dod it consolidation strategy and roadmap - ver 0 91 25jan11

FOR OFFICIAL USE ONLY Pre-Decisional 1/25/11 15:16

DoD IT Consolidation Strategy and Roadmap

1

Department of Defense (DoD) Information Technology (IT) Consolidation Strategy and Roadmap

Version 0.91 Draft 25 JAN 11

January 2011


DoD IT Consolidation Strategy and Roadmap

Approved By: 2 3

4

5

6

7

Teri M. Takai Date 8

DoD Chief Information Officer 9

10


DoD IT Consolidation Strategy and Roadmap iii

Foreword 11

12

The number of networks the Department of Defense uses to execute its missions has grown 13

exponentially over the last 30 years. Initially purposed to reduce complexity and streamline 14

decision making, the bolt on approach to information technology development has resulted in 15 layers of stove-piped systems that are difficult to integrate and not as effective as needed. The 16

unnecessary complexity of our networks and information technology reduces our ability to 17

secure our information systems, hampers our ability to share information, and needlessly 18

consumes the finite resources available to the Department. This untenable situation requires that 19

we make dramatic changes in how we develop, sustain, and implement information technology 20

across the Department. Together, we modify existing processes to reduce complexity and 21

optimize our networks for the joint environment. Our goals are to dramatically increase our 22

cyber security posture, increase our effectiveness across joint and coalition lines, and reduce the 23

resources our networks consume. 24

25

This document is our strategy and initial roadmap to achieve these goals through consolidation of 26

information technology infrastructure across the Department in order to deliver a streamlined, 27

rationalized, and simpler network. Through this plan, we are committing to a task that requires 28

changes to policies, cultural norms, and organizational processes in order to provide lasting 29

results. We will focus initially on obtaining tangible results in 2011 and 2012 and plan for 30

aggressive consolidation through 2015. By aggressively consolidating now we will be better 31

positioned to embrace emerging technology and provide cutting-edge service to our warfighters. 32

This aggressive consolidation cannot, however, come at the price of degraded capabilities for the 33

warfighter or inflexible commitment to a given technological solution. Accordingly, this 34

strategy and roadmap is intended to provide the Department with sufficient flexibility to respond 35

to and incorporate emerging technology and to identify and take appropriate actions for those 36

efforts that are not producing. 37

38

Our focus remains, as it always has been and always will be, to enhance our ability to execute 39

our primary mission: provide the military forces needed to deter war and to protect the security 40

of our country. This effort will be a collaborative undertaking in which I will work side-by-side 41

with the Departments Component CIOs or equivalent information technology leads to plan and 42 execute this roadmap and to strengthen the partnerships between the DoD CIOs office and the 43 offices of Under Secretary of Defense for Acquisition, Technology & Logistics (USD(AT&L)), 44

Director for Cost Assessment and Program Evaluation (D, CAPE), Under Secretary of Defense 45

Comptroller (USD(C)) and Deputy Chief Management Officer (DCMO) to affect long term 46

change. I look forward to leading the Department through this consolidation effort and delivering 47

a better DoD Enterprise in the immediate future. 48

49

//signed// 50

Teri M. Takai 51

DoD Chief Information Officer 52


DoD IT Consolidation Strategy and Roadmap iv

Executive Summary 53

Historically, DoDs information technology (IT) investments have been built to meet the needs 54 of individual projects, programs, organizations and facilities. This decentralized approach has 55

resulted in large cumulative costs and a patchwork of capabilities that create cyber vulnerabilities 56

and limit our ability to capitalize on the promise of information technology. 57

In August 2010, the Secretary of Defense 58

directed the consolidation of IT 59

infrastructure to achieve savings in 60

acquisition, sustainment, and manpower 61

costs and to improve DoDs ability to 62 execute its missions while defending its 63

networks against growing cyber threats. 64

Specific direction was received to 65

consolidate IT infrastructure to optimize for 66

the Joint environment and to pursue 67

consolidation in a way that does not preclude 68

future consolidation of IT infrastructure at 69

the DoD enterprise level. 70

During 1st quarter FY11, over 240 71

representatives from Office of the Secretary 72

of Defense (OSD), the Military Departments, 73

Defense Information Systems Agency 74

(DISA), National Security Agency (NSA) 75

and United States Cyber Command 76

(USCYBERCOM) analyzed opportunities to 77

consolidate DoD IT infrastructure through 78

specific initiatives in five functional areas -- 79

Network Services, Computing Services, 80

Application & Data Services, End-User 81

Services, and IT Business Processes. 82

Detailed descriptions, initial implementation 83

timelines, and rough order of magnitude 84

(ROM) estimates of required investments 85

and potential savings were developed for 86

twenty-six initiatives. Each initiative contributes to one or more of the IT Consolidation goals 87 increase mission effectiveness, improve cyber security, and deliver efficiencies. 88

Preliminary estimates are that this initial set of initiatives will deliver efficiencies of $1.2B - 89

$2.2B annually by FY15 and $3.2B - $5.2B over the Future Years Defense Plan (FYDP). This 90

effort has already resulted in a direct budget reduction of $1.7B across the FYDP in the FY12 91

DoD submission to the Presidents Budget through specific IT consolidation actions by the Air 92 Force ($1.2B) and the Army ($500M). 93

The DoD CIO Executive Board (CIO EB) is the Department's senior functional oversight body 94

for IT infrastructure and will be the focal point for IT consolidation governance. Component 95

progress against their IT consolidation performance measures will be reported through the CIO 96


DoD IT Consolidation Strategy and Roadmap v

EB to the Deputys Advisory Working Group (DAWG) and the Defense Business Systems 97 Management Committee (DBSMC) (as appropriate). 98

Specific changes to the Departments three core processes (Joint Capabilities Integration 99 Development System (JCIDS), Planning, Programming, Budgeting and Execution (PPBE), and 100

Defense Acquisition System (DAS)) are required to address the systemic conditions resulting in 101

DoDs stove-piped IT infrastructure. The DoD CIO will work with the core process owners to 102 implement the required changes. These efforts will be synchronized with the parallel DoD 103

activities underway to reform DoD IT acquisition. 104

Effective communication is critical to building DoD-wide commitment required to optimize 105

DoD IT infrastructure for the joint environment. This document is the initial communication of 106

the Secretarys intent and will be followed by communications that detailing associated policy, 107 performance measures, architectures and standards. 108


DoD IT Consolidation Strategy and Roadmap vi

Table of Contents 109

1 Introduction ................................................................................................................... 1-1 110

2 Background ................................................................................................................... 2-1 111

3 IT Consolidation Strategy ............................................................................................ 3-3 112

3.1 IT Consolidation Goals ........................................................................................... 3-3 113

3.1.1 Improve Mission Effectiveness ......................................................................... 3-4 114

3.1.2 Improve Cyber Security .................................................................................... 3-5 115

3.1.3 Deliver Efficiencies ........................................................................................... 3-5 116

3.2 Governance .............................................................................................................. 3-6 117

3.3 Management Approach ........................................................................................... 3-7 118

3.4 Performance Metrics ............................................................................................... 3-7 119

3.5 Communication Plan ............................................................................................... 3-8 120

4 IT Consolidation Roadmap .......................................................................................... 4-9 121

4.1 IT Consolidation Initiatives ................................................................................... 4-11 122

4.1.1 Network Services (NS) .................................................................................... 4-12 123

4.1.2 Computing Services (CS) ................................................................................ 4-13 124

4.1.3 End-User Services (EUS) ................................................................................ 4-14 125

4.1.4 Application and Data Services (ADS) ............................................................. 4-16 126

4.1.5 IT Business Processes (BP) ............................................................................. 4-18 127

5 Estimated Efficiencies ................................................................................................. 5-18 128

6 Sustaining Processes ................................................................................................... 6-19 129

6.1 IT Governance ....................................................................................................... 6-20 130

6.2 Certification and Accreditation ............................................................................. 6-20 131

