Department of Defense (DoD) Chief Information … of Defense (DoD) Chief Information Officer (CIO) Campaign Plan . Version 1 . Fiscal Year 2013

Department of Defense (DoD) Chief Information Officer (CIO) Campaign Plan Version 1

Fiscal Year 2013

This page intentionally left blank.

DoD CIO Campaign Plan Version 1 November 19, 2012 Page 3

From the DoD CIO

This version of the DoD CIO Campaign Plan represents a significant step in the evolution of the DoD CIO organization, reflecting not only changes to DoD CIO tasks resulting from the disestablishment of the Assistant Secretary of Defense (Networks & Information Integration) (ASD(NII)), but also a new DoD CIO vision and mission. This Campaign Plan presents the three primary objectives of the DoD CIO, which encompass: (1) facilitating the delivery of mission capabilities to the warfighter (2) supporting the development of new technology for the warfighter; and (3) guiding IT modernization. As these objectives make clear, supporting the warfighter is at the forefront of what we do. The warfighter expects and deserves access to information—from any device, anywhere, anytime. Consequently, we are leading DoD’s move to a Joint Information Environment (JIE) that will meet these expectations.

This version of the DoD CIO Campaign Plan also reflects the new DoD CIO organization, which was refashioned and strengthened to improve effectiveness and efficiency. One of the guiding principles behind creating this new organization was to build it around related functions and ensure that our organization’s directorates focus on tangible high payoff deliverables. Realizing that collaboration is especially critical in a resource-constrained environment, our way ahead involves establishing more cross-functional teams, because often our outcomes can only be achieved by reaching across DoD CIO functional boundaries. In addition, the DoD CIO is working closely with the Defense Information Systems Agency (DISA) to align our respective campaign plans. Ultimately, the success of our organization in achieving our mission depends upon close working relationships with DISA, the National Security Agency (NSA), United States Cyber Command (USCYBERCOM), the Military Services, and the Intelligence Community (IC).

This DoD CIO Campaign Plan reflects budget realities and the priorities that our organization applied to determine what tasks are most critical to fund in order to best support the warfighter and the Department as a whole. Some important tasks are included in this plan based on the intention to fund them in the future; they are included to present a more complete picture of the tasks the DoD CIO organization plans to work on over the next 12-24 months.

Managing information technology (IT) within the Department of Defense continues to present challenges and great opportunities from the constantly expanding set of information technologies that are available. The DoD CIO organization is focused on initiatives that impact the Department’s technology direction, especially enterprise-level initiatives that drive information sharing and increase cybersecurity. Solutions and innovation, consistent with the JIE, will be implemented by the Military Services, Combatant Commands (COCOMS), and agencies, with whom we work every day in partnership.

Teresa M. Takai DoD CIO


DOD CIO VISION AND MISSION

The DoD CIO is the Principal Staff Assistant (PSA) and advisor to the Secretary of Defense (SecDef) and Deputy Secretary of Defense (DepSecDef) for information technology, national security systems (NSS), and information resources management (IRM) matters. The DoD CIO is responsible for all matters relating to information and the information environment including command and control (C2), communications, radio frequency spectrum, network operations, information systems, information assurance (IA), defense cybersecurity, the Joint Information Environment, and positioning, navigation, and timing (PNT) policy. The DoD CIO is tasked with improving the combat power of the Department—as well as its security and efficiency—by ensuring that the Department treats information as a strategic asset and that innovative information capabilities are available throughout all areas of DoD supporting warfighting, business, and intelligence missions. The DoD CIO is a vital member of the Office of the Secretary of Defense (OSD) staff that helps the warfighter by fulfilling its PSA and Clinger-Cohen Act (CCA) roles that guide the Department in the incorporation of more agile, efficient and effective technology and practices.

Vision

DoD and partners securely access information and services they need at the time, place and on approved devices of their choosing.

Mission

We lead the DoD Information Enterprise by defining a shared vision, setting overall policy, and driving the standard for the information infrastructure that supports warfighting, business, and intelligence missions.

To accomplish the mission, the DoD CIO:

• Works with key stakeholders across the Department to ensure that mission-critical information is visible, accessible, and understandable to all authorized users in a trusted environment without regard to location or time.

• As PSA, leads specific IRM capabilities including command and control, communications, IT infrastructure, and IA, ensuring that these capabilities are architected, engineered, and delivered in a manner that optimizes the Department's mission capabilities, increases the Department's security posture, and makes most effective use of the Department's financial resources.

• Leads DoD’s network cybersecurity/information assurance efforts and manages enterprise information sharing risks, while at the same time protecting our information assets.

• Provides guidance and oversight with regard to overall operation and defense of the DoD Information Enterprise (IE).


CAMPAIGN PLAN ALIGNMENT WITH HIGH-LEVEL GUIDANCE

The DoD CIO Campaign Plan presents our mission, vision, and strategic objectives, which are founded in the National Defense Strategy, the Quadrennial Defense Review (QDR), and the Defense Planning Guidance (DPG), as well as executive branch and legislative guidance and direction. In some of the more recent legislative direction, the Fiscal Year (FY) 2010 National Defense Authorization Act (NDAA) Section 804 focuses on the rapid acquisition of IT in general, while the FY 2011 NDAA Section 933 specifically requires the Secretary of Defense, in consultation with the Secretaries of the Military Departments (MilDeps), to develop a strategy to provide for the rapid acquisition of tools, applications, and other capabilities for cyber warfare. Additionally, the FY 2012 NDAA Section 2867 requires DoD to reduce the resources applied to data servers and centers, through such enterprise efforts as data center consolidation.

The DoD CIO Campaign Plan fully supports the Department's Strategic Management Plan (SMP) FY2012-FY2013 business goal for the DoD CIO, to "Build agile and secure information technology capabilities to enhance combat power and decision making while optimizing value." In particular, the DoD CIO Campaign Plan supports all four key SMP initiatives related to this goal:

1. Execute the DoD IT Enterprise Strategy and Roadmap (ITESR). 2. Strengthen the oversight of Information Technology investments. 3. Integrate cybersecurity across the DoD Information Enterprise. 4. Develop long-term strategy to provide for and protect mission-critical access to radio

frequency spectrum.

Specific actions and tasks that support these four SMP initiatives are indicated in the Campaign Plan with two asterisks (**). Development of the DoD CIO Campaign Plan was also informed by the DoD Strategy for Operating in Cyberspace (DSOC) and the Federal CIO’s 25 Point Implementation Plan To Reform Federal Information Technology Management, particularly the Office of Management and Budget’s (OMB’s) Cloud First, Shared First, and Federal Risk and Authorization Management Program (FedRAMP) initiatives.

Furthermore, the DoD CIO Campaign Plan supports the Secretary of Defense’s memo to the Deputy Secretary of Defense of October 17, 2011 to “implement savings—in efficiencies, personnel costs, modernization and procurement reform”. To address this need, the DoD CIO recently released the DoD CIO 10 Point Plan for IT Modernization to guide in the achievement of efficiencies directed by the Secretary of Defense. This Campaign Plan identifies the corresponding actions, tasks, offices of primary responsibility (OPR) and coordinating responsibility (OCR) and delivery dates for achieving all of these efficiencies. The Campaign Plan identifies aligned tasks by displaying the 10 Point Plan deliverable number after the task description in bolded brackets.

The DoD CIO Campaign Plan additionally supports key points from DoDD 5105.02, which defines the responsibilities and functions of the DepSecDef. The directive lists four primary responsibilities for the DepSecDef as Chief Management Officer and Chief Operating Officer of the Department. Those responsibilities, and how the DoD CIO supports each, are depicted in the following table.


Responsibility Defined in DoDD 5105.02 How the DoD CIO Supports

Ensure DoD-wide capability to carry out the strategic plan of the DoD in support of national security objectives

• Provides guidance to ensure that information capabilities are developed and implemented in an efficient, effective, secure manner

• Provides guidance to operate and defend the Joint Information Environment, which enables DoD to employ warfighting and support capabilities

Ensure the core DoD business missions are optimally aligned to support the DoD warfighting mission

• Contributes to the Deputy Chief Management Officer (DCMO) Business Enterprise Architecture and Enterprise Transition Plan, through architecture guidance and architecture alignment activities

• Supports IT investment information needs of Investment Review Boards through tools such as the DoD IT Portfolio Repository (DITPR) and Select & Native Programming Data Input System for Information Technology (SNaP-IT)

Improve DoD management and performance • Supports development of DoD CIO performance measures

• Supports additional performance and management reporting to OMB, Government Accountability Office (GAO), and Congress

Develop and maintain a strategic plan • Contributes content to the DPG related to DoD CIO assigned responsibilities

DOD CIO REORGANIZATION

The Office of the DoD CIO has reorganized to better support mission alignment and to better enable teamwork, collaboration, and accountability, with a particular focus on deliverables. One of the challenges of the previous organization was overlapping, and often conflicting, responsibilities for the oversight of the development and delivery of technology. The new organization aims to clarify responsibilities by consolidating related functions and executing processes and tasks from an enterprise perspective. Under the new organizational structure, Deputy CIO (DCIO) for Information Enterprise (IE) develops information enterprise strategies, policies, and architectures; DCIO for Cybersecurity (CS) establishes cybersecurity strategy, policies and architectures; and DCIO for Command, Control, Communications, and Computers (C4) and Information Infrastructure Capabilities (C4&IIC) oversees development of IT, PNT, and spectrum-related capabilities needed to support the enterprise. Finally, DCIO for Resources and Analysis (R&A) manages and oversees the resources needed to procure, maintain and operate the information enterprise.


The DoD CIO organization’s strength, especially with a limited set of resources, will be the ability to quickly establish cross-functional teams, comprising personnel with relevant functional expertise. This approach also supports a greater emphasis on timely, responsive deliverables to enhance the organization’s ability to focus on publishing policy or strategy and then moving on. Through this emphasis, the DoD CIO will execute a dynamic workload, adjusting priorities when necessary.

THREE PRIMARY OBJECTIVES

The DoD CIO has three primary objectives, as illustrated in the graphic below: facilitating the delivery of mission capabilities to the warfighter (for capabilities ready for use); shepherding the development of new technology (taking capabilities under development from concept to implementation), and guiding IT modernization (through the DoD CIO 10 Point Plan for IT Modernization).


These three objectives do not represent an organizational construct but rather identify three major areas of emphasis where the DoD CIO makes vital contributions to the Department’s missions. The DoD CIO fulfills these three objectives through the actions and tasks described in the six areas of execution (AOE) in this Campaign Plan.

Warfighter Capabilities

The DoD CIO plays an essential role in the Department in facilitating the delivery of mission capabilities to the warfighter. Enterprise services, for example, provide decision makers with access to persistent, continuously available collaborative and knowledge management capabilities for secure information sharing—access they need to exercise authority and direct mission execution. The DoD CIO’s focus in this area is on the rapid delivery of technology—the ubiquitous availability of information to ensure that our warfighters get inside the enemy’s decision cycle—while always ensuring that the technology is appropriately secure.

Additionally, the DoD CIO is one of the Department’s guardians of spectrum, both in the present to provide adequate bandwidth to warfighters around the world and well into the future.

Technology Enablers

Information technology provides the foundation for addressing every warfighting, business, and intelligence mission within DoD. IT not only drives modern warfighter systems, but also links individuals and systems via networks that enable rapid information sharing and command and


control. However, if the Department does not take action, then costly, outdated, and stove-piped IT capabilities will continue to stress DoD IT operations and limit interoperability and information sharing across systems. To continue to maintain an information advantage over our adversaries, DoD needs to continually incorporate new commercial technologies and approaches (such as shared services) and increase the pace with which technically advanced capabilities can be fielded to warfighters. The DoD CIO plays an essential role in shepherding new technologies or approaches—such as cloud computing—from concept to implementation through sponsoring of pilot efforts, definition of strategy, adjustments to existing or development of new policy, IT strategic sourcing, and oversight of implementation programs.

To that same end, it is essential for the Department to vigilantly manage cyber vulnerabilities to prevent adversaries from exploiting classified information and endangering national security. Ongoing attacks on our digital infrastructure emphasize that we are confronting fundamentally different challenges from those faced during any previous war or campaign against our Nation. The growing gap between online functionality and security demands a rethinking of several key aspects of security—enhancing resilience and robustness, establishing clearer security policies, and changing people’s behavior to reflect more security awareness. The DoD CIO’s efforts in guiding Department-wide identity and access management seek to make sure that people have access to all the information they need and are authorized to have, and that people can trust the information they get. Ubiquitous availability of information means that there will be seamless access to information and services, whether in a deployed theater of operations or at a continental United States (CONUS) home base.

IT Modernization

The 10 Point Plan for IT Modernization , developed by the DoD CIO, is designed to highlight 10 areas around which DoD will focus its efforts in modernizing its IT infrastructure, processes, and workforce to deliver better value. The plan is modeled on the Federal CIO’s 25 Point Implementation Plan to Reform Federal Information Technology Management. The DoD plan targets the most pressing near-term challenges and presents approaches to deliver agile, secure, integrated, and responsive IT capabilities efficiently and effectively. The plan supports DoD efficiencies as well as the Undersecretary of Defense (Acquisition, Technology, and Logistics) (USD(AT&L)) Better Buying Power initiative, the Strategic Management Plan FY2012 – FY2013, and the Defense Strategic Guidance. This plan, by pulling together previously disparate efforts, will enable the DoD to reduce costs and deliver faster, more responsive capabilities, while improving interoperability, user satisfaction, cybersecurity, and, ultimately, mission success.


One of the key challenges that the DoD CIO is addressing through IT modernization is the establishment of mechanisms for budgeting and sustainment of shared services within and across DoD Components. The DoD CIO needs to ensure that the Department has a clear way for DoD Components to pay for shared services—and for commodity IT hardware/software—in an equitable and predictable way. DoD has an opportunity to reform current processes to ensure the future state of DoD IT operations is financially sustainable.


JOINT INFORMATION ENVIRONMENT

The JIE is a secure environment, comprised of shared IT infrastructure, enterprise services, and a single security architecture to achieve full spectrum superiority, improve mission effectiveness, increase security, and realize IT efficiencies. The JIE is operated and managed per the Unified Command Plan using enforceable standards, specifications, and common tactics, techniques, and procedures.

The approach to implement the JIE is a blended approach to build IT infrastructure standards, architecture, and detailed specifications with a focus on five major areas (also known as the “Big Rocks”):

• Joint Network (Network Normalization) • Identity Management/Access Control • Enterprise Data Center Consolidation • Enterprise Services • Enterprise IT Governance

PARTNERSHIPS

The DoD CIO relies on close relationships with other DoD agencies and organizations to realize the DoD CIO mission. As noted in many of the tasks and Steady State processes in this plan, DoD CIO works closely with the Military Services, USD(AT&L), Undersecretary of Defense (Policy) [USD(P)], Undersecretary of Defense (Intelligence) [USD(I)], Undersecretary of Defense (Comptroller) [USD(C)], Cost Assessment and Program Evaluation (CAPE), DCMO, DISA, NSA and USCYBERCOM to improve DoD’s information sharing policies and governance processes, and to speed delivery of much needed IT capabilities. Similarly, the DoD CIO is meeting regularly with members of these organizations to develop and implement strategies to strengthen and improve the operational effectiveness, efficiency and security of the Department’s networks and information sharing infrastructure. The DoD CIO will also continue its close collaboration with the Federal Strategic Sourcing Initiative and the General Services Administration (GSA) SmartBUY program to help shape federal mandates in IT acquisition policies and procedures. Of particular importance is DoD CIO’s campaign planning partnership with DISA. To ensure alignment of our respective organizational efforts, the DoD CIO and DISA planning teams have been meeting and working together regularly since Version 0 of the DoD CIO Campaign Plan was released. Specifically, the teams have been working to bring the goals, priorities, actions, and tasks in their respective campaign plans into greater alignment—especially by identifying potential gaps or areas that may need greater coordination. The two organizations are also sequencing the delivery of their respective campaign plans, to better enable the next version of the DISA Campaign Plan to be more aligned, as appropriate, to the DoD CIO plan.


CAMPAIGN PLAN EVOLUTION

Version 1 of the DoD CIO Campaign Plan represents a significant evolution from Version 0. This evolution was driven in part by the disestablishment of ASD(NII), reorganization within the Office of the DoD CIO, and the impact of greater budget constraints. As a result of these three factors, a number of Steady State processes and tasks from Version 0 of the plan have been removed, modified, or added.

Additionally, after some top-down analysis, the DoD CIO developed the 10 Point Plan for IT Modernization, which identifies 38 near-term, high impact deliverables to improve efficiency and effectiveness by consolidating infrastructure, streamlining processes, and strengthening the DoD IT workforce. This version of the DoD CIO Campaign Plan identifies Steady State processes, actions, and tasks that support these 38 deliverables by a notation in brackets. For example a notation of “[1.2]” indicates a Campaign Plan task that supports Point 1, deliverable 2, in the DoD CIO 10 Point Plan for IT Modernization.

Since the release of Version 0 of the DoD CIO Campaign Plan—which provided the initial step in the iterative campaign planning process—125 tasks have been completed. All completed tasks are documented in a separate file, which resides on the DoD CIO internal web site, along with Version 1 of the DoD CIO Campaign Plan. Additionally, those tasks that were due and completed in Q4FY12 have been marked as Complete in this version. Similarly, a number of tasks have been deleted since Version 0 was released, and these deleted tasks are also documented in a separate file on the DoD CIO internal web site. This version also includes 30 future tasks that were not resourced when this plan was released, and are identified as such in the plan to indicate unfunded requirements.

NEXT STEPS

Execution of the DoD CIO Campaign Plan will include performance measurements. Successful performance will require both: 1) the completion of the tasks and 2) the related achievement of outcomes resulting from the completion of a number of tasks within a priority. A critical next step for performance measurement, therefore, will be to define the required outcomes and their associated measurement approach.


Overview

Today, DoD forces increasingly rely on the DoD Information Enterprise for rapid access to information in support of mission success. Even in light of new operational and economic risks, the enterprise must strive to achieve improved levels of support for the warfighter. The DoD CIO will manage and evolve the DoD Information Enterprise to more quickly respond to threats, maximize capabilities with greater efficiency, and promptly embrace appropriate emerging technologies. To do this, the DoD CIO will establish an overarching management construct consisting of a policy framework, enterprise architecture, and governance. This management construct will guide the unified maintenance and evolution of the DoD Information Enterprise in alignment with customer needs and strategic objectives.

The DoD CIO will develop a policy framework—consistent with DoDD 8000.01, “Management of the DoD Information Enterprise”—to ensure compliance with in-place authorities that enable the management and evolution of the DoD Information Enterprise. The policy framework will consolidate multiple processes for faster coordination, decision making, and resolution. It will promote an enterprise perspective to eliminate information stovepipes.

The DoD CIO will also evolve the DoD Information Enterprise Architecture (DoD IEA) with associated standards, and the organizing framework for describing the DoD Information Enterprise. Together, these will guide the development of DoD information technology capabilities and enable the federation of DoD Component architectures to achieve a single, customer-focused vision of more consistent security, interoperability, and increased operational agility. The DoD IEA will enable better analysis for more informed investment, design, and development decisions allowing leadership to logically manage the DoD Information Enterprise as a single cohesive unit.

Additionally, the DoD CIO will institute governance approaches to manage and evolve enterprise architecture and policy in alignment with operational requirements. The governance process will support consistent interpretation of policy, monitoring of DoD Information Enterprise performance, and timely addressing of customer issues.

Strategic Objective

Provide enterprise policy and architecture within an appropriate governance framework to guide the development and delivery of secure, integrated information capabilities necessary for mission success.

AOE 1: Provide Enterprise Policy and Architecture


Steady State

Government-wide Policy Implementation SS 1.1 Synchronize and coordinate collaborative efforts to satisfy statutory and regulatory requirements. This includes Paperwork Reduction Act (PRA), Privacy Impact Assessments (PIA), Government Performance and Results Act (GPRA), Federal Information Security Management Act (FISMA), public web policy, .gov Internet domain policy, implementation of the Federal Digital Strategy, and other reports and responses to Congress, OMB and E-Gov. [OPR: IE-IM]

SS 1.2 Develop and provide Department-wide policy guidance and oversight for federally mandated Section 508 implementation to include: 1) Perform random assessments of DoD procurement compliance with U.S. Access Board Electronic and Information Technology Standards; 2) Perform random assessments of DoD public websites; 3) Perform mitigation and resolution of Section 508 accessibility complaints; 4) Participate in federal-level forums to develop government-wide rules and guidance for Section 508; and 5) Work with DoD Components to increase awareness of Section 508 throughout the Department. [OPR: IE-IM]

SS 1.3 Serve as the PSA for overseeing PNT policy and coordinating with all external organizations. [OPR: IC-C4II]

Architecture and Processes SS 1.4 Perform OMB Federal Enterprise Architecture (FEA) activities. [OPR: IE-AI]

SS 1.5 Develop guidance, and architectural and strategic approaches for C4&IIC programs and capabilities. Ensure compliance with policy, strategic and technical direction, roadmaps, and architectures. Provide C4&IIC capability area expertise and technical assistance to the Department. Lead the technical integration of issues, coordination, and oversight of programs and mission area capabilities. [OPR: IC-C4II]

SS 1.6 Represent DoD interests in the non-Intel space-based communication and network capabilities by participating in internal DoD, interagency, and international boards, forums, and task forces. Maintain architectures, plans, policies and standards associated with space-based communications and network capabilities. [OPR: IC-C4II]

SS 1.7 Oversee development of PNT architectures to enable integration of PNT capabilities with the JIE. [OPR: IC-C4II]

SS 1.8 Maintain the DoD Architecture Framework (DoDAF) and conduct associated standards, engineering, and training activities, including supporting the North Atlantic Treaty Organization (NATO) Architecture Capabilities Team overseeing Consultation Command and Control Enterprise Architectures within NATO. [OPR: IE-AI]

SS 1.9 Maintain DoDAF configuration management (CM) and conduct bi-weekly working group meetings. [OPR: IE-AI]

SS 1.10 Perform architecture and systems engineering process integration to better align DoDAF with systems engineering documents and artifacts being developed as part of the acquisition process and DoD Component systems engineering governance. [OPR: IE-AI]

SS 1.11 Manage the DoD/Intelligence Community Joint Standards program. Coordinate IC standards and architecture policy as they relate to both the DoD and IC. Provide joint DoD/IC standards management planning support. [OPR: IE-AI]


SS 1.12 Oversee the reengineering of DoD Architecture Registry System (DARS) for integration with the Enterprise Discovery Service to provide discovery of all shared architectures. [OPR: IE-AI]

SS 1.13 Collaborate with USD(AT&L) to review and enforce compliance with approved architectures and standards. Engage with IT/NSS related governance/oversight bodies to ensure compliance with architectures, standards, and policies. [OPR: IC-C4II; OCR: IE-G]

SS 1.14 Review and/or approve architectures for federation into the DoD EA. [OPR: IE-AI]

Governance SS 1.15 Oversee maintenance of the DoD IT Standards Registry (DISR). [OPR: IE-AI]

SS 1.16 Update the Strategic Sustainability Performance Plan annually, documenting progress in meeting electronics stewardship goals. [OPR: IE-AI]

SS 1.17 Support the DoD CIO in establishing and maintaining an effective CIO governance structure to support implementation of enterprise-wide initiatives, goals, and objectives. [OPR: IE-G; OCR: IE-IM] [5.5]

SS 1.18 Serve as the secretariat of the DoD CIO Executive Board to support board processes and relationships. [OPR: IE-IM]

SS 1.19 Serve as the secretariat of the MilDeps CIOs’ monthly meetings with the DoD CIO. [OPR: IE-IM]

SS 1.20 Function as tri-chair for the Enterprise Services Review Group and co-chair the Architecture and Standards Review Group (ASRG), as well as oversee the Enterprise Services-Engineering Review Board for activities to include security, infrastructure, and spectrum. [OPR: IE-AI; OCR: IE-SP]

SS 1.21 Chair the DoD PNT Executive Committee and establish DoD PNT working groups to support the DoD PNT Executive Committee. [OPR: IC-C4II]

SS 1.22 Develop, implement, maintain, and coordinate policy related to PNT, including the Global Positioning System (GPS) and navigation warfare, with USD(P). [OPR: IC-C4II]

SS 1.23 Drive institutionalization of the Identity and Access Management (IdAM) Attribute Governance Concept of Operations (CONOPS). [OPR: IE-SP]

SS 1.24 Leverage the DoD CIO Executive Board processes and relationships to influence more cost-effective delivery of IT services, drive consolidation, and achieve joint networking. [OPR: IE-SP; OCR: IE-IM]

SS 1.25 Review and update policies that impact development and deployment processes for software applications. [OPR: IE-SP]

SS 1.26 Ensure the IA policy chart remains current with DoD, National Institute of Standards and Technology (NIST), Committee on National Security Systems (CNSS), and federal policy issuances. The chart is organized in accordance with the DoD IA Strategy and is designed to assist cybersecurity professionals within DoD and its partner organizations in identifying and locating key cybersecurity policy documents. [OPR: CS-DIAP]

SS 1.27 Address IA issues in DoD acquisition policy and guidance issuances, including DoDI 8580.01, the Defense Acquisition Guidebook (DAG), DoD 5000 series, test and evaluation (T&E) policy, program protection and critical program information, etc. [OPR: CS-DIAP]


SS 1.28 Manage the DoD CIO policy renewal process so that outdated policies are either canceled or renewed as appropriate. [OPR: IC-PM]

SS 1.29 Perform interoperability governance, tri-chair the Interoperability Steering Group, process requests for waivers to interoperability policy, and process interim certificates to operate. [OPR: IE-AI]

SS 1.30 Chair and provide secretariat for a Joint Satellite Communications (SATCOM) Council that is organized under the CIO Executive Board and supports the Defense Space Council in the SATCOM mission area. [OPR: IC-C4II]

SS 1.31 Chair the Information Assurance Enterprise Review Group (IAERG). [OPR: DCIO(CS)]

SS 1.32 Provide support to the IAERG. [OPR: CS-CSS]

PRI 1.1: Develop CIO Policy Framework [OPR: IC-PM]

Objective: Development of the policy framework to oversee and manage the DoD Information Enterprise (as defined in DoDD 8000.01).

