 TechStat sessions are a tool for getting ahead of critical
problems in an investment, turning around underperforming investments, or terminating
investments if appropriate . For all agency-led TechStat reviews of investments, the agency
shall contact egov@omb.eop.gov with the subject line, " [Agency Acronym] TechStat
Notification," at least two weeks ahead of the TechStat session. Agencies shall follow the
agency's TechStat policy and procedures based on the CIO.gov TechStat Toolkit when
managing TechStat sessions. Agencies shall report the outcomes and outputs of all TechStat
sessions through the quatterly IDC, including: the assessment described in Attachment E:
Investment and Portfolio Management Maturity Framework, a root cause analysis of
performance issues, corrective action plans which address these causes, and a timeline for
implementing the corrective actions. More detailed reporting guidance will be provided in
the quarterly IDC instructions.
• High risk rating. Given the size and complexity of the multi-billion dollar Federal IT
Portfolio, it is critical to maintain a focus on the health of IT investments across the
government. As required by CPIC guidance, the CIO evaluations repotted to the ITDB for all
major IT investments must reflect the CIO's assessment of the current level of risk for any
major investment's abi lity to accomplish its goals based on factors described in the CPIC
guidance.
• Automatic TechStats. Moreover, if an investment has a high risk rating (red CIO evaluation
in the ITDB) for three consecutive months beginning July 1, 2015 , agencies must hold a
TechStat session on that investment. The session must be held within 30 days of the
completion of the third month. If this investment remains categorized with a red CIO
evaluation one year following the Tech Stat session then OMB may take appropriate
performance and/or budgetary actions until the agency has addressed the root cause and
ensured the investment's ability to complete the remaining activities within planned cost and
schedule.
3. As explained in Attachment D, PortfolioStat is a data-driven tool that agencies use to assess the
current maturity of their IT portfolio management processes and select PortfolioStat action items
to strengthen their IT portfolio. Covered agencies shall hold P01tfolioStat sessions on a quarterly
basis with OMB, the agency CIO, and other attendees. (These sessions were previously annual
and required the attendance of the agency deputy secretary (see Implementing PortfolioStat (M
12-1 0) 13 , Fiscal Year 2013 PortfolioStat Guidance: Strengthening Federal IT Portfolio
Management (M-13-09), 14 and Fiscal Year 2014 PortfolioStat (M-14-08)). 15
• Discuss and update a multi-year strategy to identify and reduce duplication and waste within
the IT portfolio of the agency, including component-level investments and to identify
projected cost savings resulting from such strategy;
• Identify or develop ways to increase the efficiency and effectiveness of the IT investments of
the agency;
12
CIO.gov TechStat Toolkit avai lable at: https://cio.gov/drivi ngyalue/techstalfbrowse-toolkit/.
13
Implementing PortfolioS/at (M-12-1 0) avai lable at: http://www.whitehouse.gov/sites/defaul t/fi les/omb/memoranda/20 12/m-12- 10 !.pdf
1
' Fiscal Year 2013 PortfolioStat Guidance: Strengthening Federal IT Portfolio Management (M-13-09) available at:
https ://www.whitehouse.gov/s ites/default/fi les/omb/memoranda/20 13/m-1 3-09 .pdf.
1
' Fiscal Year 2014 PortfolioS/at (M -14-08) available at: https://www.wh itehouse.gov/sites/default/fil es/omb/memoranda/20 14/m-1 4-08 .pdf.
16
The following bullets reflect requirements outlined in FIT ARA Section 833 (c)( I).
7
• Identify or develop opportunities to increase the use of shared-service delivery models;
• Identify potential duplication and waste;
• Develop plans for actions to optimize the IT pmtfolio, programs, and resources of the agency;
• Review investments included in High Impact Programs; and
• Develop ways to better align the IT portfolio, programs, and financial resources of the agency
to long term mission requirements or strategic plans required by law.
Agencies must report the status ofPortfolioStat action items in the IDC at least quatterly.
Annually by April 30, agency heads shall review and cettify the status of PortfolioStat action
items with the agency CIO and send to OMB.
OMB will focus on the metrics highlighted in PortfolioStat materials, data submitted through the
quarterly IDC process, and agency IT Major Business Case information developed through the
CPIC process to assess agency PortfolioStat progress. Complete FY 2015 PortfolioStat guidance
is included in Attachment D.
OMB FDCCI Guidance, 17 which was issued in March 2012, outlined the goals, responsibilities, and
reporting requirements for agencies through the end ofFY 2015. Covered agencies shall continue to
provide updates regarding phase one ofFDCCI in their quarterly IDC submissions. OMB will publish
updated FDCCI guidance by the end of FY 2015 , which will describe the second phase of the initiative
and will refresh and refocus the data center optimization strategy on the efficient and effective use of
resources and implementation of the statutory requirements of FIT ARA.
" Implementation Guidance for the Federal Data Center Consolidation Initiative (March 2012) available at
https ://www.whitehouse.gov/sites/default/files/omb/assets/egov docs/cio memo fdcci deliverables van roekel 3-1 9-12.pdf.