6.3 Joint Capabilities Integration Development System (JCIDS) ............................... 6-20 132

6.4 Planning, Programming, Budgeting and Execution (PPBE) ................................. 6-21 133

6.5 Defense Acquisition System (DAS) ...................................................................... 6-23 134

Appendix A Network Services Initiatives ......................................................................... A-1 135

NS1 Consolidate Security Infrastructure ...................................................................... A-1 136

NS2 Consolidate NetOps Centers ................................................................................. A-1 137

NS3 Implement Cross Domain Solution as an Enterprise Service ............................... A-1 138

NS4 Implement Standard Certification and Accreditation Process .............................. A-1 139

NS5 Extend Joint Networks Over SATCOM ............................................................... A-1 140

NS6 Implement Video over IP as an Enterprise Service .............................................. A-2 141

NS7 Implement Voice over IP as an Enterprise Service .............................................. A-2 142


DoD IT Consolidation Strategy and Roadmap vii

NS8 Transport - Joint Enterprise Network (JEN) ......................................................... A-2 143

NS9 Enterprise Network Infrastructure Reliability ...................................................... A-2 144

NS10 Defense Red Switch Network (DRSN) Rationalization ..................................... A-3 145

Appendix B Computing Services Initiatives .................................................................... B-4 146

CS1 Data Center and Server Consolidation .................................................................. B-4 147

CS2 Computing Infrastructure and Services Optimization .......................................... B-4 148

CS3 Cloud Computing .................................................................................................. B-4 149

CS4 Service Desk Consolidation and Optimization ..................................................... B-4 150

Appendix C Application and Data Services Initiatives ................................................... C-6 151

ADS1 Enterprise Messaging & Collaboration Services (including Email) .................. C-6 152

ADS2 Identity and Access Management Services........................................................ C-6 153

ADS3 Enterprise Services............................................................................................. C-6 154

ADS4 Records Management ......................................................................................... C-6 155

Appendix D End User Computing Services Initiatives ................................................... D-8 156

EUS1 Next Generation End-User Devices ................................................................... D-8 157

EUS2 Multi-Level Security Domain Thin-Client Solutions ......................................... D-8 158

EUS3 Interoperability Within DoD and Between Mission Partners ............................ D-8 159

Appendix E IT Business Process Initiatives ..................................................................... E-9 160

BP1 Consolidate Software Purchasing ......................................................................... E-9 161

BP2 Consolidate Hardware Purchasing ........................................................................ E-9 162

BP3 Optimize IT Services Purchasing .......................................................................... E-9 163

BP4 Common Business Process Foundation ................................................................ E-9 164

BP5 Promote and Adopt Green IT .......................................................................... E-10 165

Appendix F Acronym List ................................................................................................. F-2 166

167


DoD IT Consolidation Strategy and Roadmap viii

List of Figures 168

Figure 2-1 DoD IT Infrastructure Characteristics ....................................................................... 2-2 169

Figure 3-1 IT Infrastructure Consolidation Goals ...................................................................... 3-3 170 Figure 3-2 DoD IT Consolidation Governance Framework ....................................................... 3-7 171 Figure 3-3 Building Commitment ............................................................................................... 3-8 172 Figure 4-1 IT Consolidation Initiatives..................................................................................... 4-10 173 Figure 4-2 IT Consolidation Initiatives..................................................................................... 4-11 174

Figure 4-3 DoD Data Center Consolidation Approach............................................................. 4-14 175 Figure 4-4 Notional Multi-Level Secure Desktop Environment .............................................. 4-16 176 Figure 5-1 IT Consolidation Efficiencies ................................................................................. 5-19 177

178

179


DoD IT Consolidation Strategy and Roadmap ix

This page intentionally left blank. 180

181

182


DoD IT Consolidation Strategy and Roadmap 2-1

1 Introduction 183 In August 2010, the Secretary of Defense (SecDef) announced a Department-wide Efficiencies 184

Initiative to move Americas defense institutions towards a more efficient, effective, and cost-185 conscious way of doing business.1 DoD Components were directed to conduct a zero-based 186 review of how they carry out their missions and priorities and to rebalance resources to better 187 align with DoDs most critical challenges and priorities. As part of the announcement, the 188 SecDef directed the consolidation of IT infrastructure assets to achieve savings in acquisition, 189

sustainment, and manpower costs and to improve DoDs ability to execute its missions while 190 defending its networks against growing cyber threats. 191

In response, the DoD established an IT Consolidation Task Force to analyze alternative courses 192

of action (COAs) and recommend specific IT infrastructure consolidation initiatives. Three 193

COAs were developed: 194

COA 1 Consolidate IT infrastructure at the DoD Component level; 195 COA 2 Consolidate IT infrastructure to optimize the Joint environment; and, 196 COA 3 Consolidate IT infrastructure at the DoD enterprise level. 197

A November 2010 in-process review resulted in SecDef direction to consolidate IT assets to 198

optimize the Joint environment (COA 2) and to pursue the consolidation in a way that does not 199

preclude future consolidation at the DoD enterprise level (COA 3). To optimize for the joint 200 environment is to create a seamless DoD Enterprise Information Environment (EIE), which will 201 support cross-organizational, geographically dispersed users through the delivery of IT 202

infrastructure capabilities. The EIE is composed of Global Information Grid (GIG) assets that 203

operate as, provide transport for, or assure networks at all levels. The EIE Mission Area 204

(EIEMA) is the DoD IT portfolio that manages investments in the information sharing, 205

computing, and communications environment of the GIG. The EIE includes computing 206

infrastructures and common enterprise services that provide users with the ability to access and 207

use information on the GIG. The consolidation of IT infrastructure described in this plan will 208

replace Service and installation-specific IT infrastructure capabilities and processes with the 209

intention of optimizing the DoDs IT infrastructure, increasing mission effectiveness, and 210 improving cyber security, and reducing cost in accordance with SecDef direction. 211

212

2 Background 213 The DoD is an immense and complex organization. It has more than 1.4 million men and 214

women serving on active duty, employs 750,000 civilian personnel, and counts another 215

approximately 1.1 million in the National Guard and Reserve, making it the nations largest 216 employer. Additionally, more than 5.5 million family members and military retirees receive 217

benefits as a result of their past service or their relation to a service member. Supporting the 218

diverse IT needs of this population is a tremendous challenge that involves over 15,000 classified 219

and unclassified networks, more than seven million computers and IT devices, and a 170,000-220

person information technology workforce. 221

222

1 Gates, Robert M., (2010). Statement on Department Efficiencies Initiative. Accessed from:

http://www.defense.gov/speeches/speech.aspx?speechid=1496



223 Figure 2-1 DoD IT Infrastructure Characteristics 224

225

The DoD depends on timely, accurate and focused information at every echelon: the full range of 226

military operations (ROMO), Joint Operations Concepts (JOpsC), Joint Integrating Concepts 227

(JICs) and Joint Functional Concepts (JFCs).2 Achieving and maintaining the information 228

advantage as a critical element of national power requires the concentrated effort of the entire 229

DoD to provide an information environment optimized for the warfighter and effective for all 230

echelons from the tactical edge to the strategic core. Unfortunately, the way our networks are 231

developed, funded, and implemented fosters unnecessary complexity and redundancy. As a 232

result of this decentralized approach and lack of governance and oversight, the Department's IT 233

infrastructure delivers a patchwork of capabilities that create cyber vulnerabilities, impede Joint 234

operations, result in large cumulative costs, and limit our ability to capitalize on the promise of 235

information technology. 236

In addition to enhancing our defense networks in order to better support the information needs of 237

the Department, this strategy and roadmap also focuses on better support for and interoperability 238

with our mission partners. The global reach of the United States and its position of prominence 239

in global affairs dictate that the Department does not operate in a vacuum. As a result, we ensure 240

success by operating in conjunction with domestic agencies and federal departments, armed 241

forces and governments of foreign countries, and international non-governmental agencies. 242