Relevance: Aligned policies enable the rapid leveraging of emerging concepts and capabilities, and facilitate efficient and effective use of an integrated DoD IT architecture and the information enterprise as a whole.

Action 1.1.1 Develop, maintain, and issue policies (directives and instructions) and standards to guide the evolution of the DoD Information Enterprise in conformance with DoD CIO guiding principles. [OPR: IE-AI; OCR: IE-IM, IE-G, IC-C4II, IC-SPP, CS-CSP and CS-UCDMO]

Task 1.1.1.1 Develop a gateway baseband multiplexing convergence strategy that defines strategy to migrate from time division multiplexers to router-based networking. (Q1FY13) [OPR: IC-C4II]

Task 1.1.1.2 Develop network management (NM) instruction, DoDI 8410, in coordination with DISA and USCYBERCOM, that establishes policy and assigns responsibility for planning, implementing, and executing NM for the DoD Information Enterprise and the Global Information Grid (GIG). (Complete) [OPR: IC-C4II] [1.2]

Task 1.1.1.3 Develop Commercial Mobile Device (CMD) Strategy, with near-, mid-, and long-term objectives, to establish enterprise-wide guidance for implementation of CMD in the DoD Information Enterprise. (Complete) [OPR: IC-C4II; OCR: IC-SPP, CS-DIAP]

Task 1.1.1.4 Revise DoDD 8100.2, “Use of Commercial Wireless Devices, Services, and Technologies in the DoD GIG” to include CMD policy. (Q3FY13) [OPR: IC-C4II; OCR: IC-SPP] **

Task 1.1.1.5 Develop, coordinate, and publish DoDI 8330.xx, “Procedures for Interoperability of Information Technology (IT) and NSS”. This will replace DoDD 4630.08, “Procedures for Interoperability and Supportability of IT and National Security Systems”. Concurrently, implement interoperability governance structure under the DoD CIO. (Q3FY13) [OPR: IE-AI; OCR: IE-G]


Task 1.1.1.6 Coordinate issuance of an instruction for GIG network connections, DoDI 8010.dd, which defines policy and responsibilities for managing DoD Component and partner connections to DoD networks. (Q4FY13) [OPR: IE-G]

Task 1.1.1.7 Develop a networthiness policy instruction, DoDI 8400.xx, to establish standard criteria for the assessment of IT connecting to DoD networks to enable consistency, quicker IT fielding, and reciprocity. (Q4FY13) [OPR: IE-AI; OCR: IE-G]

Task 1.1.1.8 Publish DoDI 8550.01, “DoD Internet Services and Internet-Based Capabilities”. (Complete) [OPR: IE-IM]

Task 1.1.1.9 Update DoDI 8410.01, “Internet Domain Name Use and Approval” to include new policy and procedures for use of the .gov and .edu domains. (Q4FY13) [OPR: IE-IM]

Task 1.1.1.10 Update DoDI 5400.16, “DoD Privacy Impact Assessment Guidance” to include OMB social media guidance and DoD IA changes. (Q2FY14) [OPR: IE-IM]

Task 1.1.1.11 Update DoDI 7750.07, “DoD Forms Management Program” to incorporate policy changes in the program. (Complete) [OPR: IE-IM]

Task 1.1.1.12 Update DoDI 8910.01, “Information Collection and Reporting” to incorporate policy changes in the program. (Q1FY13) [OPR: IE-IM]

Task 1.1.1.13 Update policies to require the use of the Enhanced Information Support Plan (EISP) tool to identify and address all IT support issues throughout the acquisition lifecycle that could impact operational mission performance. (Q4FY13) [OPR: IE-G]

Task 1.1.1.14 Develop method to implement and institutionalize Section 1047, Paragraph (d), of the 2009 NDAA and Section 1033 of the 2010 NDAA by establishing DoD policy and responsibilities for a formal review process for bandwidth requirements of major acquisition programs and systems that comprise and operate within the DoD IE. (Q2FY13) [OPR: IC-C4II]

Task 1.1.1.15 Develop IT Warfighting Capabilities Modernization Plan and Technology Needs document. (Q1FY13) [OPR: IC-C4II]

Action 1.1.2 Develop and issue policies, directives, instructions, and standards concerning PNT capabilities. [OPR: IC-C4II]

Task 1.1.2.1 Complete coordination and publish DoDI 4650.dd, “PNT and Navigation Warfare (NAVWAR)”. (Q4FY13) [OPR: IC-C4II]

Task 1.1.2.2 Establish interagency coordination to update national policy stated in National Security Presidential Directive (NSPD)-39, Space-based PNT. (Q2FY13) [OPR: IC-C4II]

Task 1.1.2.3 Coordinate and publish DoDI 4650.ee, “Celestial Reference Frame Management”. (Q4FY13) [OPR: IC-C4II]

Task 1.1.2.4 Develop and issue DoDI 4650.cc, “Precise Time and Time Interval Management”. (Complete) [OPR: IC-C4II]

Task 1.1.2.5 In collaboration with USD(AT&L), develop a PNT enterprise funding plan based on the Herakles Study. (Q3FY13) [OPR: IC-C4II]


Task 1.1.2.6 Develop and issue a DoD manual on GPS and PNT security. (Q4FY13) [OPR: IC-C4II]

Task 1.1.2.7 Develop and issue Federal Radionavigation Plan. (Q1FY13) [OPR: IC-C4II]

Task 1.1.2.8 Develop a DoD CIO guidance document, Priorities for U.S. Military PNT: Sustaining the Military PNT Advantage. (Q1FY13) [OPR: IC-C4II]

Task 1.1.2.9 Update the Memorandum of Understanding (MOU) for Precise Positioning Service access. (Q1FY13) [OPR: IC-C4II]

Task 1.1.2.10 Establish a strategy for incorporating the DoD IEA and its Appendix G - Compliance into existing governance processes of the Department. (Q3FY13) [OPR: IE-AI]

Task 1.1.2.11 Develop a PNT Strategic Plan that assures PNT delivery to the warfighter in an anti-access, area-denial environment. (Q2FY13) [OPR: IC-C4II]

PRI 1.2: Evolve the DoD Enterprise Architecture (EA) and Processes [OPR: IE-AI]

Objective: Consolidate and refine existing DoD EA descriptions, governance, processes, and federation requirements into architecture policy and an overarching Enterprise Architecture Management Plan (EAMP) that institutionalizes DoD-wide use of and compliance with the DoD EA.

Relevance: Compliance with the DoD Enterprise Architecture ensures alignment of information capability initiatives under a common vision and enables the consistent use of standards for enhanced security and interoperability.

Action 1.2.1 Develop the DoD EA and provide direction. [OPR: IE-AI] [9.5]

Task 1.2.1.1 Develop and publish a DoD architecture instruction, DoDI 8210. (Q4FY13) [OPR: IE-AI] [9.2, 9.3, 9.5]

Task 1.2.1.2 Develop guidance for development, maintenance, and use of the DoD EA per DoDI 8210 and prepare a DoD EAMP to guide the process of building the DoD EA in a federated approach. (Q2FY13) [OPR: IE-AI] [9.1, 9.5]

Task 1.2.1.3 Develop an enterprise vocabulary required for DoD EA federation. (Q3FY13) [OPR: IE-AI] [9.5] – NOT RESOURCED

Task 1.2.1.4 Develop reference architectures (RA) to guide the consolidation and standardization of the DoD IT infrastructure as described in the DoD ITESR: Network Optimization RA, Unified Capabilities (UC) RA, and the Core Data Center RA. (Q3FY13) [OPR: IE-AI; OCR: IE-SP] [3.3, 9.5] **

Task 1.2.1.5 Publish final online DoD IEA v2.0 Document Framework. (Q4FY13) [OPR: IE-AI] [9.5]

Task 1.2.1.6 Develop and publish DoD IEA v2.0. (Complete) [OPR: IE-AI] [9.4, 9.5]

Task 1.2.1.7 Develop DoD EA artifacts. (Q3FY13) [OPR: IE-AI] [9.5] – NOT RESOURCED


Task 1.2.1.8 Develop a DoD Enterprise Architecture Implementation Plan as a follow-on to the DoD EAMP. (Q2FY13) [OPR: IE-AI] [9.1, 9.5]

Task 1.2.1.9 Establish a strategy for incorporating IEA and Appendix G compliance into existing governance processes of the Department. (Q3FY13) [OPR: IE-AI] **

Task 1.2.1.10 Develop a Plan of Action and Milestones (POA&M) for developing a prioritized list of RAs required to fully describe the JIE. The full scope of JIE will be described through the following RAs: Data Center Normalization/Optimization/ Consolidation; Spectrum Management; End-to-End Communications; Cloud Computing; Management of Identity, Credentials, and Access; Access Control; Audit and Forensics; Information Sharing; Information Management; Service Sharing; Service Management; Integrated Network Operations; Policy-based Management; Infrastructure Configuration; Network Defense; Cross Domain Security; Data and Metadata Protection; Threat and Vulnerability Assessment; Incident Management; IT Asset Management (ITAM); Common Development Environments; and Configuration Management. (Q3FY13) [OPR: IE-AI] [9.5] **

Action 1.2.2 Develop integrated Electronic Health Record (iEHR). [OPR: IE-FO]

Task 1.2.2.1 Validate the establishment of a DoD/Department of Veterans Affairs (VA) iEHR Security Architecture. (Q1FY13) [OPR: IE-FO; OCR: CS-CSS]

Task 1.2.2.2 Assist with development of an iEHR Enterprise Architecture for joint DoD and VA capabilities to promote sharing of health information. (Complete) [OPR: IE-AI]

Task 1.2.2.3 Assist with the establishment of an iEHR Data Center Consolidation POA&M between DoD and VA. (Complete) [OPR: IE-AI; OCR: IE-G]

Action 1.2.3 Enhance DARS. [OPR: IE-AI]

Task 1.2.3.1 Transition the operation, service, and maintenance of DARS to a Military Service for continuing operations and consolidation, to include DARS requirements documentation. (Q2FY13) [OPR: IE-AI]

Action 1.2.4 Support OMB Federal Enterprise Architecture revision. [OPR: IE-AI]

Task 1.2.4.1 Coordinate on final FEA Framework v2.0. (Q1FY13) [OPR: IE-AI]

Action 1.2.5 Perform OMB Federal Enterprise Architecture activities. [OPR: IE-AI]

Task 1.2.5.1 Develop the DoD Enterprise Roadmap in support of the annual OMB Enterprise Roadmap requirement. (Q3FY13) [OPR: IE-AI]

Action 1.2.6 Update DoDAF. [OPR: IE-AI]

Task 1.2.6.1 Extend the DoDAF Meta-Model (DM2) to accommodate the DCMO’s Semantic Web initiative. (Q4FY13) [OPR: IE-AI]

Task 1.2.6.2 Develop the Common Coalition and FEA Framework in coordination with Federal CIO, coalition partners, the International Defence Enterprise Architecture Specification Group, and NATO. (Q4FY13) [OPR: IE-AI]

Task 1.2.6.3 Facilitate adoption of DoDAF v2.0 by commercial and government tool vendors and federated architecture repository developers. (Complete) [OPR: IE-AI]


Task 1.2.6.4 Release an incremental version of DoDAF v2.03 that incorporates rewrites to DoDAF model descriptions developed by the Marine Corps and other DoDAF working group members. (Q3FY13) [OPR: IE-AI]

Action 1.2.7 Deliver products and artifacts of the ASRG. [OPR: IE-AI]

Task 1.2.7.1 Develop and publish the IdAM Reference Architecture. (Q1FY14) [OPR: CS-IAC; OCR: IE-AI] – NOT RESOURCED

Action 1.2.8 Lead the Department’s effort to improve C2 information sharing by ensuring C2-related data is visible, accessible, understandable, trustable and interoperable, and establish reference architectures to drive joint C2 sustainment and modernization initiatives. [OPR: IC-C4II]

Task 1.2.8.1 Observe and assess DoD Components’ limited implementation of C2 Core v2.0 events during FY13. (Q1FY14) [OPR: IC-C4II]

Task 1.2.8.2 Revise and re-issue C2 Core v2.0 Implementation Guidelines based on issuance of C2 Core v2.x. (Q1FY14) [OPR: IC-C4II]

Action 1.2.9 Integrate roadmaps for networks, satellite communications, radios, and waveforms into the DoD Enterprise Architecture. [OPR: IC-C4II]

Task 1.2.9.1 Update the Combined Joint Task Force (CJTF) Architecture to v2.0 to maintain currency. This effort will be accomplished through the new Military Communications-Electronics Board Tactical Edge Integration Panel, which will use the CJTF Architecture as its baseline document for addressing/analyzing new capabilities for information transport systems, with future updates incorporating C2 capabilities (systems and services). (Complete) [OPR: IC-C4II]

Task 1.2.9.2 Complete DoD Radio Strategy v3.0. Engage with Military Services to develop, refine, and modify radio and Communications Security (COMSEC) modernization plans for FY13. Within this strategy the following roadmap documents will be created: Radio-Platform-COMSEC inventory spreadsheets; radio strategy roadmaps, with and without the Joint Tactical Radio System (JTRS); a COMSEC-Algorithm Roadmap; a Networking Radio Roadmap; and a Radio Waveform Roadmap. (Q1FY13) [OPR: IC-C4II; OCR: CS-IAC]

Task 1.2.9.3 Conduct semi-annual revision to the narrowband, wideband, and protected SATCOM matrices to reflect current program execution, Program Objective Memorandum (POM) decisions, address capability gaps, define critical paths to achieve initial operational capability/final operational capability (IOC/FOC), and forecast the way forward if deviations occur in required capabilities. Matrices will be integrated with the National Security SATCOM Systems Synchronization reports and delivered on a semi-annual basis. (Q3FY13) [OPR: IC-C4II]


PRI 1.3: Strengthen CIO Governance [OPR: IE-G; OCR: IE-IM]

Objective: Update the governance structure, policy, and processes to guide and oversee the development and evolution of the DoD Information Enterprise to meet customer needs and strategic objectives.

Relevance: More effective governance to provide a disciplined mechanism to attain Department-wide alignment, compliance, and consensus for information enterprise solutions, including architectures, standards, investments, taxonomies, and lexicons.

Action 1.3.1 Implement the DoD CIO governance structure that consolidates governance bodies and streamlines reporting to the DoD CIO Executive Board. [OPR: IE-G; OCR: IE-IM]

Task 1.3.1.1 Evolve the ASRG and its subordinate committees to focus on architecture and policy that support the information enterprise. Update the ASRG Charter and CONOPS as required. Issue new IT standards baselines. (Q2FY13) [OPR: IE-AI] [5.1]

Task 1.3.1.2 Develop and implement JIE governance structure and reduce the number of working groups, boards, committees, and other structures that currently exist. (Q1FY13) [OPR: IE-G; OCR: IE-IM] [5.4, 5.5]

Task 1.3.1.3 Develop a new DoD instruction to provide a permanent policy for the DoD CIO Executive Board charter, DoDI 8130.aa. (Q4FY13) [OPR: IE-IM; OCR: IE-G] [5.1, 5.4]

Task 1.3.1.4 Charter subordinate working groups under the DoD CIO Executive Board to enable interim governance processes to support evolution of the JIE concept. (Q2FY13) [OPR: IE-G; OCR: IE-IM] [5.5]

Action 1.3.2 Implement a streamlined process for interoperability certification. [OPR: IE-G; OCR: IE-AI]

Task 1.3.2.1 Develop a plan and timeline for a revised interoperability certification process. (Q1FY13) [OPR: IE-G]

Task 1.3.2.2 Finalize process for interoperability certification as part of draft DoDI 8330. (Q1FY13) [OPR: IE-G]

Task 1.3.2.3 Maintain currency of the EISP tool for creation and analysis of Information Support Plans (ISPs). (Q2FY13) [OPR: IE-G]

Task 1.3.2.4 Develop and coordinate a charter and establish a secretariat function for the Joint SATCOM Council to operate within the CIO Executive Board structure and support the Defense Space Council. (Q2FY13) [OPR: IC-C4II]

Action 1.3.3 Develop and implement an improved DoD CIO process to synchronize engagement with the Joint Capabilities Integration Development System (JCIDS); Planning, Programming, Budgeting, and Execution (PPBE); and Defense Acquisition System (DAS) processes. [OPR: IE-G]

Task 1.3.3.1 Develop a strategy for monitoring and coordinating DoD CIO equities across the Department’s requirements, budgeting, and acquisition processes. (Q2FY13) [OPR: IE-G]


Task 1.3.3.2 Establish a collaboration space for internal storage and coordination of DoD CIO governance process meeting information and program review products. (Q1FY13) [OPR: IE-G]

Task 1.3.3.3 Incorporate compliance mechanisms into DoD acquisition, resourcing, and investment review processes. (Q2FY13) [OPR: IE-SP, IE-G] – NOT RESOURCED


Overview

In the objective DoD Information Enterprise, the IT infrastructure and services will support an agile force structure where DoD military, civilian, and contractor personnel—deploying and redeploying around the world to defend the Nation and respond to man-made and natural disasters—have anywhere, anytime access to the information needed to perform their missions.

IT infrastructure (including hardware, software, services, processes, and spectrum) will be optimized for mission performance and affordability and alignment with the JIE through the DoD IT Enterprise Strategy and Roadmap Implementation Plan and other DoD CIO-led initiatives. DoD network transport capabilities are being integrated across all domains—terrestrial, maritime, aerial, space, and cyber. Special emphasis will be placed on developing architectural and acquisition support to increase business and tactical use of mobile end-user devices. Decision makers will have access to persistent, continuously available collaborative and knowledge management capabilities for secure information sharing to exercise authority and direct mission execution.

Additional information capabilities will be rapidly deployed as enterprise services, leveraging cloud computing technologies and streamlined acquisition processes. To provide authorized users with timely access to those capabilities and information, advanced IdAM policy, processes, and technologies will enable users to avoid inefficient, manually intensive registration processes. Operating system, application, and IT hardware testing procedures, including the certification and accreditation (C&A) processes, will be revamped to remove impediments to rapid capability delivery while effectively managing risk.

Since our warfighters depend on access to the electromagnetic spectrum to employ a range of mission essential technologies, the DoD CIO is pursuing initiatives to protect DoD equities in spectrum access and ensure its efficient usage. Lastly, efforts are underway to assure that our leaders continue to have reliable, trusted access to C2 capabilities from the national level to the joint tactical level to support DoD operations.

The DoD CIO leads efforts—to include the essential, non-materiel items such as governance, policies, guidance, frameworks, architectures, and standards—to guide achievement of the objective DoD Information Enterprise, with the dual objectives of improving effectiveness of operations while also operating more efficiently. The Military Services, Combatant Commands, and Defense agencies are responsible for implementing the materiel capabilities required to achieve the objective DoD Information Enterprise. In addition, the DoD CIO will lead implementation and use of performance indicators to track and demonstrate incremental progress toward achieving that goal.

AOE 2: Drive Secure IT Infrastructure and Services


Strategic Objective

Drive IT infrastructure and services that support an agile force by providing secure access to the information needed to perform their missions—anywhere, anytime. Steady State

Governance SS 2.1 Work in partnership with the Joint Staff to identify and align IT enterprise services and cloud-based solutions. [OPR: IE-SP]

SS 2.2 Oversee core and edge communications capabilities to enable C4 and IT infrastructure solutions. [OPR: IC-C4II]

SS 2.3 Provide DoD C2 oversight and address C2 capability issues in collaboration with the C2 Data and Services Steering Committee, C2 Senior Steering Group for Acquisition, and the Program Executive Officer Interchange to support DoD CIO objectives for C2 capabilities. [OPR: IC-C4II]

SS 2.4 In collaboration with USD(AT&L) and the Joint Staff, coordinate and synchronize joint C2 capability initiatives through the joint C2 sustainment and modernization planning process. [OPR: IC-C4II]

SS 2.5 Chair the National Leadership Command Capabilities (NLCC) Executive Management Board (EMB) to address DoD and interagency senior leadership communications issues; provide the executive secretariat for the NLCC EMB to enable oversight and executive-level NLCC governance for DoD and interagency members. [OPR: IC-NLCC]

SS 2.6 Ensure that policies, standards, and investments for communications, networks, and C2 capabilities fully support DoD information sharing strategies. [OPR: IC-C4II]

External Coordination SS 2.7 Ensure communications and networks program interoperability with national and allied/coalition systems. [OPR: IC-C4II]

SS 2.8 Coordinate with the Intelligence Community, OMB, and other governmental bodies to synchronize and optimize DoD’s cloud computing efforts. [OPR: IE-SP]

SS 2.9 Provide DoD leadership to publish the Information Sharing Environment (ISE) Annual Report to Congress. [OPR: IE-SP]

SS 2.10 Provide DoD leadership to the NATO communications and information systems initiatives to secure tagging and exposure of data enabling interoperability and use. [OPR: IE-SP; OCR: CS-UCDMO] – NOT RESOURCED

SS 2.11 Develop and coordinate essential C2-related coalition information sharing policies to enable joint C2. [OPR: IC-C4II; OCR: IE-SP]

SS 2.12 Provide DoD leadership to CNSS on IdAM and federal Identity, Credential, and Access Management (ICAM) efforts. [OPR: CS-CSP]

SS 2.13 Partner with IC to develop governance structures for the collaborative development of shared software resources, using Open Source Software (OSS) development methodologies. [OPR: IE-SP; OCR: DCIO(CS)]


SS 2.14 Support the DepSecDef as the co-chair of the National Executive Committee for Space-based PNT. [OPR: IC-C4II]

SS 2.15 Support international spectrum management activities of the International Telecommunication Union (ITU) as they impact access to spectrum for the GPS program. [OPR: IC-SPP]

SS 2.16 Support DoD CIO as the co-chair of the National Executive Steering Group for Space-based PNT. [OPR: IC-C4II]

SS 2.17 Provide DoD leadership for the DoD Enterprise Software Initiative (ESI) Working Group and its subordinate project activities, to include: co-chairing regular working group and team meetings; attending and speaking at appropriate DoD and federal IT conferences; participating in Federal Strategic Sourcing Initiative (FSSI) and GSA SmartBuy activities; and maintaining liaison with the Federal Acquisition Regulations (FAR) IT sub-committee and the Defense Acquisition Regulations (DAR) Council. [OPR: IE-AI] [6.4]

Information Enterprise Management Activities SS 2.18 Conduct GIG Waiver Panel activities, to include review of DoD Component requests for waivers from DoD IT policy, issue DoD CIO notifications of approval/disapproval of GIG waiver requests, and issue revisions/updates to the GIG Waiver Panel Guidance document, as required. [OPR: IE-G]

SS 2.19 Oversee the Connection Approval Process, to include issuing memos and approving DoD sponsor/mission partner connection requests. [OPR: IE-G]

SS 2.20 Oversee DoD Unified Capabilities implementation, which includes Internet Protocol version 6 (IPv6) transition activities, throughout the Department. [OPR: IE-AI]

SS 2.21 Provide IT Asset Management support for EA planning, optimize use of IT assets, and support DoD ESI software product managers and DoD leadership in strategic sourcing decisions. [OPR: IE-AI]

SS 2.22 Serve as the functional lead for the Information Technology Services Management (ITSM) Sub-working Group. [OPR: IE-SP]

SS 2.23 Represent the strategic, operational, and tactical edge in actions involving Unified Capabilities, DoD network configuration changes, and expanding enterprise wireless network and computing capabilities. [OPR: IC-C4II]

SS 2.24 Monitor and collect quarterly DoD Component performance data to produce annual efficiency metrics on data center consolidation and cloud efforts to comply with Section 2867 of the 2012 NDAA. [OPR: IE-SP]

SS 2.25 Provide secretariat support for the DHS-DoD Technical and Security Working Group: arrange bi-annual meetings; prepare, coordinate, and publish minutes; track action items; and perform other duties as the working group may assign. [OPR: IE-G]

SS 2.26 In coordination with USD(AT&L), support integration of GPS and PNT alternatives. [OPR: IC-C4II]

SS 2.27 Manage IT data repositories for IT assets.

