10 U.S. Code § 2223a - Information technology acquisition planning and oversight requirements
(a) Establishment of Program.— The Secretary of Defense shall establish a program to improve the planning and oversight processes for the acquisition of major automated information systems by the Department of Defense.
(b) Program Components.— The program established under subsection (a) shall include—
(1)a documented process for information technology acquisition planning, requirements development and management, project management and oversight, earned value management, and risk management;
(2)the development of appropriate metrics that can be implemented and monitored on a real-time basis for performance measurement of—
(3)a process to ensure that key program personnel have an appropriate level of experience, training, and education in the planning, acquisition, execution, management, and oversight of information technology systems;
(4)a process to ensure sufficient resources and infrastructure capacity for test and evaluation of information technology systems;
(5)a process to ensure that military departments and Defense Agencies adhere to established processes and requirements relating to the planning, acquisition, execution, management, and oversight of information technology programs and developments; and
Source(Added Pub. L. 111–383, div. A, title VIII, § 805(a)(1),Jan. 7, 2011, 124 Stat. 4259.)
Modular Open Systems Approaches in Acquisition Programs
“(a) Plan for Modular Open Systems Approach Through Development and Adoption of Standards and Architectures.—Not later than January 1, 2016, the Under Secretary of Defense for Acquisition, Technology, and Logistics shall submit a report to the Committees on Armed Services of the Senate and the House of Representatives detailing a plan to develop standards and define architectures necessary to enable open systems approaches in the key mission areas of the Department of Defense with respect to which the Under Secretary determines that such standards and architectures would be feasible and cost effective.
“(b) Consideration of Modular Open Systems Approaches.—
“(1) Review of acquisition guidance.—The Under Secretary of Defense for Acquisition, Technology, and Logistics shall review current acquisition guidance, and modify such guidance as necessary, to—
“(A) ensure that acquisition programs include open systems approaches in the product design and acquisition of information technology systems to the maximum extent practicable; and
“(B) for any information technology system not using an open systems approach, ensure that written justification is provided in the contract file for the system detailing why an open systems approach was not used.
“(2) Elements.—The review required in paragraph (1) shall—
“(A) consider whether the guidance includes appropriate exceptions for the acquisition of—
“(i) commercial items; and
“(ii) solutions addressing urgent operational needs;
“(B) determine the extent to which open systems approaches should be addressed in analysis of alternatives, acquisition strategies, system engineering plans, and life cycle sustainment plans; and
“(C) ensure that increments of acquisition programs consider the extent to which the increment will implement open systems approaches as a whole.
“(3) Deadline for review.—The review required in this subsection shall be completed no later than 180 days after the date of the enactment of this Act [Dec. 19, 2014].
“(c) Treatment of Ongoing and Legacy Programs.—
“(1) Report requirement.—Not later than one year after the date of the enactment of this Act, the Under Secretary of Defense for Acquisition, Technology, and Logistics shall submit to the Committees on Armed Services of the Senate and the House of Representatives a report covering the matters specified in paragraph (2).
“(2) Matters covered.—Subject to paragraph (3), the report required in this subsection shall—
“(A) identify all information technology systems that are in development, production, or deployed status as of the date of the enactment of this Act, that are or were major defense acquisition programs or major automated information systems, and that are not using an open systems approach;
“(B) identify gaps in standards and architectures necessary to enable open systems approaches in the key mission areas of the Department of Defense, as determined pursuant to the plan submitted under subsection (a); and
“(C) outline a process for potential conversion to an open systems approach for each information technology system identified under subparagraph (A).
“(3) Limitations.—The report required in this subsection shall not include information technology systems—
“(A) having a planned increment before fiscal year 2021 that will result in conversion to an open systems approach; and
“(B) that will be in operation for fewer than 15 years after the date of the enactment of this Act.
“(d) Definitions.—In this section:
“(1) Information technology.—The term ‘information technology’ has the meaning given the term in section 11101 (6) of title 40, United States Code.
“(2) Open systems approach.—The term ‘open systems approach’ means, with respect to an information technology system, an integrated business and technical strategy that—
“(A) employs a modular design and uses widely supported and consensus-based standards for key interfaces;
“(B) is subjected to successful validation and verification tests to ensure key interfaces comply with widely supported and consensus-based standards; and
“(C) uses a system architecture that allows components to be added, modified, replaced, removed, or supported by different vendors throughout the lifecycle of the system to afford opportunities for enhanced competition and innovation while yielding—
“(i) significant cost and schedule savings; and
“(ii) increased interoperability.”