8
Section E: Information Technology Acquisition Initiatives
1. IT Acquisition Cadres. FITARA' s requirements for IT acquisition cadres builds upon OMB ' s
Office of Federal Procurement Policy (OFPP) July 2011 memorandum on building specialized IT
acquisition cadres. 18 As originally required by the memorandum, Acquisition Worliforce
Development Strategic Plan for Civilian Agencies - FY 2010 - 2014 19 of October 27, 2009,
civilian CFO Act agencies shall continue to send their annual Acquisition Human Capital Plans
to OMB OFPP. The latest iteration ofthose Plans was due April 15 , 2015.
Add itional guidance from OMB issued in February 2015 requires agencies to address new
reporting elements required by FITARA. Details regarding these new reporting elements are
found in Attachment F.
2. Category Management and the Federal Strategic Sourcing Initiative CFSSI). 20 Agencies will be
required to comply with an upcoming new rule regarding purchases of services and supp lies of
types offered under an FSSI agreement without using an FSSI agreement. In February 2015 , the
FAR Council initiated rulemaking to implement this provision of FITARA, which creates a
preference for strategically sourced vehicles. Once finalized , agencies will be required to include
in the contract file a brief analysis of the comparative value, including price and non-price
factors , between the services and supplies offered under the FSSI and services and supplies
offered under the source or sources used for the purchase. This rule will be in addition to other
strategies that OFPP is developing around category management, a practice adopted by industry
where spending is managed by categories of common spending, like IT and I
Transportation, and
led by expet1s who promote governmentwide best practices and help agencies avoid unnecessary
duplicative spending and activities. OMB formally launched the Category Management
initiative21 in December 2014.
18
Guidance fo r Speciali=ed Information Technology Acquisition Cadres,
https ://www.whitehouse.gov Isites/ defau It/files/omb/procurement/memo/ guidance-for-special ized-acg uis ition -cadres. pdf.
19
Acquisition Worlforce Development Strategic Plan for Civilian Agencies - FY 2010 - 201 4,
to-improve-performance-drive-innovation-increase-savings.pdf.
22
As defined in 5 U.S.C. § I05 .
9
Attachment A: Common Baseline for IT Management and CIO Assignment Plan
All covered agencies shall adopt specific controls for the management of IT from the "Common
Baseline" below. The Common Baseline prescribes a basic set of spec ific responsibilities and processes
that al l covered agencies shall have in place no later than December 31, 2015. A set of defi nitions
follows the Common Baseline to fUt1her clarify the specific responsibilities.
• All references to "CIO" refer to depat1ment/headquat1ers CIOs, and only references to " bureau
CIO" refer to the CIO or official-with-CIO-duties within a bureau or any component organization
of the agency (see definitions) .
• If an agency has a " budget officer" separate from the CFO, then references to "CFO" shall also
refer to the budget officer.
• If an agency has a "senior procurement executive" separate from the CAO, then references to
"CAO" shall refer also to the senior procurement executive.
DOD, the Intelligence Community, and p01tions of other agencies that operate systems related to national
security are subject to on ly certain portions of FIT ARA and shall meet with OMB no later than 60 days
following the final release of this guidance to clarify the app licabi lity of this guidance throughout their
organizations and activities, including alternative requirements or exceptions.
10
Common Baseline for IT Management and CIO Assignment Plan
11
Statutory Language 1. CIO 2. CXO/Other
(FITARA unless otherwise noted) Role and Responsibilities Roles and Responsibilities
The head of each covered agency … shall E1. Ongoing CIO engagement with program managers. The CIO should establish E2. Ongoing CIO engagement with program
and maintain a process to regularly engage with program managers to evaluate IT managers. Program managers shall work with the
ensure that the Chief Information Officer of resources supporting each agency strategic objective. It should be the CIO and CIO to define IT performance metrics and strategies
the agency has a significant role in—(i) the program managers’ shared responsibility to ensure that legacy and on-going IT to support fulfillment of agency strategic objectives
investments are appropriately delivering customer value and meeting the business defined in the agency’s strategic plan.
decision processes for all annual and multi- objectives of programs.
year planning, programming, budgeting, and F1. Visibility of IT planned expenditure reporting to CIO. The CFO, CAO and F2. Visibility of IT planned expenditure reporting
CIO should define agency-wide policy for the level of detail of planned expenditure to CIO. The CFO, CAO and CIO shall define
execution decisions… and (ii) the reporting for all transactions that include IT resources. agency-wide policy for the level of detail of planned
Acquisition and Execution
management, governance and oversight expenditure reporting for all transactions that include
IT resources.
processes related to [IT]…
G1. CIO defines IT processes and policies. The CIO defines the development
40 U.S.C. § 11319(b)(1)(A) processes, milestones, review gates, and the overall policies for all capital planning,
enterprise architecture, and project management and reporting for IT resources. At a
minimum, these processes shall ensure that the CIO certifies that IT resources are
adequately implementing incremental development (as defined in the below
The Director of the Office of Management definitions). The CIO should ensure that such processes and policies address each
category of IT resources appropriately—for example, it may not be appropriate to
and Budget shall require in the annual apply the same process or policy to highly customized mission-specific applications
information technology capital planning and back office enterprise IT systems depending on the agency environment. These
policies shall be posted publicly at agency.gov/digitalstrategy, included as a
guidance of the Office of Management and downloadable dataset in the agency’s Public Data Listing, and shared with OMB
Budget the following: That the Chief through the IDC. For more information, see OMB Circular A-130: Management of
Information Resources.