Regardless of the spectrum in which the DoD is operating, from disaster relief to full kinetic 243

warfare, the information environment must support collaboration and information sharing in 244

order to be effective. 245

246

2 Joint Staff J7. (2010). J7 Joint Force Development and Integration Division (JFDID). Accessed from:

http://www.dtic.mil/futurejointwarfare/index.html

Area of Support

IT Systems

$ 37 billion

$10 billion in Infrastructure

1.4 million active duty

750,000 civilian personnel

1.1 million National Guard and Reserve

5.5+ million family members

and military retirees

10,000+ Operational systems (20% mission critical)

772+ Data Centers 67,246 Servers 7+ million computers and IT

devices

146 + countries 6,000 + locations 600,000 + buildings and

structures

DoD IT User Base

Total IT Budget



3 IT Consolidation Strategy 247 An effective military strategy can be expressed as Strategy = Ends + Ways + Means 3 where 248 Ends refers to the end state objectives or goals; Ways are the actions required to get to the 249 end state; and, Means" are the resources needed to execute the actions. The "ends" of the DoD's 250 IT Consolidation Strategy are detailed in Section 3.1. Sections 3.2 through 3.5 describe the 251

ways and means that are necessary to achieve the goals. 252

3.1 IT Consolidation Goals 253

The DoD IT Consolidation Goals are focused on improving network security, operational 254

effectiveness, and fiscal efficiency. Figure 3-1 depicts the key benefits and relationships of these 255

goals and illustrates the realm in which the IT Consolidation Strategy seeks to coordinate the 256

execution of DoD IT in order to obtain the best results for the warfighter and the Department as a 257

whole. 258

259

260 Figure 3-1 IT Infrastructure Consolidation Goals 261

262

The result of these consolidation initiatives will be a DoD Information Environment which is 263

able to provide the warfighter with the required information and services in a seamless manner. 264

This standardized network infrastructure will eliminate the organizational barriers to information 265

sharing and, as a result of this standardization, eliminate seams which attackers can exploit to 266

3 Arthur F. Lykke Jr., ed., (1998). Military Strategy: Theory and Application. Carlisle, Pa: U.S. Army War College,

Efficiency

Reduce duplication

in the DoD IT

Inf rastructure, and

deliver signif icant

ef f iciencies across

the Department

Effectiveness

Improve mission

ef fectiveness and

combat power

throughout the

Department

Key Benefits

Unity of command Consistent and

improved user

experience Rapidly deliver new

business and mission

capabilities

Increase interoperability with in-place systems

Global access to needed information

Improve availability and reliability

Cyber

Security

Improve the

security of DoD

networks and

information f rom all

threats

Key Benefits

Unity of effort Do more with less Reduce acquisition,

procurement and sustainment cost

Improve IT cost awareness

Eliminate redundant effort and cost

Key Benefits

Unify command and control of critical networks

Detect and eliminate malicious activity

Validate access to information based on enterprise identity

and user attributes



gain access to vital information or systems. The consolidation and standardization outlined in 267

this document will also improve the flexibility of defense networks by minimizing the 268

organizational and technological changes needed in order to incorporate or respond to changes in 269

emerging technology. 270

3.1.1 Improve Mission Effectiveness 271

The National Defense Strategy of June 2008 highlights the importance of information sharing to 272

national security.4 The strategy notes that providing secure, assured, and reliable information 273

requires not only technological changes, but also changes that break down the cultural barriers 274

impeding progress. Nowhere is this cultural challenge more evident that in our current approach 275

to IT infrastructure provisioning. 276

In todays environment, the Combatant Commands (COCOMs) are provided with Service-277 centric IT networks and IT services focused on Military Service-unique domains that are not 278

integrated into a single information environment. This Service-centric approach extends beyond 279

networks to identity and access management approaches, data centers, mission and business 280

applications, commercial off-the-shelf (COTS) hardware and software, and IT procurement 281

practices. The result is an IT infrastructure that does not effectively support the Joint warfighting 282

environment. 283

The shortcomings of the Department's IT infrastructure in supporting the joint warfighter are 284

well documented. In June 2009, the Joint Requirements Oversight Council (JROC) approved the 285

Global Information Grid 2.0 (GIG 2.0) Initial Capabilities Document (ICD). 5 The GIG 2.0 286

ICDs accompanying GIG 2.0 Concept of Operations (CONOPS) outlines a future of "a single 287 information environment with common standards and centralized governance providing the 288

information advantage to our warfighting commanders."6 The GIG 2.0 concept transforms the 289

current understanding of the GIG from a coalition of departments and agencies with their own 290

set of systems, processes, governance and controls to a more seamless, unified and integrated 291

net-centric environment. 292

An initial assessment by the Joint Staff indicates that the IT consolidation initiatives described in 293

this document address twenty-four of the sixty-six GIG 2.0 ICD capability gaps with an 294

emphasis on joint infrastructure and enterprise services. Many of the remaining GIG 2.0 295

capability gaps are currently being addressed by non-material (i.e. policy and doctrine) activities. 296

These documents and studies serve as the foundation upon which the Department can develop 297

the capabilities to: 298

Provide timely, secure, and required information from a seamless information 299 environment with a focus from the warfighter at the edge back to the core IT 300

infrastructure 301

Provide a unified network environment that simplifies the synchronization and 302 integration of intelligence collection, processing, exploitation, analysis, and 303

dissemination to meet the information requirements of military decision-makers 304

Optimize network capabilities for the joint force that scale from tactical to strategic levels 305

4 Department of Defense. (2008). National Defense Strategy. Accessed from

http://www.defense.gov/news/2008%20national%20defense%20strategy.pdf 5 Joint Staff J6. (2009). Global Information Grid 2.0 Initial Capabilities Document, JROCM 095-09

6 Joint Staff J6. (2009). The Global Information Grid 2.0 Concept of Operations Version 1.1



Improve communication and understanding through information sharing with mission 306 partners 307

Improve situational awareness and force protection by providing reliable and timely 308 access to required information 309

DoDs IT infrastructure must be simplified as an integrated and interoperable resource that 310 quickly delivers the right information at the right time to the right place anywhere in the world. 311

3.1.2 Improve Cyber Security 312

Another key focus of the DoD IT Consolidation initiative is to enhance DoDs ability to counter 313 cyber security threats. DoD networks are under constant attack from cyber security threats 314

launched from the Internet or from malicious software that makes its way inside our networks 315

through email attachments, removable media, or embedded in the hardware we procure. Every 316

device connected to our networks is susceptible to cyber vulnerabilities. In addition to these 317

threats, we must also be prepared for malicious actors operating from inside our organization. 318

At the root of DoDs cyber security challenge is the size and complexity (configuration variance) 319 of our legacy network infrastructure and software systems. As information needs grew, new 320

systems many with their own dedicated networks were added to support DoD missions. 321 Virtual networks were layered on top of physical networks and independent access control 322

approaches were developed as organizations worked to protect their systems and networks. This 323

has led to a DoD information environment where systems, networks, and standards are deployed 324

in a patchwork manner and the security of the entire enterprise is susceptible to exploitation of 325

the weakest are of protection. 326

Specific IT Consolidation initiatives will be undertaken to: 327

Improve cyber security situational awareness and command and control 328

Establish processes for granting accesses to networks and systems access using 329 validated cryptographic identity credentials 330

Detect anomalous behavior inside our networks (e.g., malicious software, 331 unauthorized data movement) 332

Manage configurations and automate compliance monitoring and enforcement 333

Reduce or eliminate the need to manually download information onto removable 334 media to move it to another security domain 335

Streamline certification and accreditation 336

3.1.3 Deliver Efficiencies 337

The DoD spends more on IT annually than any other department or agency, accounting for 338

almost half of the $78 billion government-wide IT budget in Fiscal Year (FY) 10. The FY 10 IT 339

DoD budget was over $37 billion and included over 5800 separate funding lines.7 More than $10 340

billion annually is spent developing and sustaining IT infrastructure capabilities (e.g., data 341

centers, networks, software applications, desktops and mobile devices). 342

The DoD has an obligation to ensure that IT services are delivered in the most cost effective and 343

efficient manner possible. Private sector and state governments have demonstrated that 344