Acquisition Support SS 2.28 Provide spectrum program oversight to ensure effective implementation of Global Electromagnetic Spectrum Information System (GEMSIS) Increment 2. [OPR: IC-SPP]


SS 2.29 Support overarching IPTs for designated C4 and IT infrastructure Programs of Record. [OPR: IC-C4II]

SS 2.30 Ensure C4 and IT infrastructure programs comply with IA requirements. [OPR: IC-C4II]

SS 2.31 Enforce compliance with architecture, standards, and end-to-end performance requirements for C4 and IT infrastructure programs. [OPR: IC-C4II] [3.3]

SS 2.32 Establish and administer DoD ESI comprehensive and flexible contract vehicles designed for DoD IT Program Managers (PMs) to effectively and efficiently complete commercial off-the-shelf (COTS) software integration and related services taskings. [OPR: IE-AI] [3.3, 6.4]

SS 2.33 Provide oversight and direction for DoD Component efforts to perform systems engineering, strategic planning / synchronization, and capability assessment for C4 and IT infrastructure capabilities. [OPR: IC-C4II]

Enterprise Services SS 2.34 Coordinate with DISA, NSA, Army and other governmental bodies to synchronize DoD's mobile application and mobile device efforts. [OPR: IC-C4II; OCR: CS-DIAP]

SS 2.35 Support the implementation0 of enterprise email. [OPR: IE-SP] [3.3]

SS 2.36 Participate in industry and cloud vendor information sharing meetings. [OPR: IE-SP; OCR: IE-AI]

SS 2.37 Assess data analytics/“big data” indexing methods, cloud computing infrastructure implementations currently underway in National Aeronautics and Space Administration (NASA), NSA, GSA, and USCYBERCOM, and cloud computing commercial technologies and approaches for implementation in DoD. [OPR: IE-SP]

SS 2.38 Collaborate with USD(AT&L), USD(C), and Director, CAPE to revise acquisition and funding models for cloud computing services adoption and implementation. [OPR: IE-SP]

SS 2.39 Work with DoD Components to identify additional opportunities for expanding the cloud computing services portfolio; review pilot efforts for further submissions. [OPR: IE-SP; OCR: IE-AI]

SS 2.40 Establish and maintain Enterprise Software Agreements (advantageous acquisition vehicles) enabling Department-wide access to the most current and widely used IT products and services. [OPR: IE-AI] [3.3]

SS 2.41 Engage with the federal mobility initiative to draft federal policy and support workshops and conferences. [OPR: IC-C4II, CS-SPP, and CS-DIAP]

SS 2.42 Participate in the Commercial Mobile Device Working Groupthe DoD-wide collaboration effort to discuss and share commercial mobile device policies, programs, and pilots and provide updates from DoD Components, Military Services, and agencies. [OPR: IC-C4II, CS-SPP, and CS-DIAP]

SS 2.43 Provide oversight of DAR policy; monitor DoD Component compliance; monitor state of technology; and modify policy and guidance, as appropriate. [OPR: CS-DIAP]

SS 2.44 Update current DoD user agreement banner and respond to inquiries (e.g. congressional). [OPR: CS-DIAP]


SS 2.45 Provide acquisition program IA strategy assessments/reviews for statutory compliance limited exclusively to reviews of program acquisition IA strategy documents to verify compliance with Section 811 of Public Law 106-398, “Floyd D. Spence National Defense Authorization Act for Fiscal Year 2001,” October 30, 2000; the Clinger-Cohen Act; DoDI 8580.1; and DoDI 5000.02. [OPR: CS-DIAP]

SS 2.46 Conduct acquisition program documentation IA assessments/reviews for regulatory compliancelimited exclusively to reviews of program acquisition documents to verify appropriate treatment of cybersecurity implementation, including T&E master plans, acquisition strategies, Acquisition Program Baselines, T&E strategy, Technology Development Strategy, System Engineering Plans, Program Protection Plans, etc. Verify compliance with the 8500 series, DoDI 5000.02, and DAG. [OPR: CS-DIAP]

SS 2.47 Assess IA within the JCIDS process documentation (e.g., Joint Capability Areas (JCAs); Initial Capabilities Documents (ICDs); Capability Development Documents (CDDs); Capability Production Document (CPDs); doctrine, organization, training, materiel, leadership and education, personnel, and facilities (DOTMLPF) change recommendations; CONOPS; Analysis of Alternatives (AoA)) and coordinate results with PMs, subject matter experts (SMEs), and OPRs. [OPR: CS-DIAP]

SS 2.48 Provide cloud/FedRAMP SME support by acting as technical representative for the Joint Authorization Board. [OPR: CS-DIAP]

SS 2.49 Support Federal CIO and OMB Passback Cloud First requirements, as identified in the Federal CIO’s 25 Point Implementation Plan To Reform Federal Information Technology Management , Task #3 (Jump start the migration to cloud technologies). [OPR: IE-SP] [2.2]

SS 2.50 Establish and lead the DoD Enterprise Cloud Services Forum for collaborative stakeholder information sharing. [OPR: IE-SP]

PRI 2.1: Optimize the IT Infrastructure through Consolidation Efforts and by Providing Common Services [OPR: IE-AI; OCR: IE-SP]

Objective: Consolidate IT infrastructure under common IT services to enable DoD to manage infrastructure as a commodity.

Relevance: Use of common IT services increases efficiency by enabling the elimination of duplicative capabilities and making DoD’s IT infrastructure more cost effective to maintain and more responsive to operational demand.

Action 2.1.1 Manage DoD data center and server consolidation in support of DoD efficiency initiatives. [OPR: IE-SP] [1.1]

Task 2.1.1.1 Manage data center consolidation plans. (Q4FY13) [OPR: JIE-TF] [1.1]**

Task 2.1.1.2 Develop an initial DoD Core Data Center Consolidation Reference Architecture. (Complete) [OPR: IE-SP; OCR: IE-AI] [1.1]

Action 2.1.2 Oversee and guide IT infrastructure consolidation activities. [OPR: IE-SP] [1.2]


Task 2.1.2.1 Develop and publish DoDI 8440.bb, “DoD Data Center Computing Infrastructure”. (Q4FY13) [OPR: IE-SP] [1.2] **

Task 2.1.2.2 Develop ITSM Service Strategy Process Guides, to include: Financial Management, Service Portfolio Management, and Demand Management. (Q1FY13) [OPR: IE-SP] [1.2]

Task 2.1.2.3 Develop ITSM Continual Service Improvement Process Guides, to include: 7-Step Improvement Process, Service Measuring, and Service Reporting. (Q3FY13) [OPR: IE-SP] [1.2]

Task 2.1.2.4 Develop the Defense IT Infrastructure Library (ITIL) Service Catalog 2.0. (Q1FY14) [OPR: IE-SP] [1.2]

Task 2.1.2.5 Develop an architecture and roadmap to support the global distribution of intelligence, surveillance, and reconnaissance (ISR) and full motion video traffic utilizing enterprise services. Define terminal, satellite communications, gateway, and datacenter capabilities to establish a common DoD service and eliminate inefficient, platform-centric solutions. (Q4FY13) [OPR:IC-C4II] [1.2]

Action 2.1.3 Oversee IPv6 implementation across DoD networks. [OPR: IE-AI]

Task 2.1.3.1 Demonstrate IPv6 capability on the DoD Core classified network, Secure Internet Protocol Router Network (SIPRNet). (Q1FY13) [OPR: IE-AI]

Task 2.1.3.2 Meet OMB IPv6 FY12 requirements to upgrade public/external facing servers and services (e.g., web, email, Domain Name System (DNS), Internet service provider services, etc.) to operationally use native IPv6. (Q4FY13) [OPR: IE-AI]

Task 2.1.3.3 Perform an assessment of tactical IPv6 transition readiness on selected tactical communication systems. Identify and assess key infrastructure protocols within each target tactical network to determine their current capabilities to support IPv6 traffic. (Q4FY13) [OPR: IC-C4II]

Action 2.1.4 Oversee the implementation and institutionalization of Unified Capabilities DoD-wide. [OPR: IE-AI] [3.3]

Task 2.1.4.1 Develop and publish the DoD Unified Capabilities Requirements (UCR) 2013 document. (Q1FY13) [OPR: IE-AI] [3.3]

Task 2.1.4.2 Oversee implementation of DoD UC in accordance with DoDI 8100.04 and DoD UCR current edition document to enhance warfighter mission effectiveness. (Q1FY13) [OPR: IE-AI] [3.3]

Action 2.1.5 Gain efficiencies through implementation of centralized licensing and consolidated purchasing strategies. [OPR: IE-AI]

Task 2.1.5.1 Cross Universal Master Gold Disk (UMGD) team will develop, issue, and maintain a small set of centrally licensed software applications with common DoD configurations and security settings as a “build from” disk (i.e., UMGD standard). Issue initial UMGD under DoD CIO memo, which explains purpose, strategy, and intended use. (Q2FY13) [OPR: IE-AI] [3.3, 6.4]

Task 2.1.5.2 Establish DoD-wide enterprise licenses for the most widely used commercial software. (Q1FY13) [OPR: IE-AI] [6.3, 6.4]


Task 2.1.5.3 Develop policy/methodologies on joint commodity IT hardware buying standards to push all DoD buyers of commodity IT hardware to existing Army and Air Force procurement processes and vehicles. (Q2FY13) [OPR: IE-AI] [3.3, 6.1, 6.2, 6.3, 6.4]

Action 2.1.6 Increase visibility into the COTS IT inventory and purchasing activity to enable DoD to fully leverage its aggregate buying power, increase interoperability, and optimize the outcomes associated with the use of COTS IT products. [OPR: IE-AI]

Task 2.1.6.1 Influence DoD Component IT Asset Management guidance to align with the ongoing federal ITAM initiative by FSSI and based on the delivery of a federal dashboard tool. (Q2FY13) [OPR: IE-AI] [6.2]

Action 2.1.7 Establish a DoD process that supports CIO visibility of IT assets and enables decisions to support JIE and IT infrastructure configuration. This process should also provide a means for assessing progress and providing transparency towards implementation of department-wide strategies. [OPR: IE-SP; OCR: IE-AI, IE-SP, R-IT]

Task 2.1.7.1 Develop a plan for collecting information about IT assets to meet evolving internal and external information requirements. (Q1FY13) [OPR: IE-G; OCR: IE-AI, IE-SP, R-IT]

Task 2.1.7.2 Comply with emerging and evolving OMB reporting requirements for IT assets. (Q4FY13) [OPR: IE-G; OCR: IE-AI, IE-SP, R-IT]

Action 2.1.8 Enhance the DoD Connection Approval Process. [OPR: IE-G]

Task 2.1.8.1 Complete a MOU between the Department of Energy/National Nuclear Security Administration (DOE/NNSA) and DoD for the interconnection between the DOE/NNSA Enterprise Secure Network and DoD SIPRNet. (Q1FY13) [OPR: IE-G]

Task 2.1.8.2 Develop an approach to ensure mission partner connections are engineered behind a protected demilitarized zone (DMZ). (Q2FY13) [OPR: IE-G]

Task 2.1.8.3 Complete a Memorandum of Agreement (MOA) between the Department of Commerce and DoD for interconnection to the DoD SIPRNet. (Q1FY13) [OPR: IE-G]

Task 2.1.8.4 Complete a MOA between the Department of Justice and DoD for interconnection to the DoD SIPRNet. (Q2FY13) [OPR: IE-G]

PRI 2.2: Integrate Network Transport Capabilities [OPR: IC-C4II]

Objective: Ensure the integration, interoperability, and synchronization of information transport capabilities in the space, aerial, terrestrial, maritime, and cyberspace domains through participation in the JCIDS, PPBE, and DAS processes.

Relevance: More integrated systems and networks will provide improved interoperability, security, and overall operational effectiveness and efficiency.


Action 2.2.1 Lead efforts to perform systems engineering, strategic planning/synchronization, and capability assessment for tactical networking initiatives, SATCOM, and fixed/terrestrial infrastructure. Major Programs of Record include: JTRS, Warfighter Information Network-Tactical (WIN-T), Advanced Extremely High Frequency (AEHF) Satellite, Family of Advanced Beyond Line-of-Sight Terminals (FAB-T), Navy Multiband Terminal (NMT), Wideband Global Satellite (WGS) System, Enhanced Polar System (EPS), Mobile User Objective System (MUOS), Global Broadcast System (GBS), Teleport, Defense Information Systems Network (DISN), airborne data links, and Next Generation Enterprise Network (NGEN). [OPR: IC-C4II]

Task 2.2.1.1 Document the Military Services’ migration plans for tactical data links (TDL) and document joint migration objectives and policies. Update the 2008 Joint Tactical Data Enterprise Services Migration Plan to become the Joint TDL Migration Plan. (Q4FY13) [OPR: IC-C4II]

Task 2.2.1.2 Develop future commercial SATCOM solutions, including cyber-specific initiatives. (Complete) [OPR: IC-C4II]

Task 2.2.1.3 Work with DISA and the Joint Staff to develop a secure voice telephone modernization strategy to leverage Internet Protocol as a potential replacement for Defense Red Switch Network (DRSN). (Q1FY13) [OPR: IC-C4II]

Task 2.2.1.4 Update the Communications Waveform Roadmap to provide migration path for tactical wireless communication waveforms. (Q1FY13) [OPR: IC-C4II]

Task 2.2.1.5 Integrate PNT (to include GPS) alternatives into a networked, DoD-wide capability to enhance PNT availability and information assurance. (Q3FY13) [OPR: IC-C4II]

Task 2.2.1.6 Develop a strategy to improve the integration of network management tools for the tactical communications environment. (Q4FY13) [OPR: IC-C4II]

Task 2.2.1.7 In collaboration with USD(AT&L) and the JTRS Joint Program Executive Office, develop and implement plans to address radio program changes based on POM 13 decisions, Ground Mobile Radio Nunn-McCurdy results, and JTRS Airborne, Maritime, and Fixed Stations program decisions to ensure delivery of essential radio capabilities. (Q2FY13) [OPR: IC-C4II]

Task 2.2.1.8 Conduct evaluation of alternatives for existing legacy ultra high frequency follow-on terminal capabilities to utilize MUOS capacity. (Complete) [OPR: IC-C4II]

Task 2.2.1.9 In collaboration with USD(AT&L)/Assistant Secretary of Defense (Research and Engineering) (ASD(R&E)), develop and standardize improved access to MILSATCOM for handheld radios (such as survival radios) and for other disadvantaged users. Establish a relevant military standard to support Demand-Assigned Multiple Access Compatible IOC. (Q2FY13) [OPR: IC-C4II]

Task 2.2.1.10 Conduct a study to determine how to best operate satellite communications in a degraded environment. (Q3FY13) [OPR: IC-C4II]

Task 2.2.1.11 Conduct a study on anti-jam modem technology that determines how to provide protection to users of the current wideband MILSATCOM constellation. (Q3FY13) [OPR: IC-C4II]


Action 2.2.2 Expand enterprise wireless network and computing capabilities to ensure secure mobile device information sharing and enable a structured approach to mobile application development, testing, certification, and distribution for faster deployment of DoD-approved mobile applications. [OPR: IC-C4II; OCR: IE-SP]

Task 2.2.2.1 Support the Federal CIO Council with planning and hosting an annual mobile computing summit. (Q4FY13) [OPR: IC-C4II] Task 2.2.2.2 Provide DoD CIO guidance and direction to enable development and implementation of mobile devices and applications. (Q1FY13) [OPR: IC-C4II]

PRI 2.3: Enable Secure Information Sharing [OPR: IE-SP]

Objective: Enable all authorized users to have immediate, secure, and reliable access to the information they need to perform their missions and support effective and agile decision making. Relevance: The establishment of the foundation for discovery, accessibility, understandability, and trust of data is essential to achieve enterprise-wide secure information sharing. The DoD CIO will lead efforts to implement and align the required strategies (e.g., Federal Information Sharing), policy, and guidance (e.g., DoDD 8320.02, DoDI 8320), standards (e.g., Universal Core (UCore), data tagging), and implementation of data management initiatives, such as Controlled Unclassified Information (CUI) and Records Management.

Action 2.3.1 Guide adoption and implementation of secure information sharing technologies, processes, and practices throughout the Department. [OPR: IE-SP]

Task 2.3.1.1 Publish DoDI 8320.02, “Sharing Data, Information, and IT Services in the DoD”. (Q2FY13) [OPR: IE-SP]

Task 2.3.1.2 Revise the DoD directive on records management, DoDD 5015.02. (Complete) [OPR: IE-SP]

Task 2.3.1.3 Jointly sign the DoD National Archives and Records Administration (DoD-NARA) MOA. (Q1FY13) [OPR: IE-SP]

Task 2.3.1.4 Revise DoD Standard 5015.2-STD for records management applications. (Q4FY13) [OPR: IE-SP]

Task 2.3.1.5 Recommend courses of action for DoD-NARA cost savings. (Q1FY13) [OPR: IE-SP]

Task 2.3.1.6 Develop, staff, and publish IdAM non-person entity technical assessment report and recommended next steps. (Q2FY13) [OPR: IE-SP]

Task 2.3.1.7 Assess and evaluate a metrics program in support of PM-ISE. (Q2FY13) [OPR: IE-SP]

Task 2.3.1.8 Update the DoD Information Sharing Strategy. (Q1FY13) [OPR: IE-SP; OCR: CS-UCDMO]

Task 2.3.1.9 Update the DoD Information Sharing Implementation Plan. (Q1FY14) [OPR: IE-SP]


Task 2.3.1.10 Develop, staff, and publish an 8320.xx implementation instruction. (Q4FY13) [OPR: IE-SP]

Action 2.3.2 Guide adoption and implementation of information exchange standards for secure information sharing across the DoD and IC. [OPR: IE-SP]

Task 2.3.2.1 Incorporate oversight of the Information Exchange Toolkit roadmap into the DoD CIO Executive Board governance construct. (Q2FY13) [OPR: IE-SP]

Task 2.3.2.2 Transition XML terms of reference and reuse rules to a DISR GIG technical profile in coordination with DISA. (Q2FY13) [OPR: IE-AI]

Task 2.3.2.3 Transition Information Exchange Toolkit descriptions and dependencies to DISR in coordination with DISA. (Q2FY13) [OPR: IE-AI]

Action 2.3.3 Support the Multinational Information Sharing (MNIS) initiative. [OPR: IE-SP]

Task 2.3.3.1 Revise and publish DoDI 8110.01, “Information Sharing Capability Framework”. (Q1FY13) [OPR: IE-SP]

Action 2.3.4 Oversee and guide the activities to implement CUI in DoD. [OPR: IE-SP]

Task 2.3.4.1 Analyze the existing DoD Enterprise Information Environment (security marking/tagging tools, technologies, and networks) to determine the scope of required technology solutions needed; publish a CUI Implementation Environment white paper. (Q4FY13) [OPR: IE-SP]

Task 2.3.4.2 Facilitate DoD Component CUI implementation actions, such as conducting technical pilots/demos and resolving technical implementation issues that arise to Department level. (Q1FY14) [OPR: IE-SP]

Task 2.3.4.3 Develop a compilation of CUI strategic level, technical implementation metrics. (Q1FY13) [OPR: IE-SP]

Task 2.3.4.4 Draft initial programming language on technical implementation of CUI for SNaP-IT submission. (Q3FY13) [OPR: IE-SP]

Task 2.3.4.5 Define requirements and implementing strategy options for CUI enterprise marking/tagging tools and other technology solutions to implement CUI across the DoD Enterprise Information Environment; publish a CUI Technology Solutions white paper. (Q1FY13) [OPR: IE-SP]

Action 2.3.5 Develop and publish DoD CUI Technical Implementation Guidance to ensure a consistent CUI approach across DoD. [OPR: IE-SP]

Task 2.3.5.1 Draft and publish update to the DoD CUI Compliance Plan. (Q2FY13) [OPR: IE-SP]

Task 2.3.5.2 Update the DoD CUI Technical Implementation Plan. (Q2FY13) [OPR: IE-SP]

Task 2.3.5.3 Draft and publish DoD CUI Technical CONOPS. (Q3FY13) [OPR: IE-SP]


PRI 2.4: Deploy Enterprise Services [OPR: IE-SP]

Objective: Implement a suite of DoD enterprise services accessible by authorized users anywhere, anytime, while stationary and mobile, from tactical edge to sustaining base. Relevance: Implementing a robust set of DoD enterprise services will enable the rapid deployment of warfighter focused capabilities as well as increased efficiencies by leveraging the Department’s massive economy of scale.