Information Officer of each covered agency H1. CIO role on program governance boards. In order to ensure early matching of H2. Participate with CIO on governance boards as
certify that information technology appropriate IT with program objectives, the CIO shall be a member of governance appropriate.
boards that include IT resources (including “shadow IT” or “hidden IT”—see
investments are adequately implementing definitions), including bureau Investment Review Boards (IRB). The CIO shall notify
incremental development, as defined in OMB of all governance boards the CIO is a member of and at least annually update
this notification.
12
Statutory Language 1. CIO 2. CXO/Other
(FITARA unless otherwise noted) Role and Responsibilities Roles and Responsibilities
capital planning guidance issued by the Office II. Shared acquisition and procurement responsibilities. The CIO reviews all cost 12. Shared acquisition and procurement
estimates ofiT related costs and ensures all acquisition strategies and acquisition responsibilities. The CAO, in consultation with the
of Management and Budget.
plans that include IT apply adequate incremental development principles (see CIO and-where appropriate-CFO, shall ensure
40 us c.§ 11319 definitions). there is an agency-wide process to ensure all
acquisitions that include any IT:
• are led by personnel with appropriate federal
acquisition certifications (FACs)23 , including
specialized IT certifications as appropriate;
• are reviewed for opportunities to leverage
acquisition initiatives such as shared services,
category management, strategic sourcing, and
incremental or modular contracting and use such
approaches as appropriate;
• are supported by cost estimates that have been
reviewed by the CIO; and
• adequately imp lement incremental development.
The CIO .. monitors the performance of J I. CIO role in recommending modification, termination, or pause of IT projects
information technology programs of the or initiatives. The CIO shall conduct TechStat reviews or use other applicable
agency, evaluates the performance of those performance measurements to evaluate the use of the IT resources of the agency. The
programs on the basis of the applicable CIO may recommend to the agency head the modification, pause, or termination of
performance measurements, and advises the any acquisition, investment, or activity that includes a significant IT component based
head of the agency regarding whether to on the CIO's evaluation, within the terms of the relevant contracts and applicable
continue. modify. or terminate a program or regulations.
project;
40 USC § 11315(c)(2)
TN GENERAL-A covered agency other K I. CIO review and approval of acquisition strategy and acquisition plan. K2. CAO is responsible for ensuring contract
than the Department of Defense- (I) may not Agencies shall not approve an acquisition strategy or acquisition plan (as described in actions that contain IT are consistent with CIO
enter into a contract or other agreement for FAR Part 724) or interagency agreement (such as those used to support purchases approved acquisition strategies and plans. The
information technology or information through another agency) that includes IT without review and approval by the agency CAO shall indicate to the CIO when planned
technology services, unless the contract or CIO. For contract actions that contain IT without an approved acquisition strategy or acquisition strategies and acquisition plans include IT .
other agreement has been reviewed and acquisition plan, the CIO shall review and approve the action itself. The CAO shall ensure the agency shall initiate no
approved by the Chief Information Officer of contract actions or interagency agreements that
the agency; The CIO shall primarily consider the following factors when reviewing acquisition include IT unless they are reviewed and approved by
strategies and acquisition plans: the CIO or are consistent with the acquisition strategy
40 U S C.§ 11319 (b)(1)(C)(i)(1) • Appropriateness of contract type; and acquisition plan previously approved by the CIO.
• Appropriateness of IT related portions of statement of needs or statement of work ;
• Appropriateness of above with respect to the mission and business objectives Similar process for contract modifications. CAO
supported by the IT strategic plan; and shall also ensure that no modifications that make
• Alignment with mission and program objectives in consultation with program substantial changes to the scope of a significant
leadership. contract are approved that are inconsistent with the
acquisition strategy and acquisition plan previously
approved by the CIO unless the modification is
reviewed and approved by the CIO.
23
Federal acquisition certifications such as FAC-C (Contracting), FAC-P/PM (Project and Program Managers), and FAC-COR (Contracting Officers Representative).
24
Federal Acquisition Regulation: Part 7 available at http://www.acguisition.gov/far/html/FARTOCP07.html.
13
Statutory Language 1. CIO 2. CXO/Other
(FITARA unless otherwise noted) Role and Responsibilities Roles and Responsibilities
IN GENERAL-A covered agency ... - Ll. CIO approval of reprogramming. The CIO must approve any movement of L2. CJO approval of reprogramming. The CFO
"(II) may not request the reprogramming of funds for IT resources that requires Congressional notification. shall ensure any notifications under L1 are approved
any funds made available for information by the CIO prior to submi ssion to OMB.
technology programs, unless the request has
been reviewed and approved by the Chief
Information Officer of the agency
PERSONNEL-RELATED AUTHORITY. MI . CIO approves bureau CIOs. The CIO shall be involved in the recru itment and
Notwithstanding any other provision oflaw, shall approve the selecti on of any new bureau CIO (includes bureau leadership with
for each covered agency ... the Chief CIO duties but not title- see definitions). The title and responsibilities of current
Information Officer of the covered agency bureau CIOs may be designated or transferred to other agency personnel by the
shall approve the appointment of any other agency head or his or her designee as appropriate, and such decisions may take into
employee with the title of Chief Information consideration recommendations from the agency CIO.