Operational Metrics for Joint Information Environment and Supporting Activities
“(a) Guidance.—Not later than 180 days after the date of the enactment of this Act [Dec. 19, 2014], the Secretary of Defense, acting through the Chief Information Officer of the Department of Defense, shall issue guidance for measuring the operational effectiveness and efficiency of the Joint Information Environment within the military departments, Defense Agencies, and combatant commands. The guidance shall include a definition of specific metrics for data collection, and a requirement for each military department, Defense Agency, and combatant command to regularly collect and assess data on such operational effectiveness and efficiency and report the results to such Chief Information Officer on a regular basis.
“(b) Baseline Architecture.—The Chief Information Officer of the Department of Defense shall identify a baseline architecture for the Joint Information Environment by identifying and reporting to the Secretary of Defense any information technology programs or other investments that support that architecture.
“(c) Joint Information Environment Defined.—In this section, the term ‘Joint Information Environment’ means the initiative of the Department of Defense to modernize the information technology networks and systems within the Department.”
Supervision of the Acquisition of Cloud Computing Capabilities
“(1) In general.—The Secretary of Defense shall, acting through the Under Secretary of Defense for Acquisition, Technology, and Logistics, the Under Secretary of Defense for Intelligence, the Chief Information Officer of the Department of Defense, and the Chairman of the Joint Requirements Oversight Council, supervise the following:
“(A) Review, development, modification, and approval of requirements for cloud computing solutions for data analysis and storage by the Armed Forces and the Defense Agencies, including requirements for cross-domain, enterprise-wide discovery and correlation of data stored in cloud and non-cloud computing databases, relational and non-relational databases, and hybrid databases.
“(B) Review, development, modification, approval, and implementation of plans for the competitive acquisition of cloud computing systems or services to meet requirements described in subparagraph (A), including plans for the transition from current computing systems to systems or services acquired.
“(C) Development and implementation of plans to ensure that the cloud systems or services acquired pursuant to subparagraph (B) are interoperable and universally accessible and usable through attribute-based access controls.
“(D) Integration of plans under subparagraphs (B) and (C) with enterprise-wide plans of the Armed Forces and the Department of Defense for the Joint Information Environment and the Defense Intelligence Information Environment.
“(2) Direction.—The Secretary shall provide direction to the Armed Forces and the Defense Agencies on the matters covered by paragraph (1) by not later than March 15, 2014.
“(b) Integration With Intelligence Community Efforts.—The Secretary shall coordinate with the Director of National Intelligence to ensure that activities under this section are integrated with the Intelligence Community Information Technology Enterprise in order to achieve interoperability, information sharing, and other efficiencies.
“(c) Limitation.—The requirements of subparagraphs (B), (C), and (D) of subsection (a)(1) shall not apply to a contract for the acquisition of cloud computing capabilities in an amount less than $1,000,000.
“(d) Rule of Construction.—Nothing in this section shall be construed to alter or affect the authorities or responsibilities of the Director of National Intelligence under section 102A of the National Security Act of 1947 (50 U.S.C. 3024).”
Data Servers and Centers
Pub. L. 112–81, div. B, title XXVIII, § 2867,Dec. 31, 2011, 125 Stat. 1704, as amended by Pub. L. 112–239, div. B, title XXVIII, § 2853,Jan. 2, 2013, 126 Stat. 2161, provided that:
“(a) Limitations on Obligation of Funds.—
“(A) Before performance plan.—During the period beginning on the date of the enactment of this Act [Dec. 31, 2011] and ending on May 1, 2012, a department, agency, or component of the Department of Defense may not obligate funds for a data server farm or data center unless approved by the Chief Information Officer of the Department of Defense or the Chief Information Officer of a component of the Department to whom the Chief Information Officer of the Department has specifically delegated such approval authority.
“(B) Under performance plan.—After May 1, 2012, a department, agency, or component of the Department may not obligate funds for a data center, or any information systems technology used therein, unless that obligation is in accordance with the performance plan required by subsection (b) and is approved as described in subparagraph (A).
“(2) Requirements for approvals.—
“(A) Before performance plan.—An approval of the obligation of funds may not be granted under paragraph (1)(A) unless the official granting the approval determines, in writing, that existing resources of the agency, component, or element concerned cannot affordably or practically be used or modified to meet the requirements to be met through the obligation of funds.
“(B) Under performance plan.—An approval of the obligation of funds may not be granted under paragraph (1)(B) unless the official granting the approval determines that—
“(i) existing resources of the Department do not meet the operation requirements to be met through the obligation of funds; and
“(ii) the proposed obligation is in accordance with the performance standards and measures established by the Chief Information Officer of the Department under subsection (b).