7 Department of Defense. (2009). National Defense Budget Estimates for FY 2010. Accessed from:

http://comptroller.defense.gov/defbudget/fy2010/Green_Book_Final.pdf



leveraging shared services and consolidating IT and telecommunications equipment, resources 345

and investments can achieve greater efficiency, cost-effectiveness, and environmental 346

sustainability in IT and telecommunications operations. DoDs IT Consolidation activities will 347 optimize DoD investments in IT infrastructure while also increasing mission effectiveness and 348

improving cyber security. Specific initiatives will: 349

Reduce duplication and eliminate redundancy through deployment of a coherent 350 architecture to integrate / reduce networks, applications, data centers 351

Lower procurement and sustainment costs 352

Leverage economies of scale to increase buying power 353

Reduce energy use 354

3.2 Governance 355

An effective DoD CIO governance structure begins with strong CIO-driven leadership to 356

establish direction and hold the Departments IT organizations accountable. In today's complex 357 DoD IT environment, leadership must provide effective governance to manage technology in 358

support of business needs and mission effectiveness. This governance includes the structures 359

and processes for setting direction, establishing standards, and prioritizing IT investments. 360

Through proper governance, the DoD is able to leverage a framework for accountability in 361

enforcing compliance with decisions about technology use and procurement. 362

The DoD CIO has primary responsibility for the development and enforcement of the 363

Departments overall IT policy, architecture and standards; Component CIOs are accountable for 364 implementing and complying with DoD CIO direction. The DoD CIO will leverage the DoD 365

CIO Executive Board and its reporting relationship to the DAWG (and the Defense Business 366

Systems Management Committee (DBSMC) as appropriate) as the focal point for DoD IT 367

Consolidation. This board will serve as the Department's single, senior governance forum in 368

which IT Consolidation matters are reviewed and approved or disapproved. Components will 369

submit their aligned IT Consolidation implementation plans to this forum and progress will be 370

tracked, consolidated, and briefed to the DAWG through this forum. The necessary subordinate 371

groups needed to produce policy, standards, architecture, and guidance will be formed under the 372

direction of this board. 373

374

Figure 3-2 shows the tiered structure that IT Consolidation governance will follow. 375

376



377

378

Figure 3-2 DoD IT Consolidation Governance Framework 379

3.3 Management Approach 380

The DoD will employ a tiered accountability/ modest federation approach to IT Consolidation. 381 Under this approach, responsibility and accountability for implementing IT Consolidation 382

initiatives are assigned to different levels in the organization. For example, the DoD CIO is 383

responsible for developing the enterprise IT policy and architectures (i.e., DoD-wide policies, 384

capabilities, standards, reference architectures and rules) and the associated enterprise IT 385

Consolidation Strategy and Roadmap. Each component is responsible for producing a 386

component-level architecture and IT Consolidation plan associated with its own tiers of 387

responsibility in a manner that is aligned with (i.e., does not violate) the enterprise IT policies 388

and architecture. Similarly, program managers are responsible for developing program-level 389

architectures and consolidation plans and for ensuring alignment with the architectures and plans 390

above them. This structure will allow for flexibility while also ensuring linkages and alignment 391

from the program level through the component level to the enterprise level. 392

3.4 Performance Metrics 393

Component progress against IT Consolidation objectives will be measured against the key 394

drivers that impact mission effectiveness, cyber security, and efficiency. Initial measures will 395

focus on: 396

The number of data centers and servers 397

The number of physical and logical networks 398



Number of duplicative applications 399

The percent of mission critical applications using the enterprise attribute-based access 400 control capability 401

The dollar value flowing through designated DoD-wide COTS hardware (HW)/ software 402 (SW) procurement mechanisms 403

Focusing metrics on the key drivers will illuminate lower-level implementation issues without 404

placing undue reporting burdens on the Components. 405

406

3.5 Communication Plan 407

An effective communication plan is critical to building DoD-wide commitment to the IT 408

Consolidation Initiative. With that aim in mind, the communications strategy is targeted at 409

moving staff along the commitment curve depicted in Figure 3-3 below.8 410

411

Figure 3-3 Building Commitment 412

413

In addition to the framework provided by the commitment curve, the communications strategy 414

will be constructed using the following guiding principles: 415

8 Adapted from the Commonwealth of Massachusetts IT Consolidation Communications Plan. See

http://go.usa.gov/Yat



1. Recruit leaders (e.g., COCOM Commanders, Military Department CIOs, Agency CIOs) 416 and utilize existing working groups (e.g., DAWG, DBSMC, CIO Executive Board) to 417

serve as communications champions 418

2. Distribute communications in a tiered fashion i.e. a message is created centrally and 419 passed down in a consistent manner through each level of leadership to build message 420 consistency and allow for delivery from the appropriate leader for each stakeholder group 421

3. Provide timely updates that are appropriately scoped for each stakeholder group 422 throughout the entire consolidation process 423

4. Incorporate a two-way communication process, providing stakeholders with mechanisms 424 to ask questions, offer feedback, and raise issues 425

5. Establish a procedure for addressing raised issues and communicating results with 426 stakeholders in a timely fashion 427

6. Target messages at stakeholder needs and concerns 428 7. Conduct the planning, budgeting, and governance in a transparent way that ensures a 429

balanced and non-duplicative set of IT capabilities are provided by a set of Component 430

implementation plans 431

The expected benefits of the strategy include consistent messaging throughout the process, well- 432

informed stakeholders, and coordinated efforts across the Department. 433

434

4 IT Consolidation Roadmap 435 In accordance with the SecDefs direction to consolidate DoD IT infrastructure, the DoD CIO 436 established working groups to identify specific initiatives that align to the IT Consolidation goals 437

of increasing mission effectiveness, improving cyber security, and delivering efficiencies. Over 438

240 representatives from Office of the Secretary of Defense (OSD), the Military Departments, 439

DISA, NSA, and USCYBERCOM identified a set of initiatives that map to the IT Consolidation 440

goals as shown in Figure 4-1. The initiatives are grouped in the following functional areas: 441

Network Services (NS): The services (including hardware, software and labor) that provide the 442

telecommunications (i.e. voice, video, and data transport), including inter-installation (long haul) 443

networks, installation campus area networks, network management and information assurance 444

services 445

Computing Services (CS): The services that provide the ability to process, store and access 446

information, including data centers and the server, storage and other hardware inside of them 447

Application and Data Services (ADS): The common shared applications, services, and 448

processes. 449

End-User Services (EUS): The specific subset of computing services which enable end-users to 450

access information applications and services locally and via the network 451

IT Business Processes (BP): The business processes used to procure the hardware, software and 452

services needed to operate and maintain DoD IT 453

Detailed descriptions, initial implementation timelines, and rough order of magnitude (ROM) 454

estimates of required investments and potential savings have been developed for each initiative. 455

Technical and cultural risks were assessed on a scale of high, medium, and low. 456

The following sections describe the technical approach to consolidation for each functional area. 457

Brief descriptions of each initiative are provided in Appendix A through Appendix E. 458



459

Figure 4-1 IT Consolidation Initiatives 460

461



4.1 IT Consolidation Initiatives 462

The implementation timeline for the IT Consolidation Roadmap is represented in Figure 4-2. 463

The timeline represents each of the five functional areas and the key initiatives that the 464

Department will focus its efforts on over the next two-year period. A key concept which carries 465

throughout the timeline is the establishment of the enterprise approach followed by the 466

submission of Component plans detailing their transition to alignment with the enterprise 467

approach. The timeline follows this model for each initiative by establishing working groups, 468

reporting to the DoD CIO Executive Board, which are comprised of the appropriate Component 469

representatives. These representatives will be empowered to make decisions and bring the 470

expertise needed to implement solutions. 471

472

Figure 4-2 IT Consolidation Initiatives 473



For each initiative we will first complete the Business Case Analysis reports necessary for the 474

further development of the enterprise architecture and standards. Upon finalization of the 475

enterprise architecture and standards, Components will develop implementation plans that align 476

to these enterprise architectures. Once the Component plans have been coordinated and 477

approved, all stakeholders will move out quickly to implement solutions in each area. As an 478

example, the Computing Services Consolidating Data Centers and Servers initiative will first 479 need to complete a Business Case Analysis study for the use of Enterprise, Area, Regional and 480