Action 2.4.1 Develop and issue policies, directives, instructions, standards, and plans to guide the implementation of new IT enterprise services across the Department. [OPR: IE-SP] [3.3]

Task 2.4.1.1 Develop and publish a DoD instruction, and supporting processes, to drive adoption of networked DoD PNT enterprise services (GPS plus PNT alternatives). (Q1FY13) [OPR: IC-C4II] [3.3]

Task 2.4.1.2 Develop and publish an Enterprise Services Adoption Plan, in partnership with DISA. (Q3FY13) [OPR: IE-SP] [3.3] ** – NOT RESOURCED

Task 2.4.1.3 Implement enterprise services compliance reporting and oversight process. (Q1FY13) [OPR: IE-JIE Planning and Coordination Cell] [3.3] ** – NOT RESOURCED

Action 2.4.2 Provide DoD leadership to the Federal Shared Services Working Group. [OPR: IE-G; OCR: IE-AI]

Task 2.4.2.1 Ensure DoD equities are incorporated into the Federal Shared Services Strategy. (Complete) [OPR: IE-G; OCR: IE-AI]

Action 2.4.3 Implement the Federal Shared Services Strategy process per evolving OMB guidance. [OPR: IE-G]

Task 2.4.3.1 Develop a DoD Shared Services Plan. (Q3FY13) [OPR: IE-G; OCR: IE-SP]

Task 2.4.3.2 Implement two designated shared services. (Q1FY13) [OPR: IE-G; OCR: IE-SP]

Action 2.4.4 Promote use of OSS and OSS development methods within DoD. [OPR: IE-SP]

Task 2.4.4.1 Promote the Ozone Widget Framework (web-based compostable applications framework/AJAX portal technology) as an initial use case of government OSS (GOSS) and provide a GOSS Ozone Widget Framework Summit. (Q1FY13) [OPR: IE-SP]

Action 2.4.5 Release and support an Ozone Widget Framework, as per 2012 NDAA Section 924. [OPR: IE-SP]

Task 2.4.5.1 Establish a DISA/MilDep pilot “App Store” for secure distribution of applications to commercial mobile devices. (Q4FY13) [OPR: IE-SP]

Task 2.4.5.2 Draft a DoD Mobile Applications Strategy. (Q3FY13) [OPR: IC-C4II]

Task 2.4.5.3 Publish Ozone Widget Framework as open source software as directed by 2012 NDAA Section 924. (Q1FY13) [OPR: IE-SP]


Task 2.4.5.4 Establish process for contributions to Ozone Widget Framework. (Q4FY13) [OPR: IE-SP]

Action 2.4.6 Guide implementation of the Unclassified Information Sharing Services (UISS) for support of non-classified/unclassified information sharing with external mission partners. [OPR: IE-SP]

Task 2.4.6.1 Drive consolidation of existing non-classified/unclassified sharing environment into the new UISS. (Q4FY13) [OPR: IE-SP] – NOT RESOURCED

Task 2.4.6.2 Develop a UISS roadmap for unclassified shared enterprise services. (Q3FY13) [OPR: IE-SP]

Action 2.4.7 Guide implementation of Enterprise Cross Domain Services (ECDS). [OPR: CS-UCDMO]

Task 2.4.7.1 Conduct monthly ECDS Working Group meetings and weekly telecoms to develop an ECDS Roadmap, CONOPS, and charter focused on identifying requirements, gaps, common approaches, issues, and actions in transitioning towards use of ECDS. Publish and manage an initial DoD and IC ECDS Work Plan. (Q1FY13) [OPR: CS-UCDMO]

PRI 2.5: Implement Identity and Access Management [OPR: IE-SP]

Objective: Provide timely access to information using authentication infrastructure that provides dynamic access control capabilities granting authorized users access to information assets based on established enterprise identity attributes that contain biographical, contextual, and biometrics data.

Relevance: Access based on fraudulent identity is a recognized vulnerability for U.S. national security by asymmetric and cyber threats. The DoD CIO has a critical role in synchronizing identity issues across the Department for application in all mission environments. Department-wide IdAM capabilities will replace today’s decentralized, manually-intensive, organizationally-unique, static access control mechanisms that are becoming increasingly inefficient and unresponsive to DoD access needs and complicate non-repudiation for insider threats.

Action 2.5.1 Oversee and guide activities to implement near-term IdAM capabilities to ensure that enterprise person and non-person IdAM attributes are available to provide access to systems and data in a timely manner. [OPR: IE-SP]

Task 2.5.1.1 Oversee DISA’s initial development and reference implementation of IdAM services (early adopters and pilots). (Complete) [OPR: IE-SP]

Task 2.5.1.2 Oversee DISA’s and NSA’s initial development and reference implementation of IdAM support tools. (Complete) [OPR: IE-SP]

Task 2.5.1.3 Oversee DISA’s next increment of the reference implementation of IdAM services. (Q4FY13) [OPR: IE-SP]

Task 2.5.1.4 Oversee DISA’s and NSA’s next increment of the reference implementation of IdAM support tools. (Q4FY13) [OPR: IE-SP]


Task 2.5.1.5 Collaborate with DCIO(CS) to align near-term IdAM activities with long-term planning and guidance development activities focused on institutionalizing IdAM to support identity operations across all mission environments for secure, mission-driven access to information and services. (Q3FY15) [OPR: IE-SP]

Task 2.5.1.6 Provide recommendations to the Department on solutions involving digital policy, privileges/authorizations, and metadata, in coordination with NSA, Defense Manpower Data Center (DMDC), and DISA. (Q4FY13) [OPR: IE-SP]

Task 2.5.1.7 Develop and publish Enterprise Directory Services memo for the DoD Information Enterprise. (Complete) [OPR: IE-SP]

PRI 2.6: Transition to Cloud Computing Environment [OPR: IE-SP] Objective: Drive delivery and adoption of a secure, dependable enterprise cloud computing environment to enhance mission effectiveness and improve IT efficiencies to meet mission needs and support anywhere, anytime, information access.

Relevance: The transition to a cloud environment is a key enabler for the Department's mobility strategy and IT consolidation efforts to deliver the next generation IT environment, from the continental United States to the tactical edge.

Action 2.6.1 Develop, issue, and implement strategies and roadmaps, policies and guidance memoranda, and standards that support adopting and implementing cloud computing capabilities. [OPR: IE-SP] [2.1]

Task 2.6.1.1 Establish DoD PNT cloud governance through the DoD PNT Executive Committee to assess and advise on the acquisition of cloud PNT services and ensure the security of those services (NAVWAR). (Q2FY13) [OPR: IC-C4II] [2.1]

Task 2.6.1.2 Develop an initial DoD Cloud Computing Reference Architecture. (Q1FY13) [OPR: IE-SP; OCR: IE-AI] [2.1]

Task 2.6.1.3 With DISA, develop standards, reference implementation frameworks, and architectures to ensure interoperability and dependable end-to-end delivery of cloud services. (Q2FY13) [OPR: IE-AI; OCR: IE-SP] [2.1]

Task 2.6.1.4 Develop an initial DoD Cloud Computing Implementation Plan in conjunction with JIE implementation plans. (Q1FY13) [OPR: IE-SP] [2.1]

Task 2.6.1.5 Develop security control specifications and overlays, as necessary, to enable commercial cloud services to meet DoD security requirements. (Q2FY13) [OPR: CS-DIAP; OCR: IE-SP] [2.1]

Task 2.6.1.6 Develop and publish DoD CIO policy for acquiring and assuring security of commercial cloud computing services. (Q4FY13) [OPR: IE-SP; OCR: CS-DIAP] [2.1]

Task 2.6.1.7 Identify gaps and performance standards that prevent joint tactical forces from employing cloud computing approaches within a tactical environment and from leveraging enterprise cloud computing capabilities. Identify implementation and deployment policy revisions and recommendations necessary for tactical forces to make best uses of cloud computing services. (Q2FY13) [OPR: IC-C4II] [2.1]


Action 2.6.2 Drive activities to implement near-term cloud services to ensure enterprise IT efficiencies can be achieved in a timely manner. [OPR: IE-SP] [2.2]

Task 2.6.2.1 Drive development and implementation of initial Infrastructure-as-a-Service (IaaS) cloud services for the Department. (Q3FY13) [OPR: IE-SP] [2.2]

Task 2.6.2.2 Drive the implementation of initial pilot efforts to optimize the cloud service broker process for acquisition of commercial cloud services. (Q4FY13) [OPR: IE-SP] [2.2]

Task 2.6.2.3 Drive the acquisition of initial commercial cloud services via the cloud service broker for the DoD Enterprise Cloud Service Catalog. (Q1FY13) [OPR: IE-SP] [2.2]

PRI 2.7: Manage Spectrum [OPR: IC-SPP]

Objective: Ensure DoD spectrum access to meet warfighting needs.

Relevance: Access to the electromagnetic spectrum enables warfighters to use many technologies, including, radar, navigation, weapons, and communications systems. Future technologies will utilize spectrum as the foundation for wireless capabilities, which are essential to extending net-centric capabilities to the tactical edge. However, spectrum is a finite resource, and its use must be carefully managed. Action 2.7.1 Develop and implement DoD spectrum policy and strategic plans on the efficient and effective use and management of the electromagnetic spectrum. [OPR: IC-SPP]

Task 2.7.1.1 Develop a long-term spectrum strategy to respond to the growing commercial pressure to reallocate DoD spectrum. (Q1FY13) [OPR: IC-SPP] **

Task 2.7.1.2 Establish policy, assign responsibilities, and provide procedures to manage and use the electromagnetic spectrum more efficiently to include establishing performance, cost acquisition, and regulatory metrics. (Q2FY13) [OPR: IC-SPP] **

Task 2.7.1.3 Establish policy for the integration of all electromagnetic spectrum users and optimization of spectrum use, while minimizing harmful interference by friendly spectrum-dependent systems, to achieve joint electromagnetic spectrum operational environment control. (Q1FY13) [OPR: IC-SPP]

Task 2.7.1.4 Update policy and responsibilities for management and implementation of the DoD Electromagnetic Environmental Effects program. (Q1FY13) [OPR: IC-SPP]

Task 2.7.1.5 Coordinate with DISA to maintain and update the Defense Spectrum Management Architecture, its transition strategy, and roadmap; and ensure congruence with the DoD Spectrum Strategy. (Q2FY13) [OPR: IC-SPP] – NOT RESOURCED

Action 2.7.2 Represent DoD positions in national and international forums. [OPR: IC-SPP]

Task 2.7.2.1 Develop and coordinate DoD positions for the World Radiocommunications Conference 2015. (Q2FY15) [OPR: IC-SPP] – NOT RESOURCED


PRI 2.8: Ensure National Leadership Command Capabilities Assured Connectivity [OPR: IC-NLCC]

Objective: Provide a robust DoD process and vision for producing assured, reliable, and enduring national-level command, control, and communications (C3) capabilities utilizing a set of secure and non-secure national leadership command capabilities information services and information environment.

Relevance: Carries out the national guidance and DoD policy to develop a national and nuclear C2 capability; provides secure, integrated, continuity of government communications to the President, the Vice President, and at a minimum, Category I executive departments and agencies; and establishes NLCC as the DoD construct for information integrationsupporting national leadership planning, situational awareness, and decision making.

Action 2.8.1 Establish, issue, and implement policies, directives, instructions, and standards to achieve robust national leadership command capabilities supported by an enterprise strategy that provides guidance for monitoring and enhancing the NLCC. [OPR: IC-NLCC]

Task 2.8.1.1 Identify and assess gaps and overlaps in end-to-end NLCC and provide mitigation where appropriate. (Q4FY13) [OPR: IC-NLCC]

Task 2.8.1.2 Develop new and updated directives and instructions for NLCC configuration management; nuclear command, control, and communications; and governance. (Q4FY13) [OPR: IC-NLCC]

Task 2.8.1.3 Lead an interagency policy committee to develop the plan for assured NLCC connectivity. (Q4FY13) [OPR: IC-NLCC]

PRI 2.9: Improve Joint C2 Capabilities [OPR: IC-C4II]

Objective: Provide strategic direction, policy guidance, and oversight to enable the Department to effectively define, prioritize, acquire, govern, manage, and implement C2 capabilities in support of DoD operations.

Relevance: Establishes and implements the Department’s overall C2 strategy, approach, structure, and policies to enable enterprise-wide migration towards a services-oriented environment and open architectures. Promotes more effective information sharing and integration of C2 capabilities at the national, strategic, operational, and tactical levels through the more efficient use of resources, common architectures and standards, software reuse, and data exposure.

Action 2.9.1 In coordination with USD(AT&L) and Joint Staff, lead the Department’s effort to manage and integrate joint C2 acquisition activities, associated tools, and authoritative data sources. [OPR: IC-C4II]

Task 2.9.1.1 In coordination with USD(AT&L), Combatant Commands, Military Services, and agencies (CC/S/A), support the development and approval of the annual Joint C2 Sustainment and Modernization Plan. (Q1FY13) [OPR: IC-C4II]


Task 2.9.1.2 In coordination with USD(AT&L), conduct the annual Joint C2 Capability Area Review for joint C2 capabilities. (Complete) [OPR: IC-C4II]

Task 2.9.1.3 In coordination with USD(AT&L) and Joint Staff, develop, staff, and publish the Joint C2 Terms of Reference. (Q2FY13) [OPR: IC-C4II]

Task 2.9.1.4 In collaboration with USD(AT&L), identify and evaluate candidate Joint C2 Capabilities for compliance with approved criteria and architectures. (Q1FY13) [OPR: IC-C4II]

Task 2.9.1.5 Designate the initial set of current and planned C2 services, with an actionable plan to direct/assess progress of implementation across the Joint C2 Capability Area. (Q1FY13) [OPR: IC-C4II]

Task 2.9.1.6 Provide recommendations on program resources and integrated capability planning for the portfolio of Joint C2 programs. (Complete) [OPR: IC-C4II]

Task 2.9.1.7 In coordination with USD(AT&L)/ASD(R&E), develop and test a releasable prototype device to minimize friendly fire against dismounts; meet stringent size, range, and battery life constraints. (Q3FY13) [OPR: IC-C4II]

Task 2.9.1.8 Provide oversight and direction to guide Defense Messaging System sunset and replacement activities. (Q4FY14) [OPR: IC-C4II]

Action 2.9.2 Provide C2 policies, guidance, and strategic approaches for all C2 capabilities on an enterprise-wide basis across the Department. [OPR: IC-C4II]

Task 2.9.2.1 Update and publish DoDD O-5100.30 (DoD C2) as DoDI 3700.aa, which reflects the organizational changes due to disestablishment of ASD(NII) and USJFCOM, and transfer of acquisition responsibilities to USD(AT&L). (Q2FY13) [OPR: IC-C4II] [5.4]


Overview The DoD CIO leads and enables a diverse range of collaborative partnerships with internal and external stakeholders, including international partners. The DoD CIO chairs and participates in the work of a wide array of Defense, interagency, and international boards and forums, and engages in the joint requirements, acquisition, and budgeting processes. Through such work, the DoD CIO guides DoD’s Information Enterprise toward delivering discoverable, accessible, and trusted information sources and application services through judicious balancing of capital investments.

Effective international partnerships are critical to our success as an organization and as a Department. In support of the National Security Strategy and the National Military Strategy, the DoD CIO seeks to enable the allied national security community to exchange information and collaborate seamlessly and securely to ensure our shared objectives are achieved. The DoD CIO will contribute to an information environment, based on architecture and standards, that allows trusted partners to work together across a range of challenges to protect our collective interests.

The DoD CIO is engaged with our DoD and other U. S. Government partners at all levels (federal through local) to improve information sharing and interoperability. The DoD CIO will also establish clear roles and responsibilities with partners for NLCC support, ensure appropriate DoD CIO support for contingency operations Information and Communications Technology (ICT) issues, maintain and strengthen partnerships with NATO and other key allies, and enhance DoD CIO strategy and communications to improve alignment with our mission partners.

Specific activities in developing effective partnerships include strategic dialogue, personal engagement, coordination of policy and standards development and promulgation, facilitating work with other OSD elements, negotiating formal agreements in areas of mutual benefit, representing partner issues to OSD, sharing technical and operational insights when appropriate, and acting as mediator when partner strategies and/or initiatives are in conflict. Additionally, in support of the National Military Strategy affirmation that NATO remains our Nation’s preeminent multilateral alliance, the DoD CIO serves as the Department’s representative to the NATO Consultation Command and Control Board (C3B), and promotes U.S. interests at NATO through robust participation in related capability panels, capability teams, and working groups.

AOE 3: Forge Partnerships


Strategic Objective

Form collaborative partnerships with internal and external stakeholders to deliver responsive mission essential capabilities, protect DoD equities, and ensure interoperability and reliability—by aligning strategic plans, architecture, and standards; balancing capital investments; and integrating doctrine and operational procedures.

Steady State

Infrastructure and IT Consolidation SS 3.1 Participate in DoD CIO and IC CIO enterprise infrastructure alignment efforts to achieve cost savings and improve operational effectiveness. [OPR: IE-SP]

IT Budget Oversight SS 3.2 Improve DoD CIO relationships with USD(C) and CAPE to leverage existing program review/approval processes to gain better oversight and understanding of Military Services/ agency IT investments. [OPR: IC-C4II; OCR: R-IT]

Information Sharing SS 3.3 Represent DoD in USG and international forums that focus on rapid, agile, and persistent sharing of civilian/military information and situational awareness to facilitate coordination and cooperation with interagency and external mission participants. [OPR: IE-SP; OCR: CS-DIB]

SS 3.4 Represent DoD in bilateral and multilateral forums that focus on C3 and IT systems, programs, and policies to promote assured information sharing capabilities and protect DoD interests. [OPR: IE-IA]

Internal DoD Partnerships SS 3.5 Engage with various elements within USD(P) and USD(I) to ensure ICT enablers for irregular warfare, stability operations, disaster response, and security cooperation are incorporated into policy, guidance, and strategies. [OPR: IE-SP]

SS 3.6 Engage with various offices within OSD during technology transfer and export control decisions to protect key U.S. technology and information, while ensuring C3/IT interoperability. [OPR: IE-IA]

SS 3.7 Support CC/S/A on international aspects of C3 and IT systems, programs, and policies. [OPR: IE-IA]

Federal, State, Local, and Tribal Partnerships SS 3.8 Participate in and support federal councils, committees, initiatives, and boards to represent and support the DoD CIO’s equities. These include Federal CIO Council, Management Best Practices Committee, Federal Strategic Sourcing Initiative, GSA SmartBUY program, Federal IPv6 Interagency Working Group, and FEA Committee. [OPR: IE-AI; OCR: IE-IM]

SS 3.9 Serve as member of the Federal CIO Council (FCIOC). Maintain and monitor all activities and actions of the FCIOC and its substructure, and all actions issued from its reports, memorandums, and e-mails. [OPR: IE-IM]


SS 3.10 Represent the DoD CIO, and lead initiatives of DoD interest, on the Federal CIO Council Privacy, IT Workforce, Management Best Practices and Accessibility Committees. [OPR: IE-IM]

SS 3.11 Support USD(P)/Assistant Secretary of Defense for Homeland Defense and Americas’ Security Affairs (ASD(HD&ASA) on information and situational awareness sharing initiatives that improve Department support for civil authority missions. [OPR: IE-SP]

SS 3.12 Provide DoD SME representation at various federal and DoD-sponsored conferences. [OPR: DCIO(CS); OCR: IE-AI]

Existing Industry and International Partnerships/Alliances SS 3.13 Enable the seamless and secure exchange of information and collaboration with the allied national security community, particularly with NATO and the Five Eyes nations. DoD CIO serves as the Department’s representative to the NATO C3B, and promotes U.S. interests at NATO through robust participation in related capability panels, capability teams, and working groups. [OPR: IE-IA]

SS 3.14 Improve DoD’s relationship with the United Nations and its subordinate organizations, non-governmental organizations, and other external DoD partners to encourage better information sharing, trust, and organizational understanding. [OPR: IE-SP]

SS 3.15 Develop and maintain relationships with industry partners to better understand their efforts in countries on the stability watch list. [OPR: IE-SP] – NOT RESOURCED

SS 3.16 Maintain and strengthen relationships with key allies and partners to enhance interoperability and assured information sharing. [OPR: IE-IA]

SS 3.17 Support U.S. participation in the Five Eyes National Security CIO Forum and its efforts to improve interoperability and secure information sharing at all classification levels among the five nations of Australia, Canada, New Zealand, United Kingdom (UK), and the U.S. [OPR: IE-IA; OCR: IE-SP, DCIO(CS)]

SS 3.18 Negotiate DoD CIO-specific international agreements and coordinate on international agreements from the CC/S/A levels with CIO equities. [OPR: IE-IA; OCR: DCIO(CS)]

SS 3.19 Direct DoD CIO support of the U.S./UK Interoperability Commission’s subordinate activities, in coordination with DCIO(C4&IIC) and USD(AT&L). [OPR: IE-IA]

SS 3.20 Monitor technological developments within industry, through such activities as industry product reviews, to maintain DoD awareness of industry's latest capabilities and sustain an effective IA Connect program. [OPR: CS-DIAP] – NOT RESOURCED

Interagency and International PNT Matters SS 3.21 Provide overall guidance on national and international matters related to PNT. [OPR: IC-C4II]

SS 3.22 Develop and implement policy related to DoD participation in national and international PNT activities, in coordination with USD(P). [OPR: IC-C4II]

Congressional and Other Oversight Matters SS 3.23 Meet with key members of Congress and their staff to discuss DoD CIO events and activities, documents, and other publications. [OPR: R-PA]

SS 3.24 Provide ad hoc briefings to congressional staffers on authorizing, appropriation, and other committee concerns pertaining to DoD CIO areas of responsibility. [OPR: R-PA]


SS 3.25 Monitor key legislation such as cybersecurity, spectrum, and IT reporting. [OPR: R-PA]

SS 3.26 Provide comments on DoD and other federal agencies Request for Quotes (RFQs), Quarterly Financial Reports (QFRs), and briefings. [OPR: R-PA]

SS 3.27 Prepare testimony documents on IT issues and assist in their presentation to congressional committees. [OPR: R-PA]

SS 3.28 Oversee preparation and submission of materials in response to congressional reporting requirements. [OPR: R-PA]

PRI 3.1: Foster More Effective Partnerships at the Federal, State, Local, and Tribal Levels [OPR: IE-SP]

Objective: Ensure that partnerships with key federal, state, local, and tribal government organizations provide more timely situational awareness for decision makers and enable trusted collaboration. Relevance: Establishes a priority for partnering with federal, state, local, and tribal government organizations to ensure interoperability and information sharing with the Department. It provides opportunities for the Department to leverage products and best practices from other organizations.

Action 3.1.1 Drive DoD toward the adoption of the National Information Exchange Model (NIEM) as the standard for information sharing with mission partners. [OPR: IE-SP]

Task 3.1.1.1 Resolve differences between C2 Core, UCore, and NIEM. (Q4FY13) [OPR: IE-SP]

PRI 3.2: Establish Clear Roles and Responsibilities with DoD and Non-DoD Partners on NLCC Support [OPR: IC-NLCC]

Objective: Strengthen and clarify DoD CIO partnerships with COCOMs, Military Services, and agencies, and create governance structures with clear strategies, priorities, accountability, and metrics. Relevance: Provides clarity on roles, responsibilities, and processes for which DoD CIO has a leadership role in conjunction with a CC/S/A.

Action 3.2.1 Establish clear roles, responsibilities, and coordination/decision processes with USSTRATCOM, U.S. Air Force (USAF), and DoD CIO on NLCC support. [OPR: IC-NLCC]

Task 3.2.1.1 Draft DoD directive that specifies roles and responsibilities for NLCC. (Q4FY13) [OPR: IC-NLCC]


PRI 3.3: Ensure Warfighters Receive Appropriate DoD CIO Support for Contingency Operation ICT Issues [OPR: IE-SP]

Objective: Strengthen existing relationships and establish new processes/procedures to ensure ICT issues for the warfighter that require DoD CIO involvement are visible and receive priority action for resolution, through partnerships with COCOMs, Military Services, and agencies, and create governance structures with clear strategies, priorities, accountability, and metrics. Relevance: Ensures that CC/S/A ICT issues receive appropriate engagement from the DoD CIO in support of stability operations, humanitarian assistance, disaster response, civil/military information sharing, and contingency ICT. Action 3.3.1 Provide integrated ICT support to enable stability operations, humanitarian assistance, disaster response, civil/military information sharing, and contingency ICT support to the Afghanistan Senior Telecom Advisor and Telecom Advisory Team. [OPR: IE-SP]

Task 3.3.1.1 Conduct pilot project with USD(P) and the Federal Communications Commission (FCC) on use of cellular capabilities to notify overseas U.S. personnel of emergencies. (Q2FY13) [OPR: IE-SP] - NOT RESOURCED

Task 3.3.1.2 Conduct Humanitarian Assistance Disaster Response information sharing assessments. (Complete) [OPR: IE-SP]

Task 3.3.1.3 Update and revise DoDD 8220.02, “Information and Communications Technology (ICT) Capabilities for Support of Stabilization and Reconstruction, Disaster Relief, and Humanitarian and Civic Assistance Operations”. (Q4FY13) [OPR: IE-SP]

Task 3.3.1.4 Guide and influence COCOM Endeavor and key information sharing exercises to focus more effort on information sharing and information as the interoperability point. (Q3FY13) [OPR: IE-SP]

Task 3.3.1.5 Develop minimum interoperability guidance for DoD's implementation of land mobile radio solutions to inform current and future acquisition and implementation strategies. (Q3FY13) [OPR: IC-C4II]

Action 3.3.2 Improve ICT for international response capabilities and build consensus for a comprehensive USG approach to ICT via an interagency ICT working group. [OPR: IE-SP]

Task 3.3.2.1 Support development of the Department of State International Response Plan by incorporating ICT working group recommendations. (Q4FY13) [OPR: IE-SP]

Action 3.3.3 Provide integrated ICT plan to support Asia Pacific rebalancing efforts. [OPR: IC-C4II]

Task 3.3.3.1 Develop C4/ICT strategy to support forces in the Asia Pacific theater. (Complete) [OPR: IC-C4II]

Task 3.3.3.2 Present Deep Dive to the Asia Pacific Deputy's Management Action Group (DMAG) with investment strategy and associated programmatic issues. (Q2FY13) [OPR: IC-C4II]


PRI 3.4: Enable Information Sharing and Secure Collaboration with NATO and Other Key Allies and Partners to Support Our Mutual Defense Interests [OPR: IE-IA]

Objective: Strengthen existing international relationships and guide DoD CIO cooperation activities based on goals and policy specific to activity, functional area, or nation. Relevance: Ensures effective interoperability and information sharing between DoD and NATO and other key allies and partners.