“(3) Reports.—Not later than 30 days after the end of each calendar quarter, each Chief Information Officer of a component of the Department who grants an approval under paragraph (1) during such calendar quarter shall submit to the Chief Information Officer of the Department a report on the approval or approvals so granted during such calendar quarter.
“(b) Performance Plan for Reduction of Resources Required for Data Servers and Centers.—
“(1) Component plans.—
“(A) In general.—Not later than January 15, 2012, the Secretaries of the military departments and the heads of the Defense Agencies shall each submit to the Chief Information Officer of the Department a plan for the department or agency concerned to achieve the following:
“(i) A reduction in the square feet of floor space devoted to information systems technologies, attendant support technologies, and operations within data centers.
“(ii) A reduction in the use of all utilities necessary to power and cool information systems technologies and data centers.
“(iii) An increase in multi-organizational utilization of data centers, information systems technologies, and associated resources.
“(iv) A reduction in the investment for capital infrastructure or equipment required to support data centers as measured in cost per megawatt of data storage.
“(v) A reduction in the number of commercial and government developed applications running on data servers and within data centers.
“(vi) A reduction in the number of government and vendor provided full-time equivalent personnel, and in the cost of labor, associated with the operation of data servers and data centers.
“(B) Specification of required elements.—The Chief Information Officer of the Department shall specify the particular performance standards and measures and implementation elements to be included in the plans submitted under this paragraph, including specific goals and schedules for achieving the matters specified in subparagraph (A).
“(2) Defense-wide plan.—
“(A) In general.—Not later than April 1, 2012, the Chief Information Officer of the Department shall submit to the congressional defense committees [Committees on Armed Services and Appropriations of the Senate and the House of Representatives] a performance plan for a reduction in the resources required for data centers and information systems technologies Department-wide. The plan shall be based upon and incorporate appropriate elements of the plans submitted under paragraph (1).
“(B) Elements.—The performance plan required under this paragraph shall include the following:
“(i) A Department-wide performance plan for achieving the matters specified in paragraph (1)(A), including performance standards and measures for data centers and information systems technologies, goals and schedules for achieving such matters, and an estimate of cost savings anticipated through implementation of the plan.
“(ii) A Department-wide strategy for each of the following:“(I) Desktop, laptop, and mobile device virtualization. “(II) Transitioning to cloud computing. “(III) Migration of Defense data and government-provided services from Department-owned and operated data centers to cloud computing services generally available within the private sector that provide a better capability at a lower cost with the same or greater degree of security. “(IV) Utilization of private sector-managed security services for data centers and cloud computing services. “(V) A finite set of metrics to accurately and transparently report on data center infrastructure (space, power and cooling): age, cost, capacity, usage, energy efficiency and utilization, accompanied with the aggregate data for each data center site in use by the Department in excess of 100 kilowatts of information technology power demand. “(VI) Transitioning to just-in-time delivery of Department-owned data center infrastructure (space, power and cooling) through use of modular data center technology and integrated data center infrastructure management software.
“(3) Responsibility.—The Chief Information Officer of the Department shall discharge the responsibility for establishing performance standards and measures for data centers and information systems technologies for purposes of this subsection. Such responsibility may not be delegated.
“(1) Intelligence components.—The Chief Information Officer of the Department and the Chief Information Officer of the Intelligence Community may jointly exempt from the applicability of this section such intelligence components of the Department of Defense (and the programs and activities thereof) that are funded through the National Intelligence Program (NIP) as the Chief Information Officers consider appropriate.
“(2) Research, development, test, and evaluation programs.—The Chief Information Officer of the Department may exempt from the applicability of this section research, development, test, and evaluation programs that use authorization of appropriations for the High Performance Computing Modernization Program (Program Element 0603461A) if the Chief Information Officer determines that the exemption is in the best interest of national security.
“(d) Reports on Cost Savings.—
“(1) In general.—Not later than March 1 of each fiscal year, and ending in fiscal year 2016, the Chief Information Officer of the Department shall submit to the appropriate committees of Congress a report on the cost savings, cost reductions, cost avoidances, and performance gains achieved, and anticipated to be achieved, as of the date of such report as a result of activities undertaken under this section.
“(2) Appropriate committees of congress defined.—In this subsection, the term ‘appropriate committees of Congress’ means—
“(A) the Committee on Armed Services, the Committee on Appropriations, and the Select Committee on Intelligence of the Senate; and
“(B) the Committee on Armed Services, the Committee on Appropriations, and the Permanent Select Committee on Intelligence of the House of Representatives.”