Installation data centers. The data and findings of the Business Case Analysis will be used to 481

establish the data center standards and criteria needed by the Components to determine which 482

location and type of facility they should incorporate into their planning. The DoD CIO 483

Executive Board will review, coordinate, and approve each Component implementation plan and 484

then track progress over the implementation period. 485

4.1.1 Network Services (NS) 486

Today, thousands of individual programs, including formal programs of records and informal 487

projects, maintain private network enclaves. Each of these individual networks has separate 488 support staff including network operators, administrators, and information assurance personnel. 489

In addition, each of these individual networks maintains a security stack which is often unique 490 to that program. Some of these individual networks operate connections to other DoD, federal, 491

state, or local networks and, sometimes, even to the public Internet. 492

The direct and indirect cost of all the hardware, software, and labor required to operate and 493

maintain these individual program, organization and installation networks is substantial. These 494

individual networks significantly detract from or completely negate our ability to securely share 495

information across the enterprise and/or execute effective command and control of DoD 496

networks. As a result, the effectiveness, agility, and security of geographic COCOM and CJTF 497

commanders' networks are significantly degraded. 498

The three military departments (MilDeps) have already begun taking actions to consolidate their 499

networks, but these efforts need to be both accelerated and synchronized to ensure maximum 500

effectiveness, cyber security, and efficiency are achieved at the enterprise level. 501

The DoD approach to eliminating unnecessary costs and improving the capabilities of our 502

networks as noted above is to: 503

1. Consolidate all network services on each DOD installation so that there is a single 504 installation campus area network per installation maintained by a single, installation 505

network service provider 506

2. Accelerate consolidation of internal networks by eliminating individual networks 507 currently maintained by programs, organizations and local facility managers 508

3. Replace program, organization, and installation level security services and infrastructure 509 with a suite of enterprise level security services operated jointly by the MilDeps, DISA 510

and USCYBERCOM, including separate PKI-enabled, attribute-based access control 511

services for both devices and people 512

4. Strictly enforce compliance with all DoD enterprise level guidance for information 513 assurance and network security 514



4.1.2 Computing Services (CS) 515

Recent advances in computing technologies and the Internet have sparked a revolution in the 516

provisioning of computing resources through the ready access of computing as an on-demand 517

service. This enables shared and distributed computing approaches that can accelerate DoDs 518 efforts to achieve net-centric operations by ensuring that warfighters receive the right 519

information and applications from trusted and accurate sources, when and where they are 520

needed. DoD recognizes that leveraging these advances will result in an enhancement of 521

command and control and combat support capabilities for warfighters and decision makers, 522

thereby increasing operational effectiveness. DoDs future computing environment will securely 523 leverage and share the full-range of available physical and virtual computing resources in a rapid 524

and demand-based manner across the complete spectrum of strategic, operational, and tactical 525

missions. 526

Unfortunately, the current state of IT procurements, coupled with the relatively low cost of IT 527

hardware allows a multitude of entities within the DoD to purchase and operate their own 528

computing infrastructure. As a result, the DoD information environment is susceptible to the 529

exploitation of these myriad of devices, systems, and standards by malicious actors intent on 530

causing harm to our national interests. Accordingly, the Department will pursue consolidation of 531

computing services with four major efforts during the next 24 months: 532

1. Merge and Eliminate Fourth Estate IT Infrastructures and Service Providers taking 533 advantage of the economies of scale that can be obtained by either aggregating multiple 534

fourth estate organizations or having them use computing services provided by one of the 535

military departments 536

2. Centrally manage and restrict the diversity of server (development and operational) 537 platforms used throughout the Department, and, require all purchases of commodity 538 hardware such as servers, server operating systems and storage area networks to be done 539

through a limited number of consolidated contracts that leverage economies of scale to 540

lower total costs to the enterprise 541

3. Consolidate DOD Data Centers in accordance with the DOD Data Center Consolidation 542 Plan submitted to OMB, the IT Optimization Reference Architecture and Theater level 543

Synchronization Plans, specifically eliminating program, organization and installation 544

level data centers (More detail about data centers is provided below) 545

4. Aggregate computing services and consolidate infrastructure requirements to gain the 546 economic efficiencies of scale whenever practical, such as consolidating regional LMR 547

infrastructure or contracts for office printer maintenance and ink cartridges 548

549

DoD will also move aggressively to decrease its total number of data centers consistent with the 550

DoD Data Center Consolidation Plan, IT Infrastructure Optimization Reference Architecture, 551

and Theater Synchronization Plans. This consolidation will result in a hierarchy of DoD data 552

centers based on functionality, purpose, and efficiency. Current DoD plans will result in: 553

32% reduction in data centers 554 30% reduction in racks 555 25% reduction in servers 556

DoD plans to further reduce data centers to 442 by FY15 (42% reduction from FY10) as directed 557

in the FY12 Office of Management and Budget (OMB) Budget Passback . 558



The objective is to consolidate computing services into one of three computing center facilities: 559

(1) Enterprise Computing Centers (ECC); (2) Area/Regional Processing Centers (A/RPC); or, (3) 560

Installation Processing Centers (IPC) as shown in Figure 4-3. 561

Enterprise Data Center (EDC): EDCs are designated by the DoD CIO and may be owned and 562

operated by either the Defense Information Systems Agency (DISA) or a Service. EDCs comply 563

with enterprise level standards and host applications from any DoD component based on agreed 564

upon service level agreements. EDCs are the preferred and default location for all DOD servers. 565

Area/Regional Processing Centers (A/RPC): A/RPCs are very similar to EDC in terms of 566

ownership and operation. A/RPCs are designated by the DoD CIO in collaboration with 567

geographic COCOMs to host systems which must have either a primary or back-up instantiation 568

in a particular region for technical, operational, or financial reasons. 569

Installation Processing Center (IPC): Each DoD installation may have a single IPC of the 570

minimum size necessary to host only those systems that require local instantiation for operational 571

or technical reasons. These processing centers will be allowed only by exception obtained 572

through a waiver process which includes validation from the DoD CIO. 573

Components will develop plans to relocate existing computing center facilities into one of the 574

three types of facilities described above. 575

576

Figure 4-3 DoD Data Center Consolidation Approach 577

578

4.1.3 End-User Services (EUS) 579

End user services initiatives are focused on improving mission effectiveness and reducing costs 580

by taking advantage of rapid changes and advances in the types of devices used to access 581

information and applications as well as in the operating systems upon which those systems are 582



built. These initiatives aim to eliminate the costs of maintaining traditional workstations and the 583

installation campus area networks and infrastructure upon which they depend, while significantly 584

increasing end-user mobility and capability. 585

The consolidation efforts will create a network infrastructure that is secure, resilient, rapidly 586

restorable, and capable of supporting multiple missions by providing the user with the mission 587

data, interoperability, and services necessary to operate in an increasingly mobile operating 588

environment. Next generation end-user devices will utilize standardized network, data, and 589

application services to maximize cost savings, flexibility, and defensibility. Centrally managed 590

diversity allows for a myriad of interoperable devices optimized for a variety of missions and 591

needs. The desired end state is for the Department to enjoy end-user devices that have a 592

minimized attack surface area, enable robust network protection, and are rapidly restorable to a 593

known good-state supporting resilience, constant continuity of operations (COOP) 594 capabilities, and user credential protection. 595

These initiatives set the stage for DoD to take advantage of recent and future technical changes 596

and advances in the types of devices people use to access their information (i.e. smart phones, 597

diskless nodes and tablets). To enable the Department to take advantage of next generation 598

devices, the DoD will move immediately to consolidate this emerging end-user infrastructure 599

and make it joint from birth by taking the following actions: 600

1. Centrally coordinate all next-generation device pilots, tests, and other initial 601 implementations to reduce unnecessarily redundant testing and expenses 602