Action 3.4.1 Promote U.S. interests in NATO policy, planning, and standards for consultation command and control and for cybersecurity. [OPR: IE-IA]

Task 3.4.1.1 Based on the Joint Staff concept for a Future Mission Network (FMN), support the Joint Staff sponsored FMN study and promote follow-on actions based on study recommendations. (Complete) [OPR: IE-SP; OCR: IE-IA, IC-C4II]

Action 3.4.2 Establish and oversee agreements for sharing communications systems and services with select allies. [OPR: IE-IA; OCR: IC-C4II]

Task 3.4.2.1 Oversee and monitor the agreed equivalent value exchange of communications systems and services with the UK. (Q3FY13) [OPR: IE-IA]

Task 3.4.2.2 Review and amend or adjust the agreement with the UK to exchange communications systems and services. (Q2FY13) [OPR: IE-IA]

Task 3.4.2.3 Establish an agreement with Canada for the equivalent value exchange of communications systems and services and begin monitoring the exchange. (Complete) [OPR: IE-IA]

Task 3.4.2.4 Establish an agreement with Australia for the equivalent value exchange of communications systems and services and begin monitoring the exchange. (Q2FY13, Q2FY14) [OPR: IE-IA]

Task 3.4.2.5 Establish and oversee the execution of a project arrangement with France for sharing of information and data between national C2 systems. (Q1FY13) [OPR: IE-IA] – NOT RESOURCED

Task 3.4.2.6 Lead U.S. technical representation in cooperative exchanges and developments under provisions of the U.S./Swedish C4 Information Master Information Exchange Agreement. (Q3FY13) [OPR: IE-IA; OCR: IC-C4II]

Task 3.4.2.7 Co-lead tiger teams for MILSATCOM, Information Sharing/Command Systems Interoperability, and Ground C4ISRunder provisions of the U.S./UK Interoperability Commission. (Complete) [OPR: IC-C4II]

Action 3.4.3 Engage with key allies and partners to improve their interoperability with the U.S. by sharing information and collaborating on information management, C2, communications systems, and related policy. [OPR: IE-IA]

Task 3.4.3.1 Develop new or review and update terms of reference supporting forums with key allies or partners. (Q1FY13) [OPR: IE-IA]

Task 3.4.3.2 Develop collaboration roadmaps for Australia, Japan, the Republic of Korea, and Singapore. (Q1FY13) [OPR: IE-IA]


Task 3.4.3.3 Develop a regional engagement strategy for the Western Hemisphere in coordination with USSOUTHCOM and USD(P). (Complete) [OPR: IE-IA]

Action 3.4.4 Finalize a combined communications partnership (Combined Communications Gateway Geraldton (C2G2)) with the Australian DoD. [OPR: IE-IA; OCR: IC-C4II]

Task 3.4.4.1 Conclude technical discussions to support an Australian government decision on C2G2. (Q1FY13) [OPR: IE-IA; OCR: IC-C4II]

Task 3.4.4.2 Finalize agreement on C2G2 with Australia. (Q4FY13) [OPR: IE-IA; OCR: IC-C4II]

Action 3.4.5 Lead the Department’s effort to improve C2 coalition information sharing. [OPR: IC-C4II]

Task 3.4.5.1 Develop and implement the C2 Coalition Information Sharing Roadmap, with emphasis applicable to joint C2. (Q2FY13) [OPR: IC-C4II]

Task 3.4.5.2 Lead DoD development and execution of the Joint Management Plan and the National Schedule of Tasks supporting the approved three-year international Project Arrangement (PA) between the U.S. DoD and UK Ministry Of Defence (MOD) to enhance interoperability of U.S./UK information sharing command systems in support of the Interoperability Commission. (Q4FY14) [OPR: IC-C4II]

Task 3.4.5.3 Co-lead with Joint Staff Task #3: Collaborative Standards Improvement, as part of the National Schedule of Tasks supporting the approved three-year international PA between the U.S. DoD and UK MOD to enhance interoperability of U.S./UK information sharing command systems in support of the Interoperability Commission. (Q1FY13) [OPR: IC-C4II]

Task 3.4.5.4 Co-lead with Joint Staff Task #5: Interoperability in Combined C2 Improvement, as part of the National Schedule of Tasks supporting the approved three-year international PA between the U.S. DoD and UK MOD to enhance interoperability of U.S./UK information sharing command systems in support of the Interoperability Commission. (Q1FY13) [OPR: IC-C4II]

Task 3.4.5.5 Co-lead the development of an initial Common Mission Network Transport Implementation Plan and its initial site development. (Q4FY13) [OPR: IC-C4II]

PRI 3.5: Enhance DoD CIO Strategy and Communications [OPR: IE-G]

Objective: Improve alignment of DoD CIO organizational responsibilities with our mission partners.

Relevance: These plans direct and synchronize the actions of the DoD CIO organization over the next 500 days to evolve the information enterprise and maintain unhindered operational support.

Action 3.5.1 Enhance planning processes for the DoD CIO organization for the delivery of capabilities. [OPR: IE-G]

Task 3.5.1.1 Update and publish a revised DoD CIO Campaign Plan, based on organization realignment and FY12/FY13 budget allocations. (Q1FY13) [OPR: DCIO(IE)]


Task 3.5.1.2 Establish a mechanism for tracking and communicating progress in executing the DoD CIO Campaign Plan. (Q2FY13) [OPR: IC-PM; OCR: DCIO(IE)]

Action 3.5.2 Establish and implement a DoD CIO Strategic Engagement Implementation Strategy to include major stakeholder groups/individuals, i.e., DoD organizations, IC, other federal agencies, Congress, mission partners, and industry/academia. [OPR: IC-PM]

Task 3.5.2.1 Prepare and deliver materials necessary to re-brand the organization as DoD CIO. (Complete) [OPR: IC-PM]

Task 3.5.2.2 Present DoD CIO IA awards, awarded annually at the Information Assurance Symposium. (Q3FY13) [OPR: CS-DIAP]

Action 3.5.3 Develop the DoD IT Enterprise Strategy and Roadmap Implementation Plan to guide DoD Components in delivery of the JIE. [OPR: ITESR Task Force]

Task 3.5.3.1 Develop and publish an annual revision of the DoD ITESR. (Q2FY13) [OPR: ITESR Task Force]

Task 3.5.3.2 Ensure that the capability gaps identified in GIG 2.0 ICD and the DoD GIG 2.0 Implementation Guidance are mapped to activities within the JIE POA&M (technical solutions as well as governance mechanism for prioritization and evolution) for resolution. (Q1FY13) [OPR: ITESR Task Force]

Task 3.5.3.3 Begin execution of Increment 1 of the JIE POA&M. (Complete) [OPR: IE-JIE Planning and Coordination Cell]


Overview

A holistic management approach is required to acquire and sustain a pipeline of well-trained, highly qualified IT/cybersecurity professionals to support and defend DoD’s Information Enterprise. The total DoD IT/cybersecurity workforce community is composed of over 227,000 personnel (152,000 active duty and reservists, and 75,000 civilians) who work in both typical IT occupations, as well as cross-cutting functional areas. These numbers and workforce mix are evolving to meet the Department’s current, continuously emerging, and expanding mission requirements.

As the OSD IT/cybersecurity Functional Community Manager (FCM), the Office of the DoD CIO provides oversight in the management of IT/cybersecurity professionals within the military and DoD civilian workforce. Partnerships are formed across government, as well as with industry and academia, to influence and represent the interests of the DoD IT/cybersecurity community. The FCM works in strategic partnership with key stakeholders throughout the IT/cybersecurity community, as well as other communities (e.g., the Office of Personnel Management (OPM), OMB, and the Federal CIO Council).

The FCM framework enables management oversight of the DoD civilian IT/cybersecurity workforcerecruiting and retention, training, education and professional development across the Department. Key aspects supporting this priority include: overseeing civilian IT/cybersecurity workforce management and reporting; partnering with DoD Component Functional Community Managers to develop competencies, career paths and training; as well as conducting capability assessments to close skill gaps impacting mission readiness.

The DoD IT/cybersecurity workforce is a critical enabler to every element of the Department’s evolving mission and functions. DoD’s ability to create and leverage information superiority to carry out its missions depends on a highly skilled technical workforce prepared to effectively use and apply current and emerging information technologies to deliver mission capabilities while protecting DoD data, information, and infrastructures.

In addition to managing the IT/cybersecurity workforce, the Office of the DoD CIOas the IT acquisition workforce functional leaderis the proponent for the IT functional community within the defense acquisition workforce. Within DoD and across the federal IT acquisition landscape, a series of change initiatives is underway to improve the acquisition of IT systems, driven internally by DoD’s need to acquire information technology and cyber capabilities more effectively and efficiently.

AOE 4: Evolve the IT/Cybersecurity Workforce


Initiatives to strengthen the IT acquisition workforce are structured with the following goals in mind:

• Create a robust, sustainable IT acquisition workforce • Develop a competency taxonomy and career roadmap • Sustain learning and growth throughout the professional lifecycle.

It is critical that all areas of the human capital management spectrum are managed to sustain a pipeline of agile IT/cybersecurity/acquisition professionals with the experience, aptitude and creativity to meet the technological, cybersecurity and acquisition challenges of the Department. To address constantly changing technological skill requirements, key workforce management initiatives such as recruitment and retention, education and training, and continuous development are addressed in this Area of Execution to build a strong sustaining force.

Strategic Objective

Develop and sustain a broader, balanced current workforce and “workforce of the future” with the competencies and proficiencies necessary to operate, defend, and advance the DoD IE. Steady State

Information Technology/Cybersecurity Functional Community Management SS 4.1 Develop competencies, proficiencies, career paths, and training; perform capability assessments to close skill gaps impacting mission readiness. [OPR: IE-IM]

SS 4.2 Identify trends and advocate policies and tools to help in strategic human capital planning and workforce sustainment. [OPR: IE-IM]

SS 4.3 Address current and emerging recruitment and retention strategies, education and training, and technological requirements. [OPR: IE-IM] [10.4]

SS 4.4 Coordinate strategies and initiatives with USD(P&R), industry, academia, and other agencies to develop a pipeline that provides trained/certified IT/cybersecurity professionals to satisfy the Department’s needs for operation and defense of the DoD Information Enterprise. [OPR: IE-IM; OCR: CS-DIAP]

Information Technology Acquisition Workforce SS 4.5 Provide leadership and oversight of career development requirements. [OPR: IE-IM]

SS 4.6 Establish IT acquisition competencies and maintain/validate education, training, experience, and certification requirements for the community. [OPR: IE-IM] [10.2]

SS 4.7 Manage the development of the IT Program Management (PM) community within DoD. [OPR: IE-IM]

SS 4.8 Conduct Functional Integrated Product Team (FIPT) meetings to implement the DoD CIO/USD(AT&L) IT Acquisition Workforce Strategy, ongoing quarterly. [OPR: IE-IM]


CIO Workforce Development and Support SS 4.9 Advise/support the DoD CIO on a range of management and operational matters, including: DoD CIO human capital strategy planning and the administration of civilian and military personnel hiring, security and recruitment activities; evaluations and awards processes; physical security and COMSEC oversight for all DoD CIO facilities; correspondence and staff action control; supply management; office automation; and all other administrative services aimed at the effective functioning of the organization. [OPR: R-AM] – NOT RESOURCED

SS 4.10 Perform correspondence and records management functions for the DoD CIO organization, including performing duties as SACCP administrator. [OPR: R-AM]

SS 4.11 Support the Information Sharing Services (ISS) Line of Business (LOB) DoD Program Management Office (PMO), including serving as liaison with federal customer agencies and DISA; serving on the ISS LOB Customer Advisory Board (CAB); and providing recommendations to CAB for improving and extending the program. [OPR: CS-DIAP]

SS 4.12 Liaise with Centers of Academic Excellence in IA Education to promote partnerships and collaboration for meeting the DoD cybersecurity mission. [OPR: CS-DIAP]

SS 4.13 Chair the DoD IA Scholarship Program (IASP) Steering Committee. [OPR: IE-IM; OCR: CS-DIAP]

SS 4.14 Manage IASP program budget and resource allocation. [OPR: CS-DIAP]

SS 4.15 Partner with training and certification providers to enable commercial training and certification products to meet DoD mission-critical needs. [OPR: CS-DIAP]

SS 4.16 Support development of national standards to meet DoD mission needs through representation on, and participation in, federal-wide working groups (e.g., the CNSS Education/ Training/Awareness Working Group and the American National Standards Institute (ANSI) Board). [OPR: CS-DIAP]

SS 4.17 Conduct sessions with the National Defense University iCollege to ensure curricula are regularly updated to reflect new legislation, policies, and competency/curriculum assessment results. [OPR: IE-IM]

SS 4.18 Co-chair, with DHS, the National Initiative for Cybersecurity Education (NICE) Workforce Training and Professional Development Working Group for IT Infrastructure, Operations, Maintenance and Information Assurance. [OPR: CS-DIAP]

SS 4.19: Support infusion of cyber warfare concepts into appropriate academic curriculum, activities/forums, and into professional military education (PME) at U.S. Military Service academies. [OPR: CS-DIAP]

SS 4.20 Implement the IA/cybersecurity Workforce Improvement Program; conduct oversight and governance of the IA Workforce Improvement Program. [OPR: CS-DIAP]

Engagement with Private Sector SS 4.21 Engage relevant private sector cybersecurity certification providers to incorporate performance-based elements in their testing. [OPR: CS-DIAP]

SS 4.22 Engage relevant private sector cybersecurity training providers to incorporate scenario- and performance-based elements in their training curriculum. [OPR: CS-DIAP]

SS 4.23 Respond to congressional/GAO inquiries on IT/IM workforce issues. [OPR: IE-IM]


PRI 4.1: Manage the IT/Cybersecurity Functional Community Workforce [OPR: IE-IM; OCR: CS-DIAP]

Objective: Apply the FCM framework for effective strategic planning and workforce sustainment.

Relevance: An agile, highly skilled IT/cybersecurity workforce is critical for dynamically operating, defending, and advancing the DoD Information Enterprise.

Action 4.1.1 Manage IT/cybersecurity workforce policy and planning. [OPR: IE-IM; OCR: CS-DIAP]

Task 4.1.1.1 Prepare and submit to OPM a report on IT competency gap analysis required by Title 5, Code of Federal Regulations, Section 250. Prepare loss/gain projections and a strategy to address gaps. (Q1FY13) [OPR: IE-IM]

Task 4.1.1.2 Draft and formally coordinate a DoD directive establishing the basic workforce management requirements, definition, and qualification standards for the DoD’s cyberspace workforce. (Q2FY13) [OPR: CS-DIAP]

Task 4.1.1.3 Draft and formally coordinate the detailed manuals required to support the cybersecurity workforce requirements. (Q3FY13) [OPR: CS-DIAP]

Task 4.1.1.4 Coordinate with USD(P&R)/DMDC to integrate data requirements into the manpower and personnel systems to support workforce management responsibilities. (Complete) [OPR: CS-DIAP; OCR: IE-IM]

Task 4.1.1.5 Revise DoDD 8570, “IA Workforce,” to ensure that the workforce policy includes training requirements for mobile security. (Q3FY13) [OPR: CS-DIAP]

Task 4.1.1.6 Provide DoD corporate memberships to support cybersecurity workforce qualification requirements. (Q2FY13) [OPR: CS-DIAP]

Task 4.1.1.7 Provide certification/qualification pre-assessments for cybersecurity workforce personnel. (Q2FY13) [OPR: CS-DIAP]

Action 4.1.2 Prepare and submit the IT FCM appendix for the DoD Strategic Human Capital Plan. [OPR: IE-IM]

Task 4.1.2.1 Prepare and deliver lessons learned during the Strategic Workforce Planning Summit. (Complete) [OPR: IE-IM]

Task 4.1.2.2 Conduct environmental scan and assess overall functional community health. (Complete) [OPR: IE-IM]

Task 4.1.2.3 Identify mission-critical occupation targets and staffing gaps and forecast workforce shaping needs. (Complete) [OPR: IE-IM]

Task 4.1.2.4 Develop strategies to close gaps in mission critical occupations. (Q1FY13) [OPR: IE-IM]

Action 4.1.3 Partner on federal-wide IPT to develop a repeatable methodology for determining federal-wide and agency high risk, mission-critical occupations/competencies. [OPR: IE-IM]

Task 4.1.3.1 Identify skills gaps and causes. Develop strategies to reduce federal workforce gaps. (Q2FY13) [OPR: IE-IM]


Task 4.1.3.2 Implement strategies and track progress in reducing federal workforce gaps. (Q1FY13) [OPR: IE-IM]

Action 4.1.4 Complete competency frameworks for IT occupational series. [OPR: IE-IM]

Task 4.1.4.1 Engage OUSD(P&R) and DoD Component SMEs to complete the IT Specialist (2210 series) (core and 3 specialty area) competencies and proficiencies. (Q4FY13) [OPR: IE-IM]

Task 4.1.4.2 Develop IT Specialist (2210 series) roadmap plan. (Q4FY13) [OPR: IE-IM]

Action 4.1.5 Work with OUSD(P&R) to develop an enterprise-wide DoD Competency Assessment Tool (DCAT). [OPR: IE-IM]

Task 4.1.5.1 Conduct system test. (Q2FY13) [OPR: IE-IM]

Task 4.1.5.2 Test load 2210 series competencies and proficiencies. (Q4FY13) [OPR: IE-IM]

PRI 4.2: Strengthen the IT Acquisition Workforce [OPR: IE-IM]

Objective: Establish, maintain, and manage the IT Acquisition career field competency model; certification standards; career paths; and position category descriptions.

Relevance: Enhance the Department’s development, management, and use of information technology by building a strengthened corps of highly skilled, trained, and experienced IT acquisition and IT program management professionals.

Action 4.2.1 Strengthen the IT acquisition workforce competencies. [OPR: IE-IM]

Task 4.2.1.1 Conduct review to update IT acquisition workforce competencies. (Complete) [OPR: IE-IM] [10.2]

Task 4.2.1.2 Review and update Defense Acquisition University (DAU), iCollege, and other curricula to ensure new IT acquisition competencies are incorporated, and update continuous learning modules. (Q4FY13) [OPR: IE-IM] [10.3]

Action 4.2.2 Develop and manage the IT PM Career Path. [OPR: IE-IM]

Task 4.2.2.1 Establish management plan to define, manage, and track the DoD IT PM community. (Q3FY13) [OPR: IE-IM]

Task 4.2.2.2 Develop IT PM key leadership position requirements and training to enhance performance of IT projects/programs. (Q2FY13) [OPR: IE-IM]

Task 4.2.2.3 Work with USD(AT&L) and DAU to develop certification requirements for IT PMs; align with IT acquisition reform initiatives. (Q4FY13) [OPR: IE-IM] – NOT RESOURCED

Task 4.2.2.4 Work with the iCollege to offer IT Program Management/Project Management certifications and professional development seminars to IT acquisition professionals. (Q4FY13) [OPR: IE-IM] – NOT RESOURCED


PRI 4.3: Enhance IT/Cybersecurity Recruiting and Retention, Education, Training, and Professional Development [OPR: IE-IM; OCR: CS-DIAP]

Objective: Recruit and retain, educate, train, certify, and continually develop opportunities to support a highly qualified IT/cybersecurity workforce.

Relevance: A diverse set of IT/cybersecurity recruiting and retention, education and training, and certification programs are key to maintaining an agile, highly skilled workforce capable of operating, defending, and advancing the DoD Information Enterprise. Additionally, access to a variety of professional development opportunities serves as an attractive incentive for recruiting and retaining quality personnel. For optimum utilization, DoD IT/cybersecurity personnel must have access to a variety of programs, both internally and externally, that are distributed through multiple learning delivery options.

Action 4.3.1 Implement the DoD Information Technology Exchange Program (ITEP) pilot. [OPR: IE-IM]

Task 4.3.1.1 Partner with DoD Components and their Offices of General Counsel and Human Resources for continuous identification and placement of ITEP candidates. (Q4FY13) [OPR: IE-IM] – NOT RESOURCED

Task 4.3.1.2 Prepare and submit ITEP status report to Congress (annual requirement through Oct 2015). (Q1FY13) [OPR: IE-IM]

Task 4.3.1.3 Update and maintain the ITEP website. (Q4FY13) [OPR: IE-IM]

Action 4.3.2 Manage the DoD IASP. [OPR: IE-IM; OCR: CS-DIAP]

Task 4.3.2.1 Solicit, review, select, and notify the DoD 2012-2013 IASP recruitment/retention scholarship applicants, with support from NSA and other DoD Components. (Complete) [OPR: IE-IM]

Task 4.3.2.2 Solicit, review, and award 2012-2013 capacity building grants to IASP Centers of Academic Excellence for IA educational infrastructure, student and faculty development, with support from NSA. (Complete) [OPR: IE-IM; OCR: CS-DIAP]

Task 4.3.2.3 Issue policy guidance and solicit, review, select, and notify the DoD 2013-2014 IASP recruitment/retention scholarship applicants, with support from NSA and other DoD Components. (Q3FY13) [OPR: IE-IM; OCR: CS-DIAP]

Task 4.3.2.4 Solicit, review, and award 2013-2014 capacity building grants to IASP Centers of Academic Excellence for IA educational infrastructure, student and faculty development, with support from NSA. (Q4FY13) [OPR: IE-IM; OCR: CS-DIAP]

Action 4.3.3 Partner on Federal IT/cybersecurity workforce education and training initiatives. [OPR: IE-IM]

Task 4.3.3.1 Complete the update of the 2012 Clinger-Cohen Core Competencies. (Q1FY13) [OPR: IE-IM]

Task 4.3.3.2 Partner with NICE and the Federal CIO Council to identify training and education requirements for new cybersecurity competencies. (Q3FY13) [OPR: IE-IM]

Task 4.3.3.3 Partner in federal development and execution of the 2012 IT Workforce Assessment Survey for Cybersecurity. (Q2FY13) [OPR: IE-IM]


Task 4.3.3.4 Conduct IT Job Shadow Day (annually). (Q2FY13) [OPR: IE-IM]

Task 4.3.3.5 Secure access for DoD personnel to the Federal Virtual Training Environment (FedVTE), provide training course updates relevant to DoD personnel, and influence and direct outcomes. (Q4FY13) [OPR: CS-DIAP]

Action 4.3.4: Partner with DoD Components to design and pilot a DoD cybersecurity awareness training program beyond ISS LOB requirements. [OPR: CS-DIAP]

Task 4.3.4.1 Develop CONOPS for a comprehensive program that includes end-user exercises and data collection, reduction, analysis, and reporting plan. (Q2FY13) [OPR: CS-DIAP]

Task 4.3.4.2 Pilot CONOPS and analysis plan with select DoD organizations. (Q3FY13) [OPR: CS-DIAP]

Task 4.3.4.3 Refine CONOPS and develop associated programmatic variables based on pilot outcomes. (Q4FY13) [OPR: CS-DIAP]

Action 4.3.5 Leverage IA/cyber range environments for DoD trainees, students, and operators to gain/enhance expertise via realistic cyberspace scenario-based exercises, competitions, and training. [OPR: CS-DIAP]

Task 4.3.5.1 Facilitate collaboration among potential users to identify technical solutions to support delivery of training to remote locations. (Q4FY13) [OPR: CS-DIAP]

Task 4.3.5.2 Support development of a data collection, reduction, analysis, and reporting plan. (Q1FY13) [OPR: CS-DIAP]

Task 4.3.5.3 Conduct pilot scenario-based training exercise at select Military Service training locations. (Q2FY13) [OPR: CS-DIAP]

Task 4.3.5.4 Facilitate DoD Defense agency participation in federal cybersecurity training exercise workshops. (Q2FY13) [OPR: CS-DIAP]

Task 4.3.5.5 Develop cybersecurity Training Range Strategy. (Q2FY13) [OPR: CS-DIAP]

Task 4.3.5.6 Explore partnerships with Military Service academies to leverage range capabilities for classroom training/exercise. (Q3FY13) [OPR: CS-DIAP]

Action 4.3.6: Establish public/private partnerships to further cybersecurity workforce professional development. [OPR: CS-DIAP]

Task 4.3.6.1 Support cyber-related competitions that build and sustain the DoD workforce pipeline. (Q2FY13) [OPR: CS-DIAP]

Task 4.3.6.2 Investigate opportunities for workforce development-related partnerships with private sector. (Q4FY14) [OPR: CS-DIAP]

Task 4.3.6.3 Initiate public/private sector partnership for workforce development and management activities. (Complete) [OPR: CS-DIAP]

Action 4.3.7 Administer annual DoD CIO Awards program. [OPR: IE-IM]

Task 4.3.7.1 Manage the DoD-wide nomination and selection process culminating in the annual awards ceremony. (Q1FY13) [OPR: IE-IM]


Overview

Making the best choices, identifying the right priorities, and managing resources to gain the most from investments is the charge from DoD senior leadership, the Congress, and the American taxpayer. It is also the central role of the DoD Chief Information Officer in optimizing IT investments. The importance of that role is underscored by the $38.4 billion per year that the Department spends on IT investments including infrastructure; business systems; IT embedded in weapons systems; communications; and platforms.

