Agencies may soon have new IT capital planning guidance from the Office of Management and Budget.
The policy will help agencies better measure, manage and communicate the budget, costs and value of major IT investments and projects, such as data center consolidation or cybersecurity, Kelly Morrison, a performance analyst for OMB’s Office of the Federal Chief Information Officer, said during an April 4 panel discussion at the 2017 GITEC Summit in Annapolis, Maryland.
“We’re really thinking about … the information that both agencies and OMB need and how can OMB begin collecting the same information, so ultimately the agencies and OMB are using the same sheet of music for decision making and to provide oversight of investments,” she said.
The goal is to help agencies be more open and transparent about the IT investments they make and align those priorities with the federal budgeting process, Morrison said.
“Right now, we don’t have a great way to view what’s truly legacy and what needs to be modernized,” she said. “We know where modernization is taking place for the most part, but we don’t know what the true legacy is.”
OMB is expected to circulate a new policy May 5. Agencies will have a chance to comment, and OMB will incorporate the finalized policy in a new release of Circular A-11, Morrison told Federal News Radio. The policy is expected to have agencies adopt the Technology Business Management Council’s taxonomy, which would standardize the way organizations measure and manage IT costs.
This data will ultimately drive OMB’s decisions around budgeting for major IT investments.
This is a common theme for OMB this transition year, as it continues to help agencies tear down barriers to recruiting and training new and existing cybersecurity professionals and on buying digital services.
“More so than ever before, we’re having engagements with agencies on a daily basis now, meeting with chief financial officers, CIOs and their teams to ensure that you all are properly resourced to address the cyber threat,” Joshua Moses, director of cybersecurity performance management at OMB, said. “In a lot of ways, it’s continuation but making sure we can move the ball going forward throughout this administration.”
If agencies can train their employees and improve IT budgeting now, they’ll be better prepared to handle those major IT modernization and acquisition projects when more concrete spending levels and priorities are in place in the future, OMB officials said.
Agencies hired more than 7,500 new cyber and IT professionals in 2016, according to the fiscal 2016 Federal Information Security Management Act (FISMA) report to Congress. The 2016 total is well above the 5,100 new hires agencies made in 2015. That’s due, in part, to a concerted effort OMB made in 2016 when it released the first-ever cyber workforce strategy.
In recent months, OMB has been working with agencies to get them out in the field and on college campuses to recruit IT experts. It’s also helping agencies apply best recruitment practices from the National Security Agency and Homeland Security Department.
Nicole Ogrysko discusses this story on Federal Drive with Tom Temin
In addition, OMB is working with agencies — both small and large — to determine what capabilities they’ll need in-house, given the promise of tighter budgets in the future, Moses said.
“[We’re] com[ing] back to the budget and saying, ‘Where do we want to go? Do you need to have these capabilities at your agency? If it’s something that you don’t believe that you can do well, can you outsource it?'” he said.
The National Institute of Standards and Technology is in the middle of publishing the final version of the National Initiative for Cybersecurity Education (NICE) Cybersecurity Framework, or NIST special publication 800-181, which should give agencies more concrete guidance on building a strong cyber talent pipeline.
Agencies have had the opportunity to provide comments on the draft version, which NIST published in November.
“This is going to be the first time that we really get a comprehensive view of everyone who’s doing cyber work,” Moses said. “All of you may not think of yourselves as Malware reverse engineers, but in some way, your day-to-day job does involve some cyber component. In terms of getting talent, it’s really identifying what those facets are.”
Digital services procurement
OMB and the U.S. Digital Service is also focusing their efforts on training the existing acquisition force on handling major digital services procurement, said Traci Walker, director of the acquisition community of practice for USDS.
“Really we’re looking at how do we inform and train a workforce in contracting and procurement,” she said. “There’s a lot of people in the government who understand IT and a lot of people who understand acquisition, but that doesn’t necessarily come together. We’re trying to create specialization within that workforce.”
USDS set up a digital services IT training program pilot for contracting officers, which teaches existing procurement personnel how to adopt and take on services they may not be familiar with, Walker said.
“It gives contracting professionals a six-month period to work in this space to really understand and be able to negotiate these very complex IT and technology types of things, as opposed to, one day you’re buying a pencil and the next day you have to do this IT system. You really don’t understand the market. We want people to be very informed buyers.”
The goal, Walker said, is for chief information officers to entrust an informed cohort of digital services contracting officers with their agency’s funding to handle these procurements.
“If you can get your workforce trained up and understanding how to do agile software development this year, so … when you actually are launching your system or trying to do the acquisition for it in a couple years, you’re not just starting at that point then,” she said.
OMB is shopping the pilot program around to other agencies now, as well as the Federal Acquisition Institute and the VA Acquisition Academy, Walker added.