2. The testing, certification, and procurement of next-generation devices will be 603 consolidated at the enterprise level to enable test once, use everywhere and gain the 604 economies of scale associated with aggregated enterprise-level purchasing 605

3. Centrally manage all next-generation device configurations and consolidate all next-606 generation hardware and software purchases to both take advantage of economies of scale 607

and promote software and system re-use 608

4. Establish a limited number of standard DoD development platforms and repositories to 609 save testing and certification costs through a test once, use every where process 610 optimized for next-generation end-user devices with limited bandwidth 611

5. Coordinate continued pathfinder implementations of web-based desktop productivity 612 software suites at the enterprise level 613

614

615



616 Figure 4-4 Notional Multi-Level Secure Desktop Environment

9 617

618

4.1.4 Application and Data Services (ADS) 619

Application and Data Services initiatives are focused on providing secure global access to 620

common DoD-wide solutions to allow our men and women to access the people and information 621

resources they need from any computer, anywhere in the world. In order to gain the full 622

operational and economic benefit of the initiatives detailed in this document, we must change 623

how we acquire, develop, field, and maintain applications. The approach is based upon 624

developing enterprise capabilities and mandating their use once operationally viable. As a result, 625

no IT investments shall be planned for or initiated to develop, modify or sustain capabilities 626

comparable to the designated DoD enterprise capabilities absent a compelling operational need 627

or documented business case. 628

The Department will pursue a three pronged approach to the consolidation of application and 629

data services: 630

Vigorous IT Portfolio Management, to include the designation and mandatory use of 631 select enterprise application and data services 632

Promulgation of enterprise reference architectures, including technical standards for 633 federated enterprise solutions, coupled with strictly enforced compliance to those architectures 634

and standards 635

Establishment and mandated use (for new applications) of a limited set of development 636 platforms and a process for rapid incremental development including a tested by one, accepted 637 by all process for joint system certification 638

639

9 Source: Al Udeid Combined Air and Space Operations Center (CAOC) Trusted Thin Client Training materials

Current Work Station Thin Client Work Station



To accomplish these goals, the Department will take the following actions: 640

1. Designate select services provided by one or more components as mandatory DOD 641

Enterprise Services and prohibit the programming, planning or execution of any funds (absent a 642

compelling operational or documented business case) for the development or modification of any 643

system which provides capabilities comparable to a designated mandatory DOD Enterprise 644

Service 645

2. Establish a limited number of standard DOD development platforms and repositories 646

(such as DISA RACE and SourceForge.Mil) to re-use Government developed code as much 647 as possible and save testing and certification costs through a test once, use every where process 648 optimized for next generation end user devices with limited bandwidth 649

3. Fully implement, and designate as mandatory for use, a federated enterprise solution for 650

person-based access control on all SECRET and UNCLAS networks, including a suite of 651

Enterprise Attribute Services for People which includes the implementation of component level 652

Organization Servers, Global Force Management Data Initiative, and, associated DMDC and 653 DISA provided services 654

4. Fully implement, and designate as mandatory for use, a federated enterprise solution for 655

person-based access control on all SECRET and UNCLAS networks, including a suite of 656

Enterprise Attribute Services for devices on all SECRET and UNCLAS networks, as a separate 657

and distinct set of services from those used for people 658

659

Near-term activities are focused on the Enterprise Email (ADS-1) deployment and Attribute 660

Services (ADS-2). Attribute Services provide the foundational security capability needed for 661

rapid and unanticipated information sharing. This managed and governed core support service 662

provides attributes for access decisions within a centralized enterprise model. This service 663

includes a collection of authoritative person and non-person entity (NPE) attribute data based on 664

commonly defined and governed attributes and makes them available through an enterprise 665

service model to integrate within DoD authorization and access capabilities (e.g., Attribute-666

Based Access Control). 667

The Attribute Service provides access to identity information and can expedite account 668

provisioning and speed secure information sharing. Together with other DoD authorization and 669

access capabilities, the Attribute Service provides the basis for replacing time- and resource-670

intensive manual processes with near real-time automated account provisioning and access 671

control to shared information resources in. This core service supports a more agile, flexible, and 672

responsive warfighting posture where the rules for access control can be quickly modified and 673

enforced based on changing real-world conditions. 674

Key objectives are to: 675

1. Increase warfighter access to required information and services, especially across 676 organizational and security boundaries 677

2. Increase network flexibility, allowing for rapid response to operational conditions 678

3. Improve cyber security 679

4. Drive out anonymity via strong cryptographic authentication (e.g., Public Key 680 Infrastructure) 681

5. Standardize access policies to enable more consistent access decisions 682



6. Reduce duplicative costs associated with existing stove-piped and redundant identity and 683 access management systems 684

7. Increase agility and interoperability with the implementation of commercial standards 685

686

4.1.5 IT Business Processes (BP) 687

The IT Business Process initiatives seek to leverage economies of scale and improved ways of 688

doing business to deliver IT efficiencies. The focus will be to identify DoD-wide approaches to 689

common IT business needs and direct IT-related business and operational practices that will 690

deliver procurement, sustainment, and energy efficiencies. 691

DoD will build on the successes of the DoD Enterprise Software Initiative (ESI)10 and 692

consolidated hardware procurement approaches established by the Army and Air Force. In its 693

first ten years of operation, DoD ESI achieved a cost avoidance of over $3 billion compared to 694

General Services Administration (GSA) Federal Supply Schedule published prices. 695

Limiting commercial-of-the-shelf (COTS) hardware (HW) procurements to enterprise-wide 696

vehicles will lower lifecycle costs by reducing procurement expenditures and lowering aggregate 697

contract administration overhead costs. In addition, reducing the number of IT hardware 698

configurations will ease testing, patch management, and software upgrade installation costs. 699

Defense Business Systems account for nearly $7 billion of the annual IT budget. There are 700

nearly 3000 registered systems. Each of these systems is maintained separately and each 701

operates on its own independent data store. There will be significant cost savings through retiring 702

legacy systems, stopping procurement of duplicate services and reducing the amount of 703

redundant data maintained in duplicate systems. 704

The Department may realize significant annual cost reduction through promoting and adopting 705

Green IT initiatives. These initiatives focus on how DoD operates IT infrastructure, procures 706

devices, services and IT supplies, and consumes the resources that support IT. 707

5 Estimated Efficiencies 708 DoD CIO estimates that additional savings of $1.5 billion to $3.5 billion over the Future Years 709

Defense Program (FYDP) are possible through IT consolidation as shown in Figure 5-1. The IT 710

Consolidation initiatives will result in a combination of direct and indirect budget savings that 711

will be retained by Components to deliver high-priority IT capabilities. These efficiencies are in 712

addition to the $1.7 billion direct budget savings from the Army ($500 million) and Air Force 713

($1.2 billion) included in the DoD FY12 Presidents Budget (PB12) submission. The Army and 714 Air Force efficiencies were identified during the SecDef-directed zero-based review of 715 functions and resources within all DoD Components. 716

A significant portion of the future IT Consolidation efficiencies will be the result of reduced 717

sustainment funding for legacy capabilities that are eliminated and replaced by enterprise 718

capabilities. As the funding for these legacy initiatives is spread over many hundreds of program 719

elements, the current budget processes and mechanisms do not provide adequate insight to allow 720

funds to be redirected. Other efficiencies will be realized through reduced procurement costs or 721

reduced energy costs. 722

10

See http://www.esi.mil/



The current PPBE process and supporting systems do not provide adequate transparency and 723

insight into IT expenditures and will not support accurate accounting of IT Consolidation 724

efficiencies. DoD CIO will work with the Director, Cost Analysis and Program Evaluation (D, 725

CAPE) to develop appropriate Business Case Analysis (BCA) approaches to evaluate IT 726

Consolidation initiatives. Top-line adjustments to component budgets will enable the 727

Department to redirect savings from efficiencies to the development of additional enterprise 728

capabilities. 729

The Department is evaluating alternative funding mechanisms and portfolio approaches for IT as 730

part of the IT Acquisition Reform effort required by Section 804 of the 2010 National Defense 731