Choices, priorities, and resources are managed through the direction and oversight conducted by the DoD CIO. That oversight includes those programs and capabilities that the DoD CIO is directly in charge of, as well as those capabilities led by partners and stakeholders. In each case it is critical to ensure that solutions across the Department of Defense can operate together, share information, and improve overall capabilities without causing unexpected problems or interference—in other words, be interoperable and function seamlessly. To have seamless operations, programs bringing new capabilities must follow established basic rules, principles, and standards. Consequently, the DoD CIO is designated to ensure that programs are accountable and comply with the established rules, policies, and standards of DoD.

Optimizing IT investment and ensuring accountability and compliance with policy and guidance is made challenging by the distributive nature of program decisions that are spread across three major DoD processes: 1) the JCIDS, which supports the Chairman of the Joint Chiefs of Staff and the Joint Requirements Oversight Council (JROC) in identifying and assessing joint military capability needs; 2) the PPBE system, which produces a plan, a program, and, finally, a budget for the DoD; and 3) the DAS, which exists to manage the Nation's investments in technologies, programs, and product support. Depending on the scope and importance, programmatic decisions are made at all levels of the DoD organization, such as by the Military Services and organizations within the Military Services, employing these three major defense processes. DoD CIO IT investment oversight benefits the DoD through its involvement in these processes by looking across all major DoD IT investments and across multiple decision points. The DoD CIO meets its oversight responsibilities by appropriately engaging in the JCIDS, PPBE, and DAS processes and establishing DoD IT policies based on legislation and administration policy. To aid in these processes, the DoD CIO must furnish an effective toolset to provide decision makers with accurate and timely information.

Looking to the future, the Department realizes that it can improve the way it directs and oversees IT acquisition and manages information resources. The DoD CIO, in coordination with the Joint Staff, CAPE, the DCMO, and USD(AT&L), is looking across the Department for ways to reform IT acquisition. The new approach will be more streamlined, require fewer decision points

AOE 5: Direct and Oversee DoD IT Investments


and paperwork, reduce the “time to market,” and drive more efficient IT resource management that supports federal green IT initiatives. The DoD CIO endorses and is helping to facilitate the reform efforts of how DoD invests in its IT capabilities while ensuring that it meets the true needs of the mission and the Soldiers, Sailors, Airmen, and Marines who execute it. In addition, the DoD CIO (in alignment with the Federal CIO’s 25 Point Implementation Plan To Reform Federal Information Technology Management) will take a Cloud First approach to providing services whenever appropriate.

The DoD CIO’s investment management role requires development of a more effective framework for assessing IT program compliance with DoD CIO standards and EA requirements. DoD CIO investment management activities seek to encourage DoD Components to use shrinking resources more effectively through a portfolio investment approach using commodity IT buying practices that achieve greater efficiencies through the use of shared services.

Strategic Objective

Optimize the Department’s IT investments in infrastructure, business systems, weapons systems, communications, and platforms to ensure mission success and efficient use of resources.

Steady State

Acquisition Process Improvement SS 5.1 Appropriately support JCIDS, PPBES, and DAS process improvements and appropriately engage in the three key DoD processesJCIDS, PPBES, and DAS. [OPR: IE-G; OCR: R-PA, IC-C4II]

SS 5.2 Participate in IT acquisition reform by leading the Architecture Working Group. [OPR: IE-AI; OCR: IE-G]

SS 5.3 Ensure information assurance solutions are considered and integrated into the acquisition process for DoD PNT systems. [OPR: IC-C4II]

IT Budget Guidance and Oversight SS 5.4 Provide IT budget guidance to DoD Components and recommend changes to DoD Component-submitted functional binning of the IT budget, in relation to DoD and OMB categories. [OPR: R-IT; OCR: R-PA, IE-G]

SS 5.5 Provide annual POM build guidance to DoD Components. [OPR: RA; OCR: IE-G, IC-PM]

SS 5.6 Provide guidance and oversight to help inform capability decisions. [OPR: IC-C4II]

SS 5.7 Focus on eliminating duplication and rationalize DoD's IT investments by performing program oversight through CCA and ISP processes. [OPR: IE-G; OCR: IC-C4II, R-IT, R-PA]

SS 5.8 Serve as PSA for PNT program oversight and policy generation. [OPR: IC-C4II]

SS 5.9 Ensure coordination of DoD PNT development and implementation of PNT capabilities among the DoD Components, as well as organizations external to the Department including NATO, DHS, and Department of Transportation (DOT). [OPR: IC-C4II]


SS 5.10 Support development of the DoD CIO cyber investment framework, USD(C) cyber resourcing, and House Appropriations Committee Surveys and Investigations (S&I) cyber taxonomy. [OPR: R-IT]

SS 5.11 Support architecture governance reviews. [OPR: IE-AI]

SS 5.12 Prioritize investments in information sharing infrastructure and services to ensure operability and reduce risk exposure, especially at the tactical edge. [OPR: IC-C4II; OCR: IC-SPP]

SS 5.13 Plan, organize, and conduct DoD CIO focus team assessments to identify gaps and inefficiencies in IT investments/capabilities and recommend adjustments through the annual Program and Budget Review (PBR) process. [OPR: IC-PM]

SS 5.14 Engage with CAPE and USD(C) to assist with evaluation of alternatives and review draft resource management decisions (RMDs). [OPR: IC-PM; OCR: IE-G]

SS 5.15 Support development, technical review and assessment of AoAs, capabilities-based analyses, JCIDS and acquisition documents, and CDAs. [OPR: IE-G]

SS 5.16 Participate in the COCOM Integrated Priority List (IPL) process with Military Services to better understand requirements and track emerging needs. [OPR: IC-C4II]

SS 5.17 Manage, administer, and support the DoD CIO internal PPBE process, including spend plan creation and execution and PBR process activities to achieve DoD CIO goals, objectives, and priorities. [OPR: R-IM]

SS 5.18 Support the DoD Executive Leadership Partner Forum with regard to oversight of DISA funding (e.g., review Appropriated/Defense Working Capital Fund; conduct/participate in mid-year reviews, ad-hoc reviews, and funding anomalies). [OPR: R-PA]

SS 5.19 Perform PPBE System tasks including: 1) reviewing DPG, DoD CIO Capability Planning Guidance, program/budget issue papers, OMB issuances, resources management decisions, 2) issuing fiscal guidance to DISA, 3) submitting annual omnibus reprogramming requests to USD(C), and 4) participating on issue teams and ad-hoc teams. [OPR: R-PA]

SS 5.20 Update guidance and provide training to DoD Components on IT budget reporting for the FY14 President's Budget, as needed. [OPR: R-IT] [8.3]

Investment Review SS 5.21 Perform IT and PNT investment reviews. [OPR: IC-C41I]

SS 5.22 Ensure compliance with statutes, DoD policies, and administrative intent. [OPR: R-PA]

SS 5.23 Ensure IT investments are aligned with the DoD CIO vision, strategic plans, and with the DoD Enterprise Architecture. [OPR: R-IT; OCR: IE-AI]

IT Investment Tracking and Reporting SS 5.24 Provide guidance and oversight for the DITPR. [OPR: IE-G]

SS 5.25 Implement periodic system changes to DITPR and SNaP-IT to accommodate new congressional and OMB reporting requirements associated with the IT budget and IT portfolio management. [OPR: IE-G; OCR: R-IT]

SS 5.26 Support IT budget community Action Officers regarding access/use of SNaP-IT/SNaP-DIAP. [OPR: R-IT]


SS 5.27 Lock SNaP-IT/SNaP-DIAP at appropriate points in the budget submission cycle. [OPR: R-IT]

SS 5.28 Maintain a liaison with Portfolio Registry (DITPR), Mission Areas, and IRBs. [OPR: R-IT]

SS 5.29 Maintain a capability to collect, analyze, and submit monthly IT Dashboard updates to Exhibit 300B Performance Plans and DoD CIO rating. [OPR: R-IT]

SS 5.30 Serve as congressional/GAO/Inspector General (IG) liaison. [OPR: R-AM]

SS 5.31 Provide cross-government visibility of DoD investments through TechStat, IT Dashboard, data.gov, and other open government initiatives. [OPR: IE-G; OCR: IE-IM, IC-PM, IC-C4II, and DCIO(CS)]

SS 5.32 Participate in the DoD Financial Improvement and Audit Readiness (FIAR) activity led by USD(C) to produce a financial statement that passes all financial audit standards. [OPR: R-IR]

SS 5.33 Provide detailed IT budget analysis to DoD leadership, IRBs, OMB, congressional staff, and GAO. [OPR: R-IT]

SS 5.34 Support IG/GAO audits involving materials associated with the DoD IT budget. [OPR: R-IT]

SS 5.35 Participate in PortfolioStat sessions, which are evidence-based reviews of an agency's IT portfolio. [OPR: R-IT]

Internal DoD CIO Budget SS 5.36 Manage, administer, and support temporary duty travel for the DoD CIO organization through the Defense Travel System. [OPR: R-IR]

SS 5.37 Manage and administer training funds for the DoD CIO organization. [OPR: R-IR]

SS 5.38 Manage, administer, and support the Organizational Representation Fund for the DoD CIO organization. [OPR: R-IR]

SS 5.39 Administer competitively awarded, common user support contracts and associated task orders for the DoD CIO organization. [OPR: R-IR]

SS 5.40 Consolidate contracts in DoD CIO to reduce the number of individual contracting mechanisms. [OPR: R-IR] – NOT RESOURCED

SS 5.41 Manage the MITRE National Security Engineering Center Staff-years of Technical Effort allocations for the DoD CIO organization. [OPR: R-IR]

SS 5.42 Manage the Intergovernmental Personnel Act Mobility Program for the DoD CIO organization. [OPR: R-IR]

SS 5.43 Manage internal DoD CIO budget formulation (budget development, allocation, execution, and reconciliation) including preparation of the POM, Budget Estimate Submission (BES), and President’s Budget exhibits. [OPR: R-IR]


PRI 5.1: Manage the IT Budget [OPR: R-IT]

Objective: To improve IT investment planning, programming, budget and execution processes to better oversee IT investment execution by enhancing the framework and processes for decision making on future programs.

Relevance: To enhance the IT investment planning, programming, budget, and execution process for making informed decisions that support national defense policies and military strategies in meeting mission needs.

Action 5.1.1 Provide budget guidance to promote alignment of IT investments with the DoD CIO vision, strategic plans, and with the DoD Enterprise Architecture. [OPR: R-IT; OCR: IE-G]

Task 5.1.1.1 Support DCIO(R&A) in drafting OMB A-11 guidance for FY15 President's Budget. (Q3FY13) [OPR: R-IT; OCR: IE-G]

Task 5.1.1.2 Review relevant DoD Component budget inputs and provide recommendations on budget changes needed before submission to OMB. (Q4FY13) [OPR: IE-G; OCR: R-PA]

Task 5.1.1.3 Develop fiscal year IT budget schedule outlining the events planned for the budget submission to Congress. (Q3FY13) [OPR: R-IT]

Task 5.1.1.4 Provide OSD IT budget guidance in accordance with USD(C)/CAPE guidance. (Q4FY13) [OPR: R-IT]

Task 5.1.1.5 Provide relevant FY OSD IT budget training on new/current A-11 and OSD reporting requirements. (Q3FY13) [OPR: R-IT]

Task 5.1.1.6 Conduct annual 101 IT budget training for DoD personnel new to the IT budget. (Q3FY13) [OPR: R-IT]

Action 5.1.2 Plan, organize, and conduct DoD CIO focus team assessments to identify gaps and inefficiencies in investments/capabilities and recommend adjustments through the annual PBR process. [OPR: IC-PM]

Task 5.1.2.1 Support development of POM14 issue papers that address capability gaps, as identified in guidance documentation and senior leadership priorities; present candidate issues at milestone reviews conducted by DoD CIO, USD(AT&L), and Joint Staff. (Complete) [OPR: IC-PM] **

Task 5.1.2.2 Complete, submit, and support DoD CIO-approved POM14 issue papers through the PBR process in coordination with DoD CIO focus team SMEs. (Q1FY13) [OPR: IC-PM]

Task 5.1.2.3 In coordination with DoD CIO SMEs, conduct In Progress Reviews of RMD-funded initiatives lacking robust oversight mechanisms (e.g., Programs of Record), as appropriate. (Q4FY13) [OPR: IC-PM]

Task 5.1.2.4 Develop and publish DoD CIO Focus Team Guidance for the POM FY2015-2019 PBR identifying the DoD CIO-led issue focus teams, focus team objectives, process, governance, and scheduled reviews and deliverables. (Q2FY13) [OPR: IC-PM]


Task 5.1.2.5 Support development of POM15 issue papers that address capability gaps, as identified in guidance documentation and senior leadership priorities; present candidate issues at milestone reviews conducted by DoD CIO, USD(AT&L), and Joint Staff. (Q4FY13) [OPR: IC-PM]

Task 5.1.2.6 Complete, submit, and support DoD CIO-approved POM15 issue papers through the PBR process in coordination with DoD CIO focus team SMEs. (Q1FY14) [OPR: IC-PM]

Action 5.1.3 Demonstrate improved efficiency through support of federal E-Gov initiatives. [OPR: IE-IM]

Task 5.1.3.1 Submit DoD Annual E-Gov Act Implementation Report to OMB. (Q1FY13) [OPR: IE-IM]

Action 5.1.4 Provide strategic direction and oversight to enable the Department to effectively define, prioritize, acquire, govern, manage, and implement C2 capabilities in support of DoD operations. Oversee and facilitate the integration of national, strategic, operational, and tactical C2 systems/programs, including support to the White House Military Office. [OPR: IC-C4II; OCR: IC-NLCC]

Task 5.1.4.1 Establish a C4 governance and management approach to address DoD CIO roles, responsibilities and authorities as the PSA for C4 capabilities. (Q3FY13) [OPR: IC-C4II] [5.1, 5.5]

Task 5.1.4.2 Establish a charter for the C4 Executive Committee under the CIO Executive Board for DoD CIO signature. (Q3FY13) [OPR: IC-C4II]

Task 5.1.4.3 Identify and develop C2-related POM14 issues that address capability gaps, as identified in guidance documentation and senior leadership priorities. Submit final POM14 issues for C2 capabilities as required. (Complete) [OPR: IC-C4II]

Action 5.1.5 Submit BES and the Execution Year Performance Plan to the OMB IT Dashboard. [OPR: R-IT]

Task 5.1.5.1 Create and modify IT investments during BES open season. (Q3FY13) [OPR: R-IT] [8.2]

Task 5.1.5.2 Review and analyze DoD Component submissions to provide comments and recommendations to DoD Components and request DoD Component re-work. (Q2FY13) [OPR: R-IT] [8.2]

Task 5.1.5.3 Provide XML format submission to OMB IT Dashboard. (Complete) [OPR: R-IT]

Task 5.1.5.4 Submit President's Budget to OMB IT Dashboard and Congress; XML format submission. (Q2FY13) [OPR: R-IT]

Task 5.1.5.5 Create and modify IT investments during the President’s Budget open season. (Q1FY13) [OPR: R-IT]

Task 5.1.5.6 Provide XML format submission to OMB IT Dashboard. (Q1FY13) [OPR: R-IT]

Task 5.1.5.7 Ensure that DoD Components submit Statement of Compliance. (Q2FY13) [OPR: R-IT]


Task 5.1.5.8 Complete security review and approval and obtain OMB clearance. (Q2FY13) [OPR: R-IT]

Task 5.1.5.9 Submit budget materials to Congress. (Q2FY13) [OPR: R-IT]

Task 5.1.5.10 Perform After Action Review (Hot Wash) by IT investment and DoD Component staffs of successes and issues associated with the IT budget process. (Q2FY13) [OPR: R-IT]

Task 5.1.5.11 Develop DoD overview that addresses overall DoD IT spendingtelling the DoD CIO story (e.g., the FY13 overview focused on the ITESR) and providing big picture resource runs and graphs. (Q2FY13) [OPR: R-IT]

Task 5.1.5.12 Conduct staffer briefings on the IT budget and IA/cyber budget, to provide staffers access to information and allow for staffer/DoD staff interaction. (Q2FY13) [OPR: R-IT]

Action 5.1.6 Support the implementation of the Campaign to Cut Waste in accordance with EO13589. [OPR: R-PA]

Task 5.1.6.1 Perform FY12 Campaign to Cut Waste "Employee IT and Software" reporting requirements. (Q1FY13) [OPR: R-PA]

PRI 5.2 Enhance the IT Acquisition Process [OPR: IE-G]

Objective: To enhance the IT acquisition process to more effectively manage the Department's investments in technologies, programs, and product support.

Relevance: Enhancing the IT investment acquisition process will enable the Department to make better informed decisions that support national defense policies and military strategies in meeting mission needs.

Action 5.2.1 Develop and institute new practices that revamp IT investment management and DoD core processes to speed delivery of new robust capabilities to the warfighter. [OPR: R-IT in coordination with USD(AT&L)] [8.1]

Task 5.2.1.1 Define and implement DoD CIO IT investment authority approval criteria. (Q3FY13) [OPR: R-IT; OCR: IE-AI] [8.1] – NOT RESOURCED

Task 5.2.1.2 Institutionalize IT infrastructure rationalization governance across CC/S/A. (Q4FY13) [OPR: IE-G] [5.4, 8.1] **

Task 5.2.1.3 Revamp CCA and ISP processes to better support DoD core and updated IT investment management processes, including monitoring compliance with architecture and standards. (Q1FY13) [OPR: IE-G; OCR: IE-AI] [5.2, 8.1]

Action 5.2.2 Implement the DoD TechStat process per evolving OMB guidance. [OPR: IE-G]

Task 5.2.2.1 Implement the DoD TechStat process at the DoD Component level. (Complete) [OPR: IE-G]


PRI 5.3: Enhance IT Portfolio Management Tools [OPR: IE-G]

Objective: Leverage tools and processes to support the management of the DoD IT portfolio.

Relevance: Facilitates the categorization of investments, spending, program and portfolio performance, and return on investment. Supports the IT investment submission requirements of the Congress and OMB.

Action 5.3.1 Enhance authoritative sources of IT investment data and integrated tool sets to enable effective access to that data. [OPR: IE-G]

Task 5.3.1.1 Rationalize taxonomies in the IT budget to align with DoD IT portfolio management constructs. (Q3FY13) [OPR: R-IT, IE-G]

Task 5.3.1.2 Publish direction for the identification and tracking of IT infrastructure investments in Department databases, including DITPR and SNaP-IT. (Q2FY13) [OPR: R-IT; OCR: IE-G] [8.3]

Task 5.3.1.3 Align systems in DITPR to refined IT budget investments and taxonomies. (Q2FY13) [OPR: IE-G] [8.4]

Task 5.3.1.4 Develop plan for ultimate integration of the IT budget (SNaP-IT) with DITPR and the Enterprise Mission Assurance Support System (eMASS), and other tools and repositories supporting IT investment management. (Q4FY13) [OPR: R-IT; OCR: IE-G] [8.3]

Task 5.3.1.5 Develop a DoD IT investment dashboard (utilizing the integrated tool set developed under Task 5.3.1.4), to support DoD CIO IT investment knowledge management and decision-making processes. (Q2FY14) [OPR: R-IT; OCR: IE-G] [8.3, 8.4]

Task 5.3.1.6 Develop SNaP-IT modifications that focus on new/changing A-11 and OSD reporting requirements. (Complete) [OPR: R-IT] [8.4]

Task 5.3.1.7 Support DoD Components for feeder system modifications that focus on new/changing A-11 and OSD reporting requirements. (Complete) [OPR: R-IT]

Task 5.3.1.8 Provide SNaP-IT/SNaP-DIAP user training. (Complete) [OPR: R-IT]

PRI 5.4: IT Investment Oversight [OPR: R-IT]

Objective: To provide guidance for and perform the DoD CIO investment oversight role.

Relevance: Provides a current framework for conducting assessments for IT program compliance with DoD CIO standards and DoD EA requirements; supports federal data gathering requirements for IT investments; and provides revised DoD policy for IT portfolio and investment management.

Action 5.4.1 Conduct IT Compliance Assessments. [OPR: R-IT]

Task 5.4.1.1 Develop a framework for conducting IT Compliance Assessments led by DCIO(R&A) and the IT Investment Directorate. (Q1FY13) [OPR: R-IT] **


Task 5.4.1.2 Initiate Compliance Assessment reviews. (Q2FY13) [OPR: R-IT] **

Action 5.4.2 Support PortfolioStat data gathering requirements. [OPR: IE-G]

Task 5.4.2.1 Gather OMB requested baseline data through a high-level survey of agency IT portfolio oversight governance, development processes, and current baseline. (Complete) [OPR: IE-G]

Task 5.4.2.2 Gather baseline data through an information request identified in the OMB-developed MAX Collect tool for specific types of commodity IT investments (including enterprise IT systems, IT infrastructure, and business systems) that will be used to baseline the maturity of agency portfolios. (Q4FY13) [OPR: IE-G] **

Task 5.4.2.3 Draft a proposed action plan to consolidate the commodity IT spend under the CIO, and establish a measurable financial goal to reduce total IT spend based on more consolidated commodity IT buys and intra-agency shared services (based on the analysis used to respond to the information requests), in partnership among the DoD CIO, Component Acquisition Executive, and Chief Financial Officer. (Q2FY13) [OPR: R-IT; OCR: IE-AI, IE-G] [6.4]

Task 5.4.2.4 Implement final action plans for agencies to rationalize and consolidate IT portfolios. Standardize taxonomies and lexicons for assessment of IT portfolios. (Q1FY13) [OPR: R-IT] [8.3]

Task 5.4.2.5 Consolidate PortfolioStat lessons learned provided by agencies. (Q2FY13) [OPR: IE-G]

Action 5.4.3 Re-work and reissue DoD 8115 series IT Portfolio Management/IT Investment Management policies. [OPR: IE-G; OCR: R-IT] [8.2]

Task 5.4.3.1 Develop a policy that combines the existing DoDD 8115 series into a single policy that defines how DoD CIO will oversee IT investments within the Department. (Q4FY13) [OPR: IE-G; OCR: R-IT] [8.1, 8.2]

Task 5.4.3.2 Develop an assessment process for the DoD CIO to review IT investments and monitor/oversee CC/S/A progress in implementing department-wide strategies; conduct quarterly assessments. (Q2FY13) [OPR: IE-G] [8.1, 8.2]

PRI 5.5: Support the Joint Information Environment [OPR: R-IT; OCR: IE-G]

Objective: Provide necessary support to develop the JIE Resource Baseline.