Officer, or who functions in the capacity of a
Chief Information Officer, for any component
organization within the covered agency.
40 us c. ll319 (b)(2)
14
Statutory Language l.CIO 2. CXO/Other
(FITARA unless otherwise noted) Role and Responsibilities Roles and Responsibilities
performance goals established for information 01 . Bureau IT Leadership Directory. CIO and CHCO will conduct a survey of all 02. Bureau IT Leadership Directory. CHCO will
bureau CIOs and CIO and CHCO will jointly publish a dataset identifying all bureau work with CIO to develop the Bureau IT Leadership
resources management; officials with title of CIO or duties of a CIO. This shall be posted as a public dataset Directory as described in 0 I.
based on instructions in the IDC by August 15, 2015 and kept up- to- date thereafter.
(B) assesses the extent to which the positions The report will identify for each:
• Employment type (e.g. GS, SES, SL, ST, etc.)
and personnel at the executive level of the • Type of appointment (e.g. career, appointed, etc.)
15
Common Baseline for IT Management and CIO Assignment Plan
(continued)
For the responsibilities other than those detailed in Dl and Ml of the above chart (budget approval and bureau CIO appointment), the CIO may
designate other agency officials to act as a representative of the CIO in aspects of the above processes in a rules-based manner, such as by a
dollar threshold, type of planned IT activity, or by bureau. This designation shall be developed in consultation with the CFO, CAO, CHCO, and
other Senior Agency Officials, as appropriate. Even if a representative is substituted for the CIO, the CIO retains accountability for the assigned
role or responsibility and thus must ensure the overall suitability of selected officials. Because the selected official represents the CIO, CIOs
should monitor the ongoing suitability of this designation and revise as appropriate. This allows the CIO to define a rules-based manner to
select representatives such members of the CIO's office, or a bureau CIO, to represent the CIO for portions of the Common Baseline
responsibilities described above (such as for contract review of purchases of less than a certain dollar threshold).
Agencies which plan to use such a rules-based method must describe it in a "CIO Assignment Plan" (Plan) and submit it for OMB approval as
detailed in Section B above. Plans must show evidence that the CIO retains accountability for the designated alternative agency officials'
involvement and decisions and that the appropriate level of rigor shall be executed by this official in place of the CIO. The agency shall post
the Plan publicly at agency.gov/digitalstrategy and include it as a downloadable dataset in the agency's Public Data Listing not more than 30
days following the Plan's approval by OMB.
Legal text ofFITARA: "A covered agency ... may use the governance processes ofthe agency to approve such a contract or other agreement if
the ChiefInformation Officer ofthe agency is included as a full participant in the governance processes. " Also, "[t} he head ofeach agency
shall ensure that the ChiefInformation Officer ofthe agency has a significant role in ... the decision processes for all annual and multi-year
planning, programming, budgeting, and execution decisions, related reporting requirements, and reports related to IT and ... the management,
governance and oversight processes related to [IT]. "
40 USC§ 11319(b)(l)(A) and (C)(i)(III)
16
Summary of Common Baseline for IT Management
17
Attachment B. Definitions of Terms for Purposes of this Guidance
The Chief Information Officer at the headquarters level of a department or establishment of the government as defined in
Agency CIO
Section 20 of OMB Circular A-11 (contrast with ‘bureau CIO’).
Official with the title or role of Chief Information Officer within a principal subordinate organizational unit of the agency,
as defined in Section 20 of OMB Circular A-11, or any component organization of the agency (contrast with ‘agency
Bureau CIO
CIO’).
An IT investment requiring special management attention because of its importance to the mission or function to the
government; significant program or policy implications; high executive visibility; high development, operating, or
maintenance costs; unusual funding mechanism; or definition as major by the agency’s capital planning and investment
Major IT control process. Agencies should also include all “major automated information system” as defined in 10 U.S.C. 2445 and
Investment all “major acquisitions” as defined in the OMB Circular A-11 Capital Programming Guide consisting of information
resources. OMB may work with the agency to declare IT investments as major IT investments. Agencies must consult
with assigned OMB desk officers and resource management offices (RMOs) regarding which investments are considered
“major.” Investments not considered “major” are “non-major.”
Reprogramming Any movement of funds for IT resources that requires Congressional notification.
Adequate For development of software or services, planned and actual delivery of new or modified technical functionality to users
Incremental occurs at least every six months.
Development
Refers to spending on IT that is not fully transparent to the agency CIO and/or IT resources included as a portion of a
“Shadow IT” or program that is not primarily of an “information technology” purpose but delivers IT capabilities or contains IT resources.
“Hidden IT” For example, a grants program that contains a portion of its spending on equipment, systems, or services that provide IT
capabilities for administering or delivering the grants.