Authorization Act (NDAA). As these reforms are enacted, DoD CIO will re-evaluate the ability 732

to adequately measure IT consolidation savings. 733

734

Initiative Area

Estimated Efficiencies ($M)*

Per Year by FY 15 FY 11-15

Minimum Most

Likely Minimum

Most

Likely

Computing Services 220 340 440 790

Network Services 230 730 810 1,210

End-User Services 210 230 390 530

Application and Data Services 160 240 280 680

IT Business Processes** 470 700 1,280 1,990

Estimated Total Efficiencies 1,290 2,240 3,200 5,200

Less: PB 12 Budget Reduction

Army (520) (520)

(500) (500)

Air Force (1,200) (1,200)

Potential Future Efficiencies 770 1,720 1,500 3,500

*Pending business case analysis

** Does not include initiative BP5: Standardize Business Applications

Figure 5-1 IT Consolidation Efficiencies 735

736

6 Sustaining Processes 737 Achieving the goals and objectives of IT consolidation will require strong enterprise-level 738

governance and monitoring led by the DoD CIO in partnership with stakeholders from across 739

OSD and the Components. This will require substantial cultural change within the DoD decision-740

making community. Adherence to DoD CIO policy and Enterprise Architecture guidance must 741



be embedded throughout the Departments core decision-making processes, and the DoD CIO 742 must have clear, unambiguous authority across the Enterprise to hold DoD Components 743

accountable for alignment to IT policies and initiatives and delivery of IT solutions. Strong 744

governance mechanisms will be required to both support the consolidation efforts and ensure that 745

all unique operational requirements are addressed. 746

Specific recommendations are discussed in the following sections. 747

6.1 IT Governance 748

Successful consolidation of DoDs IT environment will require strong, centralized leadership and 749 governance. This will require institutional changes to critical decision-making processes as well 750

as a cultural reform regarding the manner in which the Department manages information and 751

information technology. DoD must evolve from a culture in which veto powers are widespread 752

to one where leaders are fully empowered to drive transformation across the Department in 753

alignment with the central vision. Without this level of commitment, change will not endure and 754

the planned initiatives will be unlikely to survive changes in leadership or the conflicts of 755

priorities that will surely develop over time. Additionally, to achieve the targeted savings, DoD 756

must reallocate funding to facilitate the IT consolidation priorities and make corresponding 757

reductions to affected programs. 758

Effective IT governance begins with strong CIO-driven leadership to focus attention and hold 759

Components accountable for complying with DoD IT policy, architectures, and standards. Strong 760

incentives, enforceable by the DoD CIO, must be instituted to compel DoD managers at all 761

levels to comply with Departmental guidance and must be accompanied by serious penalties for 762

noncompliance. Additionally, roles, responsibilities, and relationships between the CIO and 763

research, development, and acquisition organizations must be clearly aligned to ensure IT 764

enterprise requirements are successfully translated into agile technical solutions that fully align 765

with future IT enterprise initiatives. 766

6.2 Certification and Accreditation 767

In order to achieve IT efficiencies and deliver the promise of speed of delivery, the Department 768

must reconsider how it performs IT Certification and Accreditation (C&A). IT C&A processes 769

should be consolidated and integrated alongside a review focused on determining the effects of a 770

corresponding reduction in the number of and autonomy of Designated Approval Authorities 771

(DAAs). 772

The DoD CIO will lead the effort to develop the policies and guidance necessary to consolidate 773

Department C&A practices with a focus on maximizing reciprocity and reducing duplicative 774

effort. The participation of the DoD Component C&A leads will ensure that solutions are 775

approached with the input of all stakeholders, 776

6.3 Joint Capabilities Integration Development System (JCIDS) 777

The JROC, chaired by the Vice Chairman Joint Chiefs of Staff, is the Departments governing 778 body for the identification, approval, and validation of capability gaps and requirements 779

identified by the warfighting, intelligence, business, and infrastructure mission area managers. A 780

hierarchy of boards including the Joint Capabilities Board (JCB) and Functional Capabilities 781

Boards (FCB), along with the processes delineated in CJCSI 3170 supports the JROC in this 782

capacity. 783

784



Implementation of the Enterprise Information Environment (EIE) portfolio approach within 785

JCIDS will be achieved through the combination of the Command and Control (C2) and Net-786

Centric (NC) Functional Capabilities Boards into a single Enterprise Information Environment 787

Functional Capability Board (EIE FCB). The Joint Staff and the DoD CIO will be directed to 788

establish this EIE FCB, adhering to the JCIDS process and answering to the JROC. This 789

Functional Capability Board will be the central source for capturing Enterprise Infrastructure 790

requirements and prioritizing enterprise capability delivery. JCB and FCB membership will be 791

expanded to include the DoD CIO, and USCYBERCOM on behalf of USSTRATCOM. 792

793

Specific JCIDS-related actions required to ensure EIE requirements compliance include: 794

795

Modify JCIDS Documentation (CJCSI 3170 series) to require documentation of 796 compliance with the DoD Information Enterprise Architecture (IEA) that contains 797

business rules and relevant capability architectures that apply to all IT investments 798

Modify Interoperability Instruction (CJCSI 6212) to strengthen DoD IEA compliance, 799 clarify the Net-Ready KPP with respect to the DoD IEA, establish the requirement to 800

align to and comply with relevant capability architectures, and require the adoption of the 801

Enhanced Information Support Plan (EISP) process to assess compliance 802

Modify the Joint Urgent Operational Needs Process (JUON) to insert steps to ensure 803 that available DoD Enterprise Services are considered and used to the greatest extent 804

feasible before considering alternative solutions 805

Modify the Business Capability Lifecycle (BCL) process to require DoD IEA 806 compliance 807

6.4 Planning, Programming, Budgeting and Execution (PPBE) 808

The PPBE process supports the Planning, Programming, Budgeting and Execution of 809

requirements and needs identified by the JROC. As the sponsor of Defense EIE portfolio, the 810

CIO will lead the collection and review of Department inputs, including from the Components, 811

to inform and direct DoD-level EIE portfolio investment and acquisition processes and decisions 812

(e.g., PPBE and Defense Acquisition System). The CIO, supported by subordinate and 813

supporting portfolios, in coordination with Director CAPE (D, CAPE) and the Joint Staff (JS), 814

will participate in the Front End Assessment (FEA) and Analytic Agenda process to develop and 815

propose upfront Defense Policy and Planning Guidance (DPPG) language to address strategic 816 guidance and military needs. 817

The CIO, in coordination with D, CAPE and the JS, will review and assess annual Service 818

Component and Agency Program Objective Memorandums (POMs) and propose budget and 819

programming alignments; to include active invited participation in key Program Review decision 820

forums (e.g., 3-Star Programmers and DAWG). D, CAPE, in coordination with the DoD EIE 821

portfolio sponsor (CIO), shall review and issue programming and budgeting guidance that 822

reflects DBS and NSS EIE portfolio recommendations to continue, modify, terminate or initiate 823

funding for EIE projects/programs to ensure compliance with approved Defense IT Enterprise 824

policy and direction. 825

Under Secretary of Defense (Comptroller), in coordination with the DoD EIE sponsor (CIO) and 826

D, CAPE, shall establish policies and procedures to ensure EIE resource data visibility and 827

accountability to support agile and informed IT EIE investment and sustainment decisions 828

consistent with DoD IT policy and direction. 829



D, CAPE and USD(C) shall establish business rules and procedures necessary to implement IT 830

EIE resourcing initiatives; i.e., single EIE appropriation, EIE revolving fund, and EIE 831

program/funding element restructuring consistent with DoD response to Section 804 of the 832