Relevance: Contributes to the establishment of the Joint Information Environmenta robust and resilient enterprise that will deliver faster, better informed collaboration and decisions enabled by secure, seamless access to information regardless of computing device or location.

Action 5.5.1 Oversee JIE investment decisions to ensure consistency with the Department’s budget submissions, and coordinate all JIE investment actions (including POM) to ensure financial reality and ability to execute. [OPR: R-IT]


Task 5.5.1.1 Implement and establish the JIE Investment Review Board as the governing body to manage JIE investment decisions that impact the Department’s budget. (Q3FY13) [OPR: R-IT] [5.5, 8.2]

Task 5.5.1.2 Maintain a JIE Resource Baseline in order to determine validated puts/takes throughout the PPBE process. (Q2FY13) [OPR: R-IT]

Task 5.5.1.3 In support of JIE Increment 1 Business Case Analysis, lead development of the As-Is, To-Be, transition costs, and budget impacts. (Q1FY13) [OPR: R-IT]

Task 5.5.1.4 Establish an instance of SNaP-IT/SNaP-DIAP to collect and automate the JIE Resource Baseline. (Q4FY13) [OPR: R-IT]


Overview

With information and IT assets distributed over a wide-ranging enterprise and with diverse domestic and international partners actively participating in DoD missions, the Department cannot execute operations without the GIG. Maintaining freedom of action in cyberspace is also critical to DoD and to the Nation. Therefore, the Department is focused on building and operating the GIG as a joint global enterprise. This enterprise network approach—coupled with skilled users, defenders, and first-responders and in partnership with the intelligence and homeland security communities and the private sector—will allow the Department to more readily identify and respond to cyber degradation or attack and still accomplish our missions.

The current DoD Cybersecurity Strategy lays out five goals for creating effective capabilities, consistent implementation, and coordinated responses. Collectively, these goals describe an integrated approach for improving confidence levels and speed of action. They help organize and focus cybersecurity activities in the Department and provide the long-term investment framework for realizing the Department’s vision. The five goals listed below are the priorities for this plan.

• Dependable mission execution in the face of cyber warfare - Establish methods, policies, procedures, and desired capabilities that ensure customers of the DoD information infrastructure, including our mission partners, can depend on essential information and information infrastructure in the face of cyber warfare by a capable adversary.

• Better, agile, safe sharing - Establish methods, policies, procedures, and desired capabilities that allow information sharing with whatever partners a mission requires to be established quickly and safely.

• DoD and its mission partners can keep a secret - Establish methods, policies, procedures, and desired capabilities that allow DoD and its mission partners to keep information secret when required.

• Give mission commanders freedom of action in cyberspace - Establish methods, policies, procedures, and desired capabilities that insure mission risks taken in the information infrastructure can be contained to a particular mission and that other missions do not automatically inherit the risk.

• Technology uptake in DoD is agile - Establish methods, policies, procedures, and desired capabilities that promote agile cybersecurity technology uptake in DoD.

To effectively and efficiently protect and defend data, networks, and missions, DoD must focus not only on required defensive operating concepts, but also on the necessary intelligence, information sharing, response activities, and workforce needed to conduct the mission. Based on this premise, the DoD CIO has begun development of the DoD Cyber Defense Strategy 2020 which will be released early in FY13.

AOE 6: Strengthen Cybersecurity


Strategic Objective

Build and operate DoD network capabilities as a joint global enterprise that more readily identifies and responds to cyber degradation or attack.

Steady State

DoD Externally Facing SS 6.1 Provide support, via cross domain support elements (CDSEs), to Afghanistan-Pakistan (AFPAK) theater information sharing forums across enterprise, regional, and tactical levels and DoD/IC cross domain communities—as part of Unified Cross Domain Management Office (UCDMO) efforts—to enable delivery of cross domain solutions (CDS) and services. [OPR: CS-UCDMO]

SS 6.2 Serve as the focal point for international cybersecurity activities within DoD CIO in coordination with the USD(P), USD(I), and other agencies to ensure consistent engagement with the international community regarding our cyber strategy. [OPR: CS-CSP; OCR: CS-CSS]

SS 6.3 Develop, implement, and oversee IA information exchange MOU/MOAs with key allies, critical partners, and NATO, as part of the International Information Assurance Program. [OPR: CS-CSP]

SS 6.4 Working with DHS and ASD(HD&ASA), promote development of international cyberspace legal frameworks to increase the security and stability of DoD networks and the Internet. [OPR: CS-CSP]

SS 6.5 Ensure DoD CIO is represented in DSOC governance venues; ensure DoD CIO engagement in interagency and international cyber proceedings. [OPR: CS-CSS] [5.5]

SS 6.6 Coordinate policy, strategy, and cybersecurity issues with Military Services; NSA; USCYBERCOM; USSTRATCOM and other relevant COCOMs/DoD Components; DISA; and federal partners, including NIST, DHS, and ODNI. [OPR: CS-CSS; OCR: CS-CSP and CS-UCDMO]

SS 6.7 Act as DoD CIO representatives in DoD and interagency cyber planning, cyber exercises, and incident response. [OPR: CS-CSS]

SS 6.8 Support the Committee on Foreign Investment in the U.S. (CFIUS) risk assessments and evaluate CFIUS cases to determine DoD CIO equities. For cases involving DoD CIO equities, perform risk-based assessment with advocacy to negotiate mitigation agreements or to justify blocking. [OPR: CS-TMSN]

SS 6.9 Co-lead Supply Chain Risk Management (SCRM) congressional reporting of DoD strategy on software assurance Section 932 and provide input to Section 925 reporting. [OPR: CS-TMSN]

SS 6.10 Provide policy, guidance, and oversight for DoD Internet domain name use and approval to include .mil, .gov, and other domains. [OPR: IE-IM]

SS 6.11 Serve as the DoD representative at quarterly CNSS committee and subcommittee meetings; serve as CNSS Chair; lead or participate in CNSS working groups developing and maintaining CNSS issuances. [OPR: CS-CSP]


SS 6.12 Oversee and guide support for implementation of secure information sharing with SIPRNet Releasable Demilitarized Zone (SIPR REL DMZ) and Improved Connectivity Initiative partners. [OPR: CS-CSS; OCR: CS-CSP and CS-UCDMO]

SS 6.13 Provide support and leadership to NATO Capability Panel 4 on IA /Cyber Defense; represent the U.S. position on IA/Cyber Defense technical and policy issues that may come before the NATO C3B; and respond to tasking issued by the NATO C3B. [OPR: CS-CSP]

SS 6.14 Serve as DoD representative at monthly Senior Information Sharing and Safeguarding Steering Committee and weekly Executive Agent meetings; coordinate, manage, and report on actions required by EO 13587, Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information. [OPR: CS-CSP]

SS 6.15 As part of Homeland Security Presidential Directive (HSPD)-12’s implementation of Personal Identity Verification (PIV) credentials, support external Public Key Infrastructure (PKI) interoperability with federal, commercial, and international partners who interact regularly with DoD. [OPR: CS-IAC]

SS 6.16 Serve as the DoD CIO focal point for COMSEC, cryptographic modernization, and key management. [OPR: CS-IAC]

SS 6.17 Serve as the DoD CIO representative for Key Management Infrastructure (KMI) program activities with NSA and the Military Services. Provide guidance to the NSA KMI Functional Manager to ensure future requirements for KMI are processed within the Joint Staff and DoD CIO. [OPR: CS-IAC]

DoD Internally Facing SS 6.18 Promote awareness of the requirements for appropriate use of DoD Internet service and Internet-based capabilities (IbC). [OPR: IE-IM]

SS 6.19 Provide enterprise computer network defense (CND) capabilities through ongoing capability analysis of proposed CND tools, along with coordination of new capabilities and requirements generation. [OPR: CS-DIAP]

SS 6.20 Manage DoD IA policy portfolio, conduct OSD-level IA policy development, and ensure IA equities are addressed in other DoD issuances. [OPR: CS-CSP]

SS 6.21 Establish and oversee execution of IT PIA policies to ensure PIAs are conducted on all electronic collections of Personally Identifiable Information (PII) and adequate controls exist to protect public and federal employee PII; advise DoD Components and PMs on PII, PIA matters; ensure PIAs are reviewed and updated; and inform DoD Components of issues and provide expertise to resolve them. [OPR: IE-IM]

SS 6.22 Working with NSA, provide IA architecture including guiding principles, policies, standards—with technical and non-technical designs—to provision a resilient and defensible GIG to assure mission execution. [OPR: CS-CSS] [1.4]

SS 6.23 Conduct review and analysis of Major Defense Acquisition Programs (MDAP) and Major Automated Information Systems (MAIS) information assurance strategies. [OPR: CS-DIAP][8.2]

SS 6.24 Oversee implementation of cybersecurity protection improvements to DoD national security systems, in coordination with NSA leadership of Comprehensive National Cybersecurity Initiative (CNCI) 7 (Increase the Security of Classified Networks). [OPR: CS-CSS]


SS 6.25 Provide support by representing network concerns for actions involving: identity authentication and assurance for entities on DoD networks; Department-wide identity assurance (IdA) policy and governance; and reducing anonymity on DoD networks by PK-enabling DoD Unclassified but Sensitive Internet Protocol Router Network (NIPRNet) private web servers. [OPR: IC-C4II] [5.4]

SS 6.26 Serve as DoD CIO liaison to USCYBERCOM for all cybersecurity issuances. [OPR: CS-CSS; OCR: CS-CSP]

SS 6.27 Integrate policy, strategy and out-year budget planning. [OPR: CS-CSS; OCR: CS-CSP]

SS 6.28 Coordinate and collaborate with USCYBERCOM, DISA, and NSA on enterprise authentication and compliance monitoring technologies, policy implementation guidance, security architecture, and interoperability. [OPR: CS-IAC] [1.4]

SS 6.29 Provide oversight of the DoD PKI program and PMO; review progress of PKI program towards meeting program milestones. [OPR: CS-IAC]

SS 6.30 Provide implementation guidance to the DoD Information Assurance Certification and Accreditation Process (DIACAP) Risk Management Framework (RMF) Technical Advisory Group (TAG) by interfacing with DoD Component cybersecurity programs, communities of interest (COIs), and other entities by: 1) providing detailed analysis, 2) recommending changes to security controls, 3) recommending changes to cybersecurity risk management processes, 4) advising forums identified by the DoD Simulation Interoperability Standards Organization, 5) developing automation requirements for DoD services that support the RMF, 6) acting as chair, managing the DIACAP TAG secretariat, overseeing TAG working groups, and 7) developing DoD standards and guidance for NIST SP 800-53 security controls. [OPR: CS-DIAP]

SS 6.31 Support Command Cyber Readiness Inspections weekly trend analysis and reporting (includes performance metrics). [OPR: CS-DIAP]

SS 6.32 Coordinate insider threat IA actions/response; monitor, coordinate, and integrate IA plans/activities within the Department in response to insider threat. [OPR: CS-DIAP]

SS 6.33 Coordinate new capabilities and requirements generation with the CND Architecture Working Group and provision enterprise CND capabilities. [OPR: CS-DIAP]

SS 6.34 Advise the DIACAP TAG concerning DIACAP issues being presented to the DISN GIG Flag Panel; provide IA SME representation to the NIPRNet DMZ Working Group. [OPR: CS-DIAP]

SS 6.35 Perform strategic management of continuous monitoring and risk scoring (CM/RS); coordinate CM/RS capabilities; and provide SME support to the IA community in support of implementing CM/RS. [OPR: CS-DIAP]

SS 6.36 Act as the PSA representative for the eMASS system and program; oversee eMASS configuration, Enterprise Reporting Service functionality, and C&A automation data standards in support of reciprocity. [OPR: CS-DIAP] [7.3]

SS 6.37 Oversee implementation of revised ports and protocols policy and chair Ports, Protocols, and Services Management Configuration Control Board and TAG, in accordance with DoDI 8551.1. [OPR: CS-DIAP]

SS 6.38 Oversee cybersecurity efforts in the JIE effort. [OPR: CS-CSS]


SS 6.39 Chair the Commercial Mobile Device Working Group to develop approaches for commercial mobile/edge device enterprise authentication policy, technology, and security requirements. [OPR: IC-C4II]

SS 6.40 Serve as the PSA representative for the KMI program; oversee the Military Services and NSA transition planning for KMI to ensure that it is done in a timely manner; support USD(AT&L) in the acquisition activities of the KMI program; serve as the Milestone Decision Authority for KMI. [OPR: CS-IAC]

SS 6.41 Aggregate and analyze metrics in support of short-term and recurring tasks; analyze and provide metrics in support of key programs and initiatives to fulfill PPBE oversight role; and provide IA and metrics expertise in support of portfolio analytical efforts. [OPR: CS-DIAP] [8.2]

SS 6.42 Coordinate and develop enterprise metrics to include Strategic Management Plan metrics reported to the DCMO; inform senior leadership via IA metrics; identify and aggregate all major IA metrics efforts within the Department; support collaboration among major metrics efforts; and leverage academic and industry experts. [OPR: CS-DIAP]

SS 6.43 Ensure all DoD directives, instructions and policies associated with generation, collection, storage, reporting, analysis, and sharing of DoD and other directed cyber metrics explicitly delineate and direct who is responsible for each of the above actions, where those actions will take place, and time frames for them to be conducted. [OPR: CS-DIAP]

SS 6.44 Support production of the DoD ICAM transition implementation guidance. [OPR: CS-CSP]

PRI 6.1: Dependable Mission Execution in the Face of Cyber Warfare [OPR: CS-DIAP]

Objective: Ensure networks and systems are designed, built and operated with mission assurance in mind. Commanders must be able to count on systems and information being available when needed, even in the face of cyber warfare by a capable adversary.

Relevance: Customers of the DoD information infrastructure, including the Department’s mission partners, can depend on essential information and information infrastructure in the face of cyber warfare by a capable adversary. This priority recognizes that the DoD’s operational environment will always contain cyber threats, and that DoD missions have to work, and work well, in such a realistic operational environment.

Action 6.1.1 Collaborating with stakeholders and interagency partners, coordinate and oversee revision of major DoD IA policy, including language supporting the Joint Task Force Transformation Initiative. [OPR: CS-CSP]

Task 6.1.1.1 Deliver DoD implementation / validation procedures for the newly adopted NIST SP 800-53 security controls. (Q2FY13) [OPR: CS-CSP]


Task 6.1.1.2 Update DoDD 8500.01, “Information Assurance” and DoDI 8500.02, “Information Assurance Implementation” to include a revised information system categorization and control selection methodology that is in line with federal methodologies to promote reciprocity, information sharing, and reuse across the federal government. (Q4FY13) [OPR: CS-CSP] [7.3]

Task 6.1.1.3 Update DoDD O-8530.01, "Computer Network Defense" and DoDI 8530 policy. (Q4FY13) [OPR: CS-CSP]

Action 6.1.2 In support of the Joint Task Force Transformation Initiative, coordinate and oversee DoD IA C&A improvements, risk management, and IA controls through collaboration with stakeholders. [OPR: CS-CSP]

Task 6.1.2.1 Develop and maintain RMF-related DoD policy and guidance issuances; deliver DoDI 8510.01, “Defense Information Assurance Risk Management Framework”, aligning DoD with NIST risk management policies and CNSS information system categorization, and incorporating continuous monitoring into the RMF. (Q4FY13) [OPR: CS-CSP; OCR: CS-DIAP] [7.1]

Task 6.1.2.2 In collaboration with the Intelligence Community, develop and deliver the initial set of security control overlays to the CNSS, in support of the Joint Task Force Transformation Initiative. (Complete) [OPR: CS-CSP]

Task 6.1.2.3 Execute, oversee, and manage DIACAP process management and transition, as well as the RMF implementation, management, and governance processes until sunset. Concurrently develop, transition, execute, oversee, and manage the DoD RMF. (Q3FY13) [OPR: CS-DIAP] [5.5]

Task 6.1.2.4 Maintain the DIACAP (RMF) Knowledge Service and develop, transition to, and maintain the successor RMF Knowledge Service, which includes technical and content management. (Q2FY13) [OPR: CS-DIAP]

Action 6.1.3 Strengthen cybersecurity readiness by identifying critical assets and prioritizing mission-critical systems for mission assurance. [OPR: CS-CSS]

Task 6.1.3.1 Identify GIG critical infrastructure and mission essential assets and systems that must be hardened. (Q4FY13) [OPR: CS-CSS]

Task 6.1.3.2 Develop mission thread and contingency plan decomposition candidates. (Q1FY13) [OPR: CS-CSS]

Task 6.1.3.3 Develop and implement resiliency characteristics for the GIG targeting critical mission essential assets and systems. (Q2FY14) [OPR: CS-CSS]

Task 6.1.3.4 Collaborate with industry and commercial interests to gather business continuity plans, lessons learned, and use cases. (Complete) [OPR: CS-CSS]

Task 6.1.3.5 Gather studies and analysis from DoD, academic, and standards organizations to leverage for inclusion in resiliency element development. (Complete) [OPR: CS-CSS]

Task 6.1.3.6 Incorporate resiliency characteristics in Service Level Agreements. (Q4FY13) [OPR: CS-CSS]

Task 6.1.3.7 Incorporate critical resiliency characteristics and goals into DoDD 3020.26, “Department of Defense Continuity Programs”, Jan 2009; IT consolidation; and GIG


Convergence Master Plan infrastructure requirements, goals, and roadmap. (Q2FY14) [OPR: CS-CSS]

Task 6.1.3.8 Identify relevant IA range, exercises, and appropriate piloting opportunities to test, model, and infuse resiliency elements and scenarios. (Q4FY13) [OPR: CS-CSS]

Action 6.1.4 Oversee 19 CNCI enablers and initiatives; help shape and influence post-CNCI cyber initiatives (such as NICE); ensure major lines of operation for DSOC are coordinated with USD(P), the rest of OSD and DoD, and interagency cybersecurity efforts; and engage and influence all emerging enterprise trends related to cyber. [OPR: CS-CSS]

Task 6.1.4.1 Complete cybersecurity review in selected level 4 COCOM contingency plans. (Q2FY13) [OPR: CS-CSS]

Task 6.1.4.2 Lead DSOC initiatives involving resiliency, cyber hygiene, and supply chain risk management. (Q3FY13) [OPR: CS-TMSN; OCR: CS-DIAP and CS-CSS]

Task 6.1.4.3 Lead and implement the DSOC Private Sector Partnership Strategy. (Q1FY13) [OPR: CS-CSS]

Task 6.1.4.4 Determine approach to support other DSOC initiatives/review of the Cyberspace Integration Group structure. (Q3FY13) [OPR: CS-CSS; OCR: CS-DIAP]

Task 6.1.4.5 Develop and mature post-CNCI, NICE, and CNCI next generation efforts. (Q2FY13) [OPR: CS-CSS]

Task 6.1.4.6 Conduct the bi-annual International Cyber Defense Workshop with academia and industry to promote cyber defense training and skills with international partners. (Q1FY13) [OPR: CS-CSP]

Task 6.1.4.7 Develop enterprise Cyber Defense Strategy 2020 to replace 2009 issuance. (Q1FY13) [OPR: CS-CSS]

Task 6.1.4.8 Develop strong operational and strategy relationships with USCYBERCOM, interagency cyber partners, and Guard/Reserve support concepts for cyber. (Q1FY13) [OPR: CS-CSS]

Task 6.1.4.9 Identify and develop CND initiatives for synchronization with Cyber 3.0 directions. (Q3FY13) [OPR: CS-DIAP]

Action 6.1.5 Create and maintain strong boundary defenses across DoD networks, monitoring DoD networks, and hardening hosts in coordination with DISA. Direct initiatives across DoD to align policy, architecture, and engineering of SIPRNet and NIPRNet. [OPR: CS-CSS]

Task 6.1.5.1 Put web content filter rules in place at Internet boundary. (Q2FY13) [OPR: CS-CSS] **

Task 6.1.5.2 Advance achievement of DoD hardening objectives by fielding DMZ Increment 0, which implements whitelists. (Q4FY13) [OPR: CS-CSS]

Task 6.1.5.3 Implement DMZ Increment 1 Phase 1, which begins physical and logical separation. (Q4FY13) [OPR: CS-CSS] **

Task 6.1.5.4 Implement DMZ Increment 1 Phase 2, which includes assured Internet bandwidth and COI. (Q4FY13) [OPR: CS-CSS] **


Task 6.1.5.5 Implement DMZ Increment 1 Phase 3, which includes full physical and logical separation. (Q4FY14) [OPR: CS-CSS] **

Task 6.1.5.6 Implement standardized CND architecture across all tiers of the GIG to align and integrate with DoD IE architectures efficiently and securely. (Q4FY13) [OPR: CS-CSS] [3.3]

Task 6.1.5.7 Monitor and coordinate Federal Desktop Core Configuration/U.S. Government Configuration Baseline/ Unified Master Gold Disk (FDCC/USGCB/UMGD) development with NSA and Military Services to ensure implementation within DoD. (Q1FY13) [OPR: CS-DIAP; OCR: IE-AI] [3.3]

Task 6.1.5.8 Update DoD O-8530.01-M, “DoD CND Service Provider Certification and Accreditation Program”. (Q4FY14) [OPR: CS-CSP; OCR: CS-DIAP]

Task 6.1.5.9 Draft a white paper detailing current CND Tier 2 and Tier 3 evaluation package review processes, and propose a new process. Moving forward, DISA Field Security Operations (FSO) and the Defense Intelligence Agency will prepare the report packages and submit directly to USSTRATCOM and/or the DoD Component evaluated. This allows DIAP to perform oversight duties associated with the packages, including analysis of evaluation results, and to make recommendations for process improvement. (Q1FY13) [OPR: CS-DIAP]

Task 6.1.5.10 Working in concert with USCYBERCOM J34 and DISA FSO, define the parameters of the Cybersecurity Inspection Program in an incremental approach (phased pilots) and validate the approach as assessment executioners. (Q1FY13) [OPR: CS-DIAP]

Action 6.1.6 Oversee security configuration management using Host-based Security Systems (HBSS). [OPR: CS-DIAP]

Task 6.1.6.1 Facilitate secure configuration management and HBSS program reviews. (Q4FY13) [OPR: CS-DIAP] **

Action 6.1.7 Implement CM/RS to achieve automated security monitoring of system configurations to ensure systems are behaving as expected. [OPR: CS-DIAP] [7.1]

Task 6.1.7.1 Analyze results of CM/RS pilots. (Q1FY13) [OPR: CS-DIAP] [7.1]

Task 6.1.7.2 Prepare appropriate DoD CM/RS issuances. (Q1FY14) [OPR: CS-DIAP; OCR: CS-CSP] [7.1]

Task 6.1.7.3 Develop the strategy and objectives for institutionalizing continuous monitoring across DoD. (Q2FY13) [OPR: CS-DIAP] [7.1]