A mutually binding legal relationship obligating the seller to furnish the supplies or services (including construction) and
the buyer to pay for them. It includes all types of commitments that obligate the Government to an expenditure of
appropriated funds and that, except as otherwise authorized, are in writing. In addition to bilateral instruments, contracts
include (but are not limited to) awards and notices of awards; job orders or task letters issued under basic ordering
Contract
agreements; letter contracts; orders, such as purchase orders, under which the contract becomes effective by written
acceptance or performance; and bilateral contract modifications. Contracts do not include grants and cooperative
agreements covered by 31 U.S.C. § 6301, et seq. For discussion of various types of contracts, see Part 16. – FAR
definitions
18
Attachment C: Template for Agency Common Baseline Self-Assessment and Plan
OMB will issue revised IDC reporting instructions that describe how agencies shall submit their self-assessment and plan using the below template
or another template approved by OMB. Each element of the Common Baseline will be evaluated, along with accompanying evidence and steps to
close the incompletely addressed areas.
Budget Formulation and Planning. FITARA: “The CIO has a significant role in the decision processes for all annual and multi-year planning, programming, budgeting, and execution decisions.”
Acquisition and Execution. FITARA: “The CIO has a significant role in the decision processes for all annual and multi-year planning, programming, budgeting, and execution decisions; management, governance and oversight
processes related to IT; and certifies that IT investments are adequately implementing incremental development as defined in OMB capital planning guidance.”
Organization and Workforce. FITARA: “The CIO reports to the agency head (or deputy/COO) and assesses the requirements established for agency personnel regarding knowledge and skill in information resources
management and the adequacy of those requirements for facilitating the achievement of the established IRM performance goals; and assesses the extent to which the positions and personnel at the executive and management
levels meet those requirements.”
This Attachment describes changes to the PortfolioStat process used in FY 2015, including reporting
requirements for agencies. This attachment also describes the goals and topics which agencies and OMB
will address through the FY2015 PortfolioStat process.
PortfolioStat25 was established in FY 2012 to assess the maturity of Federal IT portfolio management,
consolidate and eliminate duplicative spending on Commodity IT,26 and improve agency processes to
drive mission and customer-focused IT solutions. PortfolioStat is an evidence-based, data-driven review
of agency IT portfolio management with agency leadership that continues to drive significant cost savings
and efficiencies. To date, agencies have saved over $2.59 billion,27 exceeding the $2.5 billion in savings
opportunities identified in the original FY 2012 PortfolioStat sessions.
Each year this process has evolved to better align Federal IT policy goals to agency IT portfolios. As part
of this evolution, starting in FY 2015 we have changed PortfolioStat from being an annual review session
to quarterly reviews. OMB now collects agency progress data on a quarterly basis28 and as such has an
obligation to provide timely performance feedback throughout the year. Sharing this feedback quarterly
will better allow OMB to track progress and recommend course corrections more frequently.
In alignment with the Administration’s core IT objectives, PortfolioStat sessions will focus on three key
areas: (1) driving value in Federal IT investments, (2) delivering world-class digital services, and (3)
protecting Federal IT assets and information. Prior to each quarterly PortfolioStat session, agencies will
be provided a scorecard including agency-specific performance metric data (see Fiscal Year 2015
PortfolioStat Performance Metrics below for specific metrics) and portfolio analysis agenda items.
1. The agenda of PortfolioStat sessions between OMB and agencies will focus on the following
initiatives:
PortfolioStat Action Items. Agencies will discuss the status of each PortfolioStat action
item reported through the IDC with OMB.
High Impact Programs. Agencies will use Attachment E: Investment and Portfolio
Management Maturity Framework to describe the strategy, progress, critical milestones, risk,
and expected impact of investments included in High Impact Programs. OMB will continue
to work with agencies to designate investments included in High Impact Programs.
Agency Digital Service Teams and United States Digital Service (USDS). OMB will
review the agency’s progress in laying the organizational groundwork and establishing
Digital Service Teams, the agency’s plan for effectively leveraging those resources, and the
status of the performance of USDS activities.
25
See OMB M-12-10, M-13-09, and M-14-08. PortfolioStat is a tool that agencies use to assess the current maturity of their IT portfolio
management process, using data and analytics to make decisions on eliminating duplication, augment current CIO-led capital planning and
investment control processes, and move to shared solutions in order to maximize the return on IT investments across the portfolio.
26
See OMB M-11-29 CIO Authorities memorandum
27
The Consolidated and Further Continuing Appropriations Act, 2015 (P.L. 113-235), includes an appropriation for the Office of Management
and Budget to administer the Information Technology Oversight and Reform fund and requires the submission of quarterly reports “identifying
the savings achieved by the Office of Management and Budget’s governmentwide information technology reform efforts” with the “savings
identified by fiscal year, agency and appropriation.”
28
See OMB M-13-09. This information is collected through the Integrated Data Collection (IDC) established in FY 2013 PortfolioStat. Quarterly
IDC deadlines are the last days in May, August, November and February.