National Defense Authorization Act for Fiscal Year 2010 (PL 111-84). 833

As the EIE sponsor, the CIO, in partnership with USCYBERCOM on behalf of USSTRATCOM, 834

shall also serve as capability sponsor in military needs and acquisition forums as required and/or 835

determined by the VCJCS and USD (Acquisition Technology and Logistics). 836

To sustain these changes, the DoD CIO, together with USD(C) and D, CAPE must enhance 837

transparency and DoD-wide oversight of IT budget formulation and execution and exert more 838

active oversight and control of the IT budget across all Components. These changes should 839

include: 840

Stronger DoD-wide oversight of IT budget formulation: This includes capital planning, 841

preparation, prioritization and presentation activities, including determining and evaluating 842

Information and IT resource requirements in support of mission execution; and, 843

Stronger DoD-wide oversight of IT budget execution: This includes resource allocation and 844

planning activities for Information and IT systems development, operations, and services as 845

appropriate to ensure resources are expended in accordance with established IT policy; 846

Concurrently, the DoD CIO will implement robust DoD-wide IT investment reviews, tightly 847

integrated with the key decision processes, to give greater OSD governance or control in the 848

selection, planning, review, and oversight of IT investments. This includes evaluating, managing 849

risk and providing approval to proceed at the earliest state possible prior to initiating 850

procurements or advancing to subsequent phases of system development and/or acquisition; as 851

well as rigorous, regular reviews of the status and progress of projects and activities related to 852

Agency Information and IT investments to determinate whether to continue, suspend, re-baseline 853

or cancel projects or components thereof. 854

Together, this budget and investment oversight is key to holding the organization accountable to 855

the changes and achieving the targeted savings ensuring funding is applied to consolidation 856 programs and correspondingly removed from those programs providing savings. In the long 857

term, additional Planning, Programming, Budgeting, and Execution (PPBE) oversight and 858

flexibility is needed to respond to the rapid changes of the IT environment 859

Specific actions required to ensure EIE guidance is followed throughout the PPBE process 860

include: 861

862 Planning (POM Guidance): The DoD CIO will prepare an IT Addendum in the 863

Guidance for the Development of the Force (GDF) to USD(Policy) in order to provide 864

guidance specific to IT optimization via EIE architecture compliance 865

Planning (POM Guidance): The DoD CIO will prepare an IT Addendum in the Joint 866 Planning Guidance (JPG), and/or DPPG to D,CAPE in order to provide the guidance 867

necessary to ensure component programs are appropriately resourced to use, and not 868

duplicate, enterprise capabilities in compliance with both the DoD IEA and capability 869

architectures 870

Programming (POM Issue Process): The DoD CIO will request USD(C) to withhold 871 or reprogram funds budgeted for systems that fail to comply with the DoD IEA or 872

capability architectures, fail to use applicable DoD Enterprise Services, or, unnecessarily 873

duplicate existing DoD Enterprise Solutions 874



Financial Management Regulations (FMR)/Funding Documents: The DoD CIO will 875 request USD(C) to modify standard DoD forms used to allocate and transfer funds (such 876

as Military Interdepartmental Purchase Requests) to include a specific statement 877

certifying that no funds on the subject funding document will be obligated for any IT 878

service or system that is not compliant with the DoD IEA or capability architectures, 879

specifically including the appropriate use and non-duplication of enterprise capabilities 880

6.5 Defense Acquisition System (DAS) 881

Contracting Officers, Program Managers, and other acquisition professionals are constrained by 882

Federal Acquisition Regulation (FAR) and Defense Federal Acquisition Regulation Supplement 883

(DFARS) with respect to ensuring all IT procured by the DoD fully meets, but does not 884

unnecessarily exceed at additional cost, all validated requirements for the subject procurement 885

action. In the majority of cases, validated requirements are not determined via the JCIDS 886 process, but rather by local requirements generators who may or may not be familiar with, or feel 887

compelled to use, enterprise capabilities (e.g., data centers, networks, enterprise services). DoD 888

acquisition and procurement policy and processes, as well as relevant DFARS clauses if 889

possible, must be modified to direct contracting officers to ensure that all DoD IT contracts 890

require the use of, and prohibit the duplication of, enterprise capabilities. 891

892

Successful IT Consolidation will require the Department to establish a common set of DoD 893

Information Enterprise acquisition and procurement strategies. While technical standards achieve 894

a level of interoperability, the next phases of the consolidation effort cannot be accomplished 895

unless the acquisition and procurement strategies are synchronized across all Components. 896

897

Specific actions required to ensure EIE guidance is followed throughout the DAS process 898

include: 899

900

DoD CIO will recommend changes to DoDD 5000.01 to enforce compliance with DoD 901 EIE architectures and the use of available enterprise capabilities within major acquisition 902

activities. Specific changes envisioned will: 903

o Make the use of existing and planned enterprise capabilities a mandatory element 904 of the Analyses of Alternatives (AoA) 905

o Make the use (and non duplication of) existing and planned enterprise capabilities 906 a requirement for all Preliminary design Reviews (PDR) 907

o Make the use (and non duplication of) existing enterprise capabilities a 908 requirement for all milestone B decisions 909

DoD CIO will develop and institute a standard contract clause to be inserted in all 910 contracts for DoD IT goods and services requiring compliance with the DoD IEA, and, 911

the use and non-duplication of designated enterprise capabilities 912

Incorporate the IA requirements and procedures currently defined by DIACAP into the 913 processes of the Defense Acquisition System to ensure effective information assurance 914

capabilities are designed into all IT systems from concept through systems engineering. 915

This equally applies to the acquisition and procurement of IT capabilities that 916

traditionally fall below the threshold criteria for formal acquisition 917

918


A-1

919

Appendix A Network Services Initiatives 920 921

NS1 Consolidate Security Infrastructure 922

Multiple generations of Top Level Architectures (TLA) provide network perimeter security 923

across DoD. In many cases equipment used is nearing end of useful-life requiring both refresh 924

and new technology for continuing defense of the network and providing enhanced capabilities 925

for protecting against emerging threats. This initiative is to design and deploy a DoD Enterprise -926

Top Level Architecture (D-TLA) architecture that will standardize equipment, improve 927

information assurance (IA) security capabilities, reduce the number of DISA point-of-presence 928

(PoP) connections, and simplify systems management. 929

NS2 Consolidate NetOps Centers 930

Migrate from the numerous separate Component NetOps Centers to joint NetOps centers that 931

align to common processes and standards, select and adopt common tools, and automate network 932

incident response capabilities. Leverage buying power for enterprise-wide network operations 933

software and licenses, and centralize hosting of network operations services in DoD computing 934

centers to reduce hardware costs and improve security (Under review by USCYBERCOM). 935

NS3 Implement Cross Domain Solution as an Enterprise Service 936

Create enterprise application services that are cross-domain enabled. Engineer and deploy 937 comprehensive, enterprise-grade services for common key applications such as e-mail, machine-938

to-machine data transfer, portal synchronization, chat, and web services. This effort aims to 939

provide reliable, secure, well-defended standard services for those COTS application data 940

formats that make up the bulk of cross-domain requirements. These COTS data formats, such as 941

Simple Mail Transfer Protocol (SMTP) e-mail, Microsoft Office documents, and .pdf files, are 942

predictable, well understood, standard, and common. The goal is to make it an easy investment 943

and risk decision for a DoD organization to use the provided enterprise service rather than 944

engineer, staff, and defend a local solution. 945

NS4 Implement Standard Certification and Accreditation Process 946

In order for DoD to fully transition to the new harmonized guidance, it plans to first revise its 947

existing 8500 series of guidance. This process includes upcoming revisions to the information 948

security policy documented in its directive 8500.01 and instruction 8500.2, the certification and 949

accreditation process contained in DoD 8510.01, as well as various additional instructions and 950

guidance. The first major step is to release the revised DoDD 8500.01 and DoDIs 8500.2 and 951 8510.01 in the spring of 2011. After this occurs, DoD plans to develop additional 952

implementation and assessment guidance, technical instructions, and other information. The 953

release dates for these additional items have not yet been established because their development 954

or revision is dependent on the final publication of revisions to the 8500 series guidance. 955

NS5 Extend Joint Networks Over SATCOM 956

Provides an affordable, DoD En