Task 6.1.7.4 Coordinate with NIST, GSA, and NSA on development of security automation mechanisms and continuous monitoring standards, including those for cloud computing environments. (Q2FY13) [OPR: CS-DIAP] [2.1] – NOT RESOURCED

Action 6.1.8 Establish a multi-pronged approach for global SCRM. [OPR: CS-TMSN]

Task 6.1.8.1 Implement SCRM for commodity buys and warfighting networks. (Q4FY13) [OPR: CS-TMSN]

Task 6.1.8.2 Capture lessons learned in DoD Key Practices Guide updates, NDAA Section 806 guidance, and other implementation guidance. (Q1FY13) [OPR: CS-TMSN]


Action 6.1.9 Co-lead (with USD(AT&L)) development of a DoD-wide strategy for countering counterfeits in the global supply chain. DoD, in coordination with DIB and a wider commercial base, will provide for international standards in this space. [OPR: CS-TMSN]

Task 6.1.9.1 Develop DoD-wide counterfeits policy with a special interest on NDAA Section 818. (Q1FY13) [OPR: CS-TMSN]

Action 6.1.10 Work across the DoD enterprise to coordinate and develop strategic cybersecurity enterprise performance measurement and conduct monthly, quarterly, and annual data collection, analysis, and reporting. [OPR: CS-DIAP]

Task 6.1.10.1 Establish FISMA guidance for collecting and reporting OMB-driven metrics data. (Q1FY14) [OPR: CS-DIAP]

Task 6.1.10.2 Respond quarterly to audits and data calls from GAO, OMB, and DoD IG. (Q1FY13) [OPR: CS-DIAP]

Task 6.1.10.3 Participate in development of congressional reports (e.g. NDAA Section 922, FISMA) and lead data calls to DoD Components in support of narrative development. (Q1FY13) [OPR: CS-DIAP]

Action 6.1.11 Develop a DoD strategy and policy for secure cloud computing. [OPR: CS-CSS] [2.1]

Task 6.1.11.1 Coordinate final cloud security report to be submitted by DSB task force. (Q1FY13) [OPR: CS-CSS] [2.1]

Task 6.1.11.2 Develop DoD policy for secure cloud computing. (Q1FY14) [OPR: IE-SP; OCR: CS-CSP] [2.1]

Action 6.1.12 Co-chair an interim task force with DHS to mitigate risk to government missions stemming from private sector telecom infrastructure sourcing decisions. [OPR: CS-TMSN]

Task 6.1.12.1 Implement Deputies Committee guidance in cooperation with the interagency to mitigate supply chain risk to the telecommunications sector by addressing authorities gaps, working with the private sector to pilot a transactional notification and discussion framework, and moving forward on a standards and regulatory strategy. (Q2FY13) [OPR: CS-TMSN] [5.5]

Task 6.1.12.2 Support Office of Science and Technology Policy (OSTP) and the national security staff in development of Primary Mission Essential Function analysis. (Q4FY13) [OPR: CS-TMSN]

Action 6.1.13 Conduct FY11 NDAA Section 806 procurement pilots (which clarify DoD authorities to manage supply chain risk using procurement decisions). [OPR: CS-TMSN]

Task 6.1.13.1 Develop and refine guidance for using NDAA Section 806. (Q3FY13) [OPR: CS-TMSN]

Action 6.1.14 Lead IA program portfolio development to guide and influence the funding and acquisition of IA commodities, in alignment with the PPBE and acquisition activities, to ensure an optimal balance of risks and investments is achieved. [OPR: CS-DIAP]

Task 6.1.14.1 Evaluate and report performance of the Defense-wide IA program against cost, schedule, and performance to assess achievement of strategic objectives. (Q2FY13) [OPR: CS-DIAP]


Task 6.1.14.2 Propose new language for OMB A-130. (Q2FY13) [OPR: CS-DIAP]

PRI 6.2: Better, Agile, Safe Sharing [OPR: CS-IAC] Objective: Sharing with whatever partners a mission requires can be established quickly and safely, and ensuring that the sharing is sufficiently rich that mission execution is effective.

Relevance: This priority recognizes that almost every DoD mission is done with partners from outside the department, and that cybersecurity requirements are often one of the reasons sharing is difficult or impossible to establish and maintain. It is a core DoD cybersecurity goal to improve this situation, in a way consistent with the mission dependability requirement of Priority 6.1.

Action 6.2.1 Coordinate and oversee DoD IA acquisition and technology, DISA-related, and cross domain policy development through collaboration with stakeholders. [OPR: CS-CSP]

Task 6.2.1.1 Oversee development and formal staffing of a new DoDI 8540.aa to establish/identify policy, procedures, and responsibilities for the cross domain environment. Recommend updates to DoDI 8500.02 and 8510 to delineate new roles and responsibilities for the UCDMO within DoD and to modify current approval processes to include CDS. (Q4FY13) [OPR: CS-CSP; OCR: CS-UCDMO]

Task 6.2.1.2 Update DoDI 8551.01, “Ports, Protocols, and Services Management (PPSM)” to include the latest practices and procedures. (Q4FY13) [OPR: CS-CSP; OCR: CS-DIAP]

Action 6.2.2 Establish methods, policies, and procedures with authorized mission, interagency, industry, and non-governmental partners to assure secure access to and protection of DoD information. [OPR: CS-DIB]

Task 6.2.2.1 Partner with DIB members to strengthen cybersecurity of DoD program information that resides on, or transits, DIB unclassified information systems. Continue support to current DIB partners, conduct industry outreach, and implement on boarding processes to bring new partners into the program. (Q4FY13) [OPR: CS-DIB]

Task 6.2.2.2 Improve DIB CS/IA collaboration with DIB partners through site visits, briefings, meetings (with the Chief Executive Officer, CIO, and Chief Information Security Officer), and other related activities to discuss information assurance best practices, emerging technologies, alternatives for improving the safeguarding of DoD unclassified DIB information, as well as highlighting innovative industry capabilities and processes for consideration in DoD information systems. (Q4FY14) [OPR: CS-DIB]

Task 6.2.2.3 Provide periodic DIB Network (DIBNet) - (Unclassified (U)) / (Secret (S)) enhancements (e.g., functionality, capacity, etc.), in coordination with DISA, to ensure more robust cybersecurity collaboration with DIB partners (e.g., threat information sharing, incident response). (Q4FY14) [OPR: CS-DIB]

Action 6.2.3 Work with USD(P) Cyber Policy, interagency and commercial partners to ensure the global Internet evolves in a stable, secure, and open manner and is capable of supporting DoD missions. [OPR: CS-CSS]


Task 6.2.3.1 Protect and advocate for DoD Internet equities through the Emergency Operations Plan (EOP)-led effort to develop a cohesive USG strategy and policy framework across multiple related, but distinct, Internet governance (IG) activities. (Q2FY13) [OPR: CS-CSS]

Task 6.2.3.2 Protect and advocate for DoD Internet equities as part of the State Department delegation to the International Telecommunication Union (ITU) World Conference on International Telecommunications 2012 treaty organization; attend three council working group meetings in Geneva, regional meetings in Africa and Latin America, and weekly, USG-only preparatory sessions. (Q1FY13) [OPR: CS-CSS]

Task 6.2.3.3 Protect and advocate for DoD Internet equities at meetings of the USG, National Telecommunications and Information Administration (NTIA) Domain Name System Interagency Working Group, Internet Corporation for Assigned Names and Numbers (ICANN), Internet Engineering Task Force, ICANN’s Root Server System Advisory Committee, and Internet Society Advisory Council. Engage in key IG policy development pertaining to IP version 4 (IPv4) legacy address space exhaustion. Resource PKI implementation; new generic top-level Domains; and the Internet Assigned Numbers Authority (IANA) functions and VeriSign contract re-competitions. (Q3FY13) [OPR: CS-CSS] – NOT RESOURCED

Task 6.2.3.4 Protect and advocate for DoD Internet equities by regularly monitoring other international IG organizations and their IG-related initiatives to inform key DoD stakeholders of the broader implications regarding DoD and USG equities. These organizations include: ITU; Internet Governance Forum; Organization for Economic Co-operation and Development; Asia-Pacific Economic Cooperation; American Registry for Internet Numbers; North American Network Operators’ Group; and Réseaux IP Europeans. (Q2FY13) [OPR: CS-CSS] – NOT RESOURCED

Action 6.2.4 Institutionalize DoD enterprise authentication as a critical and enduring cyber technology area via development and oversight of Department-wide strategy, policy, guidance, processes, standards, risk management, and governance. [OPR: CS-IAC; OCR: CS-CSP]

Task 6.2.4.1 Represent DoD CIO identity assurance and enterprise authentication equities in the Identity Protection and Management Senior Coordinating Group (IPMSCG) Identity Council’s development of a DoD-wide IPMSCG charter. (Complete) [OPR: CS-IAC] [5.5]

Task 6.2.4.2 Collaborate with CC/S/As to develop and publish the DoD IdA CONOPS. (Complete) [OPR: CS-IAC]

Task 6.2.4.3 Collaborate with CC/S/As to develop and publish the DoD IdA Implementation Guidance and Roadmap. (Q2FY13) [OPR: CS-IAC]

Task 6.2.4.4 Develop the DoD Cyber Identity Assurance Deny Anonymity Strategy and POA&M to institutionalize from an authentication technology focus (e.g., PKI, PKE, and biometrics) to an enduring cybersecurity enterprise authentication mission-driven focus. (Q2FY13) [OPR: CS-IAC]

Task 6.2.4.5 Support the Defense Security Enterprise Advisory Group development of integrated enterprise authentication, fitness determination, and the continuous vetting of policies and guidance, technologies, and services supporting authorization decisions for logical and physical access control. (Q2FY13) [OPR: CS-IAC]


Task 6.2.4.6 Assess and document existing activities for non-person entity identity assurance and credential lifecycle management; develop recommendations as required. (Q1FY13) [OPR: CS-IAC]

Action 6.2.5 Ensure DoD maintains a secure, operationally effective, and efficient enterprise authentication technical capability. [OPR: CS-IAC]

Task 6.2.5.1 Analyze DoD Component secure hash algorithm (SHA)-256 assessments and deliver DoD SHA-256 transition plan to DoD CIO leadership. (Q1FY13) [OPR: CS-IAC]

Task 6.2.5.2 Provide PKI-related input to DIAP’s development of automated, continuous monitoring requirements, dashboards, and toolsets that ensure enterprise authentication technical capabilities are implemented to enable denial of anonymity to DoD networks, services, and information resources. (Q4FY13) [OPR: CS-IAC] [7.2]

Task 6.2.5.3 Report on USCYBERCOM and DISA's progress in developing automated monitoring of PKI configuration of servers. (Q1FY13) [OPR: CS-IAC] [7.1, 7.2]

Task 6.2.5.4 Collaborate with the DoD Biometrics Executive Committee and COI to develop a DoD roadmap to define biometric technology support for DoD enterprise authentication. (Q4FY13) [OPR: CS-IAC]

Action 6.2.6 Ensure DoD enterprise authentication security architecture is implemented to mitigate cyber risk and vulnerabilities in DoD networks, services, and information resources. [OPR: CS-IAC]

Task 6.2.6.1 Support the development of DoD enterprise authentication cybersecurity architecture standards that mitigate cyber risk and vulnerabilities in the implementation of authentication technical capabilities. (Q4FY13) [OPR: CS-IAC] [1.4]

Task 6.2.6.2 Provide compliance progress reports to senior leadership on installation of DoD PKI certificates on DoD NIPRNet web servers. (Q4FY13) [OPR: CS-IAC]

Task 6.2.6.3 Provide compliance progress reports to senior leadership on configuration of 93% of DoD’s NIPRNet web servers to support PKI-based (client-side) authentication. (Q4FY13) [OPR: CS-IAC]

Task 6.2.6.4 Provide compliance progress reports to senior leadership on 100% issuance of NSS PKI hardware tokens to DoD personnel on SIPRNet. (Q1FY13) [OPR: CS-IAC]

Task 6.2.6.5 Provide compliance progress reports to senior leadership on 100% configuration of DoD user accounts for cryptographic network logon with NSS PKI hardware tokens on SIPRNet. (Q3FY13) [OPR: CS-IAC] **

Task 6.2.6.6 Provide compliance progress reports to senior leadership on installation of DoD and/or NSS PKI certificates on DoD SIPRNet web servers. (Q4FY13) [OPR: CS-IAC]

Task 6.2.6.7 Provide compliance progress reports to senior leadership on 100% configuration of DoD SIPRNet web servers to require PKI-based (client-side) authentication. (Q4FY13) [OPR: CS-IAC]

Action 6.2.7 Ensure DoD alignment with federal ICAM initiatives to improve information sharing and interoperability across the Department and the federal government. [OPR: CS-CSP]


Task 6.2.7.1 Publish the DoD ICAM Transition Plan. (Q1FY13) [OPR: CS-CSP]

Task 6.2.7.2 Publish the DoD IdAM/ICAM Reference Architecture. (Q4FY13) [OPR: CS-CSP] – NOT RESOURCED

Task 6.2.7.3 Promulgate CIO guidance on acceptance and use of non-federally issued credentials. (Q1FY13) [OPR: CS-CSP]

Task 6.2.7.4 Re-charter the NSS Identity and Access Working Group to bridge the IC Authorization and Attribute Service Committee and the ICAM Attribute Governance Working Group, under CNSS authority. (Q2FY13) [OPR: CS-CSP]

Task 6.2.7.5 Publish relying party guidance for enabling access with non-DoD issued, approved credentials. (Q4FY13) [OPR: CS-CSP]

Task 6.2.7.6 Lead efforts to add functionality to identity assurance level 4 credentials (stored value cards, public transit). (Q4FY13) [OPR: CS-CSP]

Task 6.2.7.7 Build upon the relationship with the Netherlands to encourage other European Union Countries to expand use of DoD-approved credentials. (Q4FY13) [OPR: CS-CSP]

Task 6.2.7.8 Contribute to and guide development of Federal Information Processing Standard (FIPS) Publication 201-2. (Q4FY13) [OPR: CS-CSP]

PRI 6.3: DoD and Its Mission Partners Can Keep a Secret [OPR: CS-IAC , CS-DIAP]

Objective: Military missions require the ability to generate information, make plans, and take actions, all in a way that an adversary cannot see. Information, regardless of classification, must be protected at the appropriate level from improper disclosure or being compromised by an adversary.

Relevance: Confidentiality, or the ability to keep a secret, remains a core DoD cybersecurity requirement.

Action 6.3.1 Coordinate and oversee DoD COMSEC, industrial base cybersecurity and cyber defense policy development through collaboration with stakeholders. [OPR: CS-CSP, CS-IAC]

Task 6.3.1.1 Establish and lead a COMSEC working group to plan for modernizing COMSEC, implementing KMI, and developing the required policies necessary for management of the COMSEC effort. (Q1FY13) [OPR: CS-IAC]

Task 6.3.1.2 Identify gaps in both DoD and national COMSEC policies. (Q4FY13) [OPR: CS-IAC]

Action 6.3.2 Support DoDD 5205.jj, “DoD Insider Threat Program”. [OPR: CS-DIAP]

Task 6.3.2.1 Mitigate DoD insider threat through development of program IA details and integration of overall actions with USD(I) and ASD(HD&ASA). (Q1FY13) [OPR: CS-DIAP]

Task 6.3.2.2 Provide support in the development of insider threat requirements, working with USCYBERCOM. (Q1FY13) [OPR: CS-DIAP]


Action 6.3.3 Oversee the Cryptographic Modernization (CryptoMod) initiative. [OPR: CS-IAC]

Task 6.3.3.1 Conduct a study to scope the CryptoMod effort to determine the current threat and the highest priorities for replacing COMSEC equipment. (Q4FY13) [OPR: CS-IAC] – NOT RESOURCED

Task 6.3.3.2 Develop a roadmap and implementation plan for cryptographic modernization after the study in Task 6.3.3.1 is complete. (Q4FY13) [OPR: CS-IAC]

Task 6.3.3.3 Conduct a study to determine if radios will interoperate in a secure mode without the implementation of a cryptographic secure voice interoperability specification. If not, develop a policy to apply to secure voice equipment mandating implementation of the tactical secure voice cryptographic interoperability specification. (Q3FY13) [OPR: CS-IAC; OCR: IC-C4II]

Task 6.3.3.4 Work with CNSS members to ensure they are engaged in efforts to modernize their cryptographic equipment. (Q4FY13) OPR: [CS-IAC]

Task 6.3.3.5 On behalf of the NLCC EMB, oversee all actions supporting nuclear and national leadership C3 CryptoMod transition dates. (Q4FY13) [OPR: IC-NLCC]

Action 6.3.4 Chair the Cross Domain Community Security Testing Group and sponsor tiger teams in support of CDS assessment reciprocity. [OPR: CS-UCDMO]

Task 6.3.4.1 Publish a Cross Domain Security Assessors Guide to the Security Controls Guidance and Intent document. Develop CDS-related test objectives, procedures, and a certification test and evaluation report format (template) to augment the Cross Domain Overlay Guidance and Intent. (Q1FY13) [OPR: CS-UCDMO]

Action 6.3.5 Develop and deliver training to CDSEs to ensure they are equipped with information required to support CC/S/As. [OPR: CS-UCDMO]

Task 6.3.5.1 Publish summary of CDSE processes and leading practices that may be leveraged to increase CDSE maturity/effectiveness throughout the DoD/IC cross domain community. (Complete) [OPR: CS-UCDMO]

Task 6.3.5.2 Develop and promulgate a CDSE maturation strategy and a CDSE training plan. (Complete) [OPR: CS-UCDMO]

Action 6.3.6 Enable secure posting of information and improve protection of DoD staff against directed cyber attacks. [OPR: CS-DIAP] – NOT RESOURCED

Task 6.3.6.1 Publish the signed digital persona directive, DoDD 8583. (Q2FY15) [OPR: CS-DIAP; OCR: CS-CSP] – NOT RESOURCED

Action 6.3.7 Oversee the implementation of KMI. [OPR: CS-IAC]

Task 6.3.7.1 Lead transition planning for KMI to enable NSA, Military Services, and CNSS members to transition from all tiers of the Electronic Key Management System (EKMS) to KMI. (Q4FY13) [OPR: CS-IAC]

Task 6.3.7.2 Establish an EKMS to KMI Tier 2 Transition Tiger Team with NSA and Military Services to develop and publish transition planning from the current EKMS local management device/key processor to the KMI management client. (Q1FY13) [OPR: CS-IAC]


Task 6.3.7.3 Manage, in conjunction with USD(AT&L), the KMI Quarterly Program Reviews. (Q1FY13) [OPR: CS-IAC]

PRI 6.4: Give Mission Commanders Freedom of Action in Cyberspace [OPR: CS-TMSN] Objective: The large, shared infrastructures that DoD uses (NIPRNet, SIPRNet and the Joint Worldwide Intelligence Communications System (JWICS)) often let the mission risk assumed by one commander spill into the missions of other commanders. This cybersecurity priority is focused on deploying architectures, structures, and technologies in software applications, data centers, and networks in order to isolate risk by mission.

Relevance: Contain risk so that DoD can support multiple missions, with multiple (changing) risk postures, simultaneously.

Action 6.4.1 Coordinate with USSTRATCOM, NSA, DISA, and USCYBERCOM to ensure that customer-required cross domain enterprise services and capabilities are made available. [OPR: CS-UCDMO]

Task 6.4.1.1 Deliver a CD enterprise solution. (Q4FY13) [OPR: CS-UCDMO]

Action 6.4.2 Ensure trusted, interoperable, and reciprocated authentication technical capabilities and security architecture are maintained and readily enabled for DoD mission partners to support the full range of military operations. [OPR: CS-IAC]

Task 6.4.2.1 Report on the progress of the DoD's interagency policy governing interoperability with the CNSS PKI Member Governing Board’s development of CNSS PKI and PK-enabling policy. (Q1FY13) [OPR: CS-IAC]

Task 6.4.2.2 Deliver a transition strategy (in concert with an international agreement (DoD CIO/International Affairs lead)) to facilitate interoperability with federal and foreign partners and compliance with DoD's SIPRNet PKI cryptographic logon and PK-enabling requirement. (Q3FY13) [OPR: CS-IAC]

Task 6.4.2.3 Develop DoD CIO memo requiring Five Eyes (FVEY) partners to purchase external certification authority tokens for new FVEY users who wish to access NIPRNet resources after 31 May 2012. Coordinate with Joint Staff and FVEY partners to ensure intent of the memo is implemented. (Complete) [OPR: CS-IAC]

Action 6.4.3 Develop a strategy and plan for the implementation of a web-accessible, cross domain portal solution for file transfer capability in support of the AFPAK theater of operations, as well as other mission networks (i.e., overseas contingency operations (OCO)). [OPR: CS-UCDMO]

Task 6.4.3.1 Deliver enterprise cross domain services and solutions (i.e., OCO). (Q1FY13) [OPR: CS-UCDMO] – NOT RESOURCED


PRI 6.5: Cybersecurity Requirements and Processes Support Agile Technology Uptake in DoD [OPR: CS-DIAP]

Objective: Security requirements and processes are often cited as the reason particular technologies cannot be fielded, or are slow to be fielded. This priority is focused both on changing processes to better enable agile technology uptake, and on deploying technologies that can lower the risk of use of new and/or poorly understood technologies.

Relevance: Enabling new technologies to be fielded quickly in order to keep pace with advancements and keep abreast of developing threats.

Action 6.5.1 Strengthen the Information System Security Engineer (ISSE) workforce. [OPR: CS-DIAP; OCR: IE-IM]

Task 6.5.1.1 Foster ISSE talent for acquisition programs and grow talent as part of acquisition workforce. Develop an ISSE career path to ensure continued development. (Q2FY13) [OPR: CS-DIAP; OCR: IE-IM]

Action 6.5.2 Ensure efficient integration of cybersecurity into the acquisition process. [OPR: CS-DIAP]

Task 6.5.2.1 Tie together DoD acquisition and C&A processes through engagement, input to vendors, planning/guidance documents, Guidance to Development of the Force and Quadrennial Defense Reviews. (Q4FY13) [OPR: CS-DIAP]

Task 6.5.2.2 Update DoDI 8500.02 and DoDI 8510.01 to show clear ties between the DoD acquisition process and the C&A process (soon to be the Risk Management Framework). (Q4FY13) [OPR: CS-CSP; OCR: CS-DIAP]

Task 6.5.2.3 Recommend updates to DoDI 5000.02 to include cybersecurity policy requirements for acquisition programs at each milestone. (Q2FY13) [OPR: CS-CSP; OCR: CS-DIAP] [4.3]

Task 6.5.2.4 Encourage and enforce compliance with July 23, 2009 DoD CIO memo “DoD Information System Certification and Accreditation Reciprocity”. (Q2FY13) [OPR: CS-DIAP] [7.3]

Task 6.5.2.5 Tie into the acquisition process an operational understanding of risk, determined through continuous monitoring of networks and systems and the re-accreditation process. (Q2FY13) [OPR: CS-DIAP]

Task 6.5.2.6 Integrate system engineering architectures into the acquisition process with the necessary properties to tie to mission systems. (Q1FY13) [OPR: CS-CSS]

Task 6.5.2.7 Carry out the DSOC Private Sector Partnership Strategy to reach out to small and medium size technology firms to accelerate intake of innovation into the enterprise using outreach venues (such as, but not limited to, Security Innovation Network, cyber pilots, and leveraging/re-invigorating existing DoD venues). (Q2FY13) [OPR: CS-CSS]

Task 6.5.2.8 Develop standardized cybersecurity compliance metrics to streamline compliance checking throughout the acquisition process. (Q1FY13) [OPR: CS-DIAP]

Task 6.5.2.9 Develop and mandate use of enterprise cross domain solutions. (Q3FY13) [OPR: CS-UCDMO; OCR: CS-CSP] – NOT RESOURCED

DoD Chief Information Officer 6000 Defense Pentagon

Room 3E1030 Washington, DC 20301-6000