21
Commodity IT. Agencies will discuss how they use category management29 to consolidate
commodity IT assets, eliminate duplication between assets, and improve procurement and
management of hardware, software, network, and telecom services. Furthermore, agencies
will share lessons-learned related to commodity IT procurement policies and efforts to
establish enterprise-wide inventories of related information.
IT Management Roles and Responsibilities. Agencies will discuss the status of their plans
to implement the Common Baseline (Attachment A) and monitor the effectiveness of the
CIO’s execution of the included roles and responsibilities. This should include discussion of
the CIO’s relationship with other Senior Agency Officials, as well as those officials’
execution of listed roles and responsibilities.
Portfolio Management Maturity. Agencies will use the categories described in Attachment
E: Investment and Portfolio Management Maturity Framework to evaluate the maturity of the
agency’s People, Technology, Governance, Process, and Acquisition capabilities related to IT
resources. Agencies should describe how their policies implement the portfolio management,
capital planning, and other processes required in OMB Circular A-130, OMB Circular A-11’s
capital planning and investment control guidance, and other OMB IT management policies,
including this guidance. For example, agencies should describe how agency priority goals,
agency strategic objectives, the IT investment portfolio, the Information Resource
Management (IRM) Strategic Plan, and the Enterprise Roadmap relate to each other and
support the efficient and effective accomplishment of agency program and business
objectives. Finally, agencies should describe how they select the system development
lifecycle frameworks used in IT development activities, such as the use of incremental
development and modular approaches prioritized by customer requirements.
Data Center, Cloud, and Shared Services Optimization. Agencies will discuss their
progress using cloud computing and shared services to optimize data center activities and
achieve overall IT objectives. This includes a discussion of how the agency is using
FedRAMP services and ensuring cloud services meet applicable FISMA requirements.
World-Class Customer Service. Agencies shall discuss how their portfolio management
practices emphasize the customer-centric themes of the U.S. Digital Services Playbook,30
OMB’s capital planning and investment control guidance,31 and the Smarter IT Cross-Agency
Priority (CAP) Goal.32 Agencies should describe where in their policies the following are
implemented: the Playbook’s “Understand what people need” play, the capital planning
guidance requirement for major investments to measure customer satisfaction performance
metrics, and the Smarter IT CAP Goal’s focus on improving outcomes and customer
satisfaction with Federal services.
29
See the OMB Office of Federal Procurement Policy Transforming the Marketplace (December 4, 2014) memorandum available at:
https://www.whitehouse.gov/sites/default/files/omb/procurement/memo/simplifying-federal-procurement-to-improve-performance-drive-
innovation-increase-savings.pdf.
30
U.S. Digital Services Playbook, available at: https://playbook.cio.gov/.
31
IT Budget Capital Planning Guidance available at: https://www.whitehouse.gov/omb/e-gov/strategiesandguides.
32
Smarter IT Delivery Cross-Agency Priority Goal, available at: http://www.performance.gov/node/3403?view=public#overview.
22
Open Data. Experts have calculated that the potential economic benefits of open data are in
the trillions of dollars.33 The Federal government has made significant strides in opening up
data to drive economic growth. Currently there are over 117,000 data sets available on
data.gov. As a next step, agencies should improve the quality and types of datasets.
Agencies should continue to evaluate their enterprise data inventory, conduct outreach to
understand the users of their data, improve customer feedback mechanisms, and release
datasets—subject to privacy, confidentiality, security, or other valid restrictions.
Streamlining reporting. OMB will continue to seek opportunities to reduce agency burden
through revising reporting requirements and improving reporting channels through the ITDB
and IDC as well as work with agencies to develop opportunities to improve the timeliness and
reliability of reported ITDB data.
2. Quarterly PortfolioStat activities will take place in three phases: (1) Preparation; (2) Session; and
(3) Post-Session. The following provides details on each phase with guidance on the schedule
and requirements to ensure PortfolioStat is consistently implemented.
Phase 1: Preparation. Following each quarterly agency IDC submission, OMB will analyze
the latest data, consider trends in performance metrics over time, and review past
PortfolioStat topics and PortfolioStat action items to identify topics for the upcoming
PortfolioStat session’s discussion. OMB will send these topics, analysis, and proposed
agenda for each agency to the agency’s PortfolioStat lead. Agencies are encouraged to work
closely with OMB to provide clarifications and improvements to the preparation prior to the
quarterly PortfolioStat session.
Phase 2: Session. Agency PortfolioStat leads shall work with OMB to schedule a
PortfolioStat session to be held within eight weeks following the relevant IDC quarter’s
submission deadline. In the session, OMB and the agency CIO will review updates to the
agency's Strategic IRM Plan and Enterprise Roadmap, trending data from the agency’s IDC
and IT Dashboard submissions, discuss preceding quarterly PortfolioStat action items, status
of investments included in High Impact Program(s), and select performance metrics.
Based on the discussion, OMB and the agency will identify and agree on PortfolioStat action
items (with specific deadlines) which OMB will send to the agency within two weeks of the
completed session. Where appropriate, results from these sessions shall be integrated into
agency budget submissions and Congressional Budget Justifications.
Phase 3: Post-Session. Upon receipt of PortfolioStat action items, agency PortfolioStat leads
shall work with OMB to include updates on the status of these items in the next quarterly
PortfolioStat. Agencies that do not meet a deadline identified in a PortfolioStat action item
shall brief the Federal CIO and the agency head at least once per quarter until the action item
is complete.
Agencies shall describe progress implementing each PortfolioStat action item as a part of
quarterly IDC reporting. At least once per year, agency heads shall review with the agency
CIO and certify that the reported status of each PortfolioStat action item is accurate and send
this certification to OMB.
33
Open data: Unlocking innovation and performance with liquid information (McKinsey & Company, October 2013) available at:
http://www.mckinsey.com/insights/business_technology/open_data_unlocking_innovation_and_performance_with_liquid_information
23
Fiscal Year 2015 PortfolioStat Performance Metrics34
34
These metrics will be available on MAX and any future updates to performance metrics will be published there.
35
Project Open Data Dashboard available at: http://labs.data.gov/dashboard/offices.
36
Protect metrics are each based on a component of the Cybersecurity Cross-Agency Priority Goal described on Performance.gov. Each of these
components is described in detail at: http://www.dhs.gov/xlibrary/assets/nppd/ciofismametricsfinal.pdf. The Cybersecurity CAP goal metrics are
currently being revised for FY 2015 and therefore the performance metrics in this area are subject to change.
37
Memorandum for Chief Information Officers: Security Authorization of Information Systems in Cloud Computing Environments (December 8,
2011).
38
FedRAMP Compliant Systems: https://www.fedramp.gov/marketplace/compliant-systems/.
24
Attachment E: Investment and Portfolio Management Maturity Framework
When conducting TechStat reviews, PortfolioStat reviews, or evaluating investments related to High
Impact Programs, agencies shall use the following framework for describing investment and portfolio
management maturity with OMB. These scores may be compared or aggregated across bureaus,
agencies, or governmentwide to provide a summary of overall IT management maturity. This model may
be updated over time as common root causes of implementation challenges or other common management
issues are identified. More details describing how to evaluate each area as Level 1, Level 2, or Level 3
will be provided as a part of the PortfolioStat process.
MANAGEMENT
LEVEL 1 - REACTING LEVEL 2 - IMPLEMENTING LEVEL 3 - OPTIMIZING
Program/Project
Management
Portfolio
Management
Enterprise
Strategy
Financial
Management
PEOPLE
Leadership
Accountability
Talent/HRM
Customer-
Centric
PROCESS
LEVEL 1 - REACTING LEVEL 2 - IMPLEMENTING LEVEL 3 - OPTIMIZING
Governance
Agile
Transparency
Complexity
25
TECHNOLOGY
LEVEL 1 - REACTING LEVEL 2 - IMPLEMENTING LEVEL 3 - OPTIMIZING
Security
Scalability
Open
Reuse
ACQUISITION
Strategic
Sourcing
Flexibility
Scope
Lock-in
26
Attachment F: Additional Agency Human Capital Plan Requirements
In February 2015, OMB added the following additional requirements for civilian CFO Act agencies to
those established in Acquisition Workforce Development Strategic Plan for Civilian Agencies – FY2010 –
2014.39
If yes, please elaborate. If no, please explain your agency’s plans for developing an IT acquisition
cadre or explain why you are not developing an IT acquisition cadre.
Personnel Development: Has your agency taken steps to develop personnel assigned to IT
acquisitions, including cross-functional training of acquisition IT and program personnel? Select
Yes or No
If yes, please elaborate. If no, please explain if and how your agency plans to develop personnel
assigned to IT acquisitions.
Specialized Career Path for IT Program Managers: Has your agency utilized the specialized
career path for IT program managers as designated by OPM? Select Yes or No
Has your agency strengthened IT program management? Select Yes or No
If yes, how many IT program managers have you designated? If no, does your agency plan to
utilize the specialized career path? When? If your agency has strengthened IT program
management, please explain how it has done so. If your agency has not strengthened IT program
management yet, please explain if it plans to do so and how. If it is not planning to strengthen IT
program management, please explain why.
Direct Hire Authority: Has your agency utilized direct hire authority relating to personnel
assigned to IT acquisitions? Select Yes or No
If yes, how many times and for what job series has your agency utilized direct hire authority in
this area. If no, please explain your agency’s plans to utilize direct hire authority in this area or
explain why it does not plan to use this authority.
Peer Reviews: Has your agency conducted peer reviews of IT acquisitions? Select Yes or No
If yes, please elaborate on the number and types of IT acquisitions reviewed. If no, please explain
your agency’s plans to conduct peer reviews of IT acquisition or explain why it does not plan to
conduct peer reviews of IT acquisitions.
Pilot Programs: Has your agency utilized pilot programs of innovative approaches to developing
the IT acquisition workforce, such as industry-government rotations? Select Yes or No
If yes, please explain what pilot program you have used or are using. If no, please explain your
agency’s plans to utilize pilot programs of innovative approaches to developing the IT acquisition
workforce or why it does not plan to utilize these programs.
39
Available online at: http://www.whitehouse.gov/sites/default/files/omb/assets/procurement_workforce/AWF_Plan_10272009.pdf
27
Attachment G: Related Forthcoming Policies Roadmap
Some requirements and objectives described throughout this document are related to forthcoming new
policies or changes to existing guidance/instructions to be released later in FY2015, such as:
28
Attachment H: Cross-Walk of FITARA Requirements
The materials below summarize which portions of the above guidance address which sections of
FITARA.
Section of Legislation Section of Guidance
1. CIO Authorities
Contract review Section 831: CIO Authority Page 4: Implementation of the Common Baseline
Enhancements Page 12: Attachment A (F1)
Subsection (b)(1)(C)(i)(I)
Reprogramming review Section 831: Page 4 and Page 11 (B1)
Subsection (b)(1)(C)(i)(II)
Adequate incremental Section 831: Page 4 and Page 14 (M1)
development Subsection (b)(1)(B)(ii)
Budget approval Section 831: Page 4 and Page 11 (A1, C1)
Subsection (b)(1)(B)(i)
Bureau CIO approval Section 831: Page 4 and Page 14-15 (N1, O1)
Subsection (b)(2)
Other responsibilities Section 831: Page 4 and Pages 11-17
Subsection (b)(1)(C)(i)(III)
Subsection (b)(1)(A)(i)
Subsection (b)(1)(A)(ii)
2. Transparency
2A Federal IT Dashboard Section 832: Enhanced Transparency and Page 6: Transparency, Risk Management, Portfolio
Improved Risk Management in Review, and Reporting
Information Technology Investments
Subsection (3)(3)(A)
2B Agency IT Dashboard data Section 832: Page 6
Subsection (3)(3)(B)(i)
2B1 CIO Evaluations Guidance from Section 832: Page 6
OMB Subsection (3)(3)(B)(i)
2B2 IT Dashboard Data Must Be Section 832: Page 6
Provided Bi-Annually Subsection (3)(3)(B)(ii)
2B3 Required Agency/Project Data Section 832: Page 6
Improvement Programs Subsection (3)(3)(D)
2C TechStat Trigger Section 832: Page 7
Subsection (4)
2C1 TechStat Topics Section 832: Page 7
Subsection (4)(A)
2C2 OMB TechStat Reporting to Section 832: Page 7
Congress Subsection (4)(B)
2C3 DME Freeze One Year Post Section 832: Page 7
TechStat Subsection (4)(D)
3. Portfolio Reviews
3 PortfolioStat Section 833: Portfolio Review Page 7: Transparency, Risk Management, Portfolio
Subsection (c)(1) Review, and Reporting
3A PortfolioStat Process Section 833: Page 7 and Page 21-24 Attachment D: FY2015
Requirements Subsection (c)(1) PortfolioStat
3B PortfolioStat Metrics, Cost Section 833: Page 7-8 and Attachment D
Savings, and Avoidance Subsection (c)(2)
3C PortfolioStat Annual Review Section 833: Page 8 and Attachment D
Subsection (c)(3)
3E Quarterly Reports Section 833: Page 8 and Attachment D
Subsection (c)(5)
29
4. Data Center Consolidation Section
FDCCI Section 834: Federal Data Center Page 8: Federal Data Center Consolidation
Consolidation Initiative Initiative (FDCCI)
Agency Reporting Section 834(b)(1)(A) Page 8
Agency Annual Inventory Section 834(b)(1)(A)(i) To be addressed in forthcoming guidance and/or
IDC instructions
Agency Annual Strategy Section 834(b)(1)(A)(ii) To be addressed in forthcoming guidance and/or
IDC instructions
Agency Annual Statement Section 834(b)(1)(D) To be addressed in forthcoming guidance and/or
IDC instructions
Agency Quarterly Updates Section 834(b)(1)(E)(i)(II) Page 8
OMB Reporting and Section 834(b)(2) To be addressed in forthcoming guidance and/or
Requirements IDC instructions
GAO Review Section 834(b)(4) Not specified
Cybersecurity and Cloud Section 834(c) Not specified
Computing
30
Attachment I: Summary of Agency Deadlines and Requirements
TechStat (Improved Risk Notify OMB of Planned TechStat At least 2 weeks in advance via
Management) Session email
31
Automatic TechStat sessions for Within 30 days of the
high risk rated investments (three completion of the third month
months) where CIO evaluation is “Red”
(“three months” begins July 1,
2015)
Report TechStat outcomes and Via IDC
outputs
Automatic OMB performance and Completion of four consecutive
budgetary actions quarters where CIO evaluation
is still “Red” following an
automatic TechStat (beginning
July 1, 2015)
PortfolioStat Sessions Quarterly: Within 8 weeks
following the IDC submission
deadline
32
Attachment J: Common Acronyms and Abbreviations
33
PIV Personal Identity Verification
PL Public Law
PMC President's Management Council
PUE Power Usage Effectiveness
SAO Senior Agency Official, as referred to in this guidance, includes positions such as
the CFO, CHCO, CAO, ASAM, COOs, and Program Managers
SES Senior Executive Service
SL Senior Level
ST Scientific or Professional Position
U.S.C. United States Code
US-CERT United States Computer Emergency Readiness Team
USDS United States Digital Service
34