IT Management and Modernization (IT M&M) March Meeting

1. IT Management and Modernization (IT M&M) March Meeting 03/13/18

2. Agenda • Opening Remarks • Review of ITMM COI Existing & New Project Review • ACT-IAC Updates & Wrap Up (Including ELC)

3. IT M&M Projects Current: • Cloud Security for Ongoing Operations • Expand FITARA Implementation Guidance • Technology Business Management New: • MGT Support: Strengthening Business Cases to Power Prioritization Future: • Incremental Modernization through Harvesting Legacy Systems • Modernization Best Practices & Case Studies

4. Cloud Security for Ongoing Operations • Background • As more government information system are migrated – or being prepared to migrate – to a cloud hosting model, Federal CISOs are faced with the challenge of identifying, mitigating risk and managing risk to these systems in a new operational environment. • There is a need to collect best practices, lessons learned and additional guidance, gleaned from both agency and industry SMEs, for cloud security requirements and managing cloud operations. • This will be a cross-collaboration project with Cybersecurity COI. • Project Goals • Produce actionable, scenario-based playbooks for IT leaders (CISOs, CTO, CIO) around the management of cloud operations including: Identity, Credential & Access Management in the Cloud; Trusted Connectivity in the Cloud (Cloud Architecture); and Implementing Cloud Optimized CDM. • The project will provide best practices and lessons learned guidance supporting the modernizing government technology for the Cloud and IT security communities. • Gov Sponsor Beau Hauser, CISO SBA

5. Expand FITARA Implementation Guidance • Background • Through OMB request, ACT-IAC created a number of artifacts to support agencies in FITARA implementation, including an IT Management Maturity Model that describes maturity in five functions, including overall IT governance. • The model describes the attributes of what maturity is in a government agency, and for governance, includes the attributes of horizontal integration (across CXOs, mission and business owners), vertical integration (from HQ to bureaus or components), right authority (decision making at appropriate levels), right data (having good data an analysis to support decisions), etc. • The model is helpful to assess level of governance maturity but does not fully address how to improve an agency’s maturity nor present sample models. • Project Goals • Enhance FITARA model performance metrics (e.g. gaps in scorecard, etc.) • Develop expanded toolkit ACT-IAC FITARA Maturity Model for FITARA 4.0/5.0. • Develop guidance model for CIO engagement with IT Program Managers. • Gov Sponsor Flip Anderson, Executive Director of FITARA Operations at USDA

6. Technology Business Management (TBM) • Background • Technology Business Management (TBM) is a value-management methodology to provide IT cost, consumption, and performance transparency. • Initiated in private industry and adopted by Australia, OMB included TBM into the F19 budget formulation process per recent A-11 and CPIC guidance. • Implementation necessitates a partnership of CFOs and CIOs. • Project Goals • Longer Term: Develop playbook to assist agencies in implementing TBM (OMB requests delay until PMA is released). • Short Term: “What does TBM Mean to Me” project to help stakeholders across budget formulation and execution, acquisitions and IT understand the value of TBM. • Gov Sponsor Jon Kraden, Director of Customer Coordination & Communication, GSA

7. New Project: MGT ACT Support Update December 12, 2017: MGT Act enacted as part of FY2018 National Defense Authorization Act (NDAA) • $250M authorized for F18 and F19 for a total of $500M • No funds have been appropriated as of today • Two provisions address agency IT modernization needs: • Technology Modernization Fund (TMF) and Board (TMB) • Funds to be repaid within 5 years* • Authorization for CFO Act agencies to establish IT Working Capital Funds (WCFs) February 27, 2018: M-18-12 Issued by OMB with guidance • Appendix A: Initial Project Proposal Template • Appendix B: Relevant Considerations [for Proposals] March 12, 2018: TMB established and conducted first meeting Agencies need assistance in determining how to best prioritize management projects and acquire & leverage agency WCFs and the MGT revolving fund Working Title: Strengthening Business Cases to Power Prioritization Working Approach: • Provide guidance on strategy to prioritize high-risk, high-cost legacy system modernization, leveraging WCFs and MGT revolving fund • Calculate legacy system costs (direct / indirect / risks) and return on investment (ROI) estimate for strong business cases, leveraging existing tools and industry models (e.g. leveraging FITARA, IT Modernization Guidance templates, etc.) MGT IT Modernization Revolving WCF • Funding Plan for MGT Revolving Fund: • $500M over 2 years • Funds repaid 3 years after savings achieved

8. MGT Support: Strengthening Business Cases to Power Prioritization of Modernization • Background • Agencies need assistance in determining how best to acquire and leverage MGT funds to prioritize and modernize legacy systems, specifically to calculate costs and develop a strong business case - leveraging existing tools and models (e.g. OMB IT Modernization guidance templates) and filling gaps if gaps emerge • When evaluating legacy systems for replacement, current costs may be under-estimated in business cases in particular for manual processes • Additionally, explicit and intangible costs need to be addressed, for example costs / risks associated with maintaining systems that do not comply with security requirements • Project Goals • [To Be Revised Upon Finalization] Assist agencies in building guidelines, templates and a strong business case model for modernization to prioritize modernization funding (within agencies and for MGT funds) • Gov Sponsor • TBD

9. Wrap Up and Next Steps • Calendar Ahead • Next monthly meeting scheduled for April 10th • Speaker TBD ~ Open to suggestions for future speakers • ELC Update • October 14-17, 2018 in Philadelphia, PA • “Imagine Nation” • Modernization Track • Cloud Security – Project kickoff • FITARA – Develop suggested changes on performance metrics • TBM – “What does TBM mean to me” training next steps • MGT – Project scoping • April Meeting - Finalize Speaker • Next Steps

10. Appendix

11. Incremental Modernization through Harvesting Legacy Systems • Background • Legacy applications often contain valuable, time-tested business logic that should be used to reduce risks and costs in modernization efforts that should be harvested. • A harvesting approach can be more successful than total replacement which is costly, risky and prone to failure – supporting a more efficient approach to agencies modernization funding and migration to a agile environment (e.g. cloud) • Project Goals • Propose strategies for agencies to leverage harvesting modernization strategy to incrementally mine business rules and iteratively modernize to new architecture • Develop a playbook to determine how to develop a plan/roadmap and approaches to transformation incrementally • Gov Sponsor TBD

12. Modernization Best Practices & Case Studies • Background • Agencies are in varying stages of implementing IT modernization • Sharing lessons learned and best practices can assist agencies in successfully modernizing their IT portfolio • Project Goals • Interview multiple departments and agencies who have tackled modernization • Document case studies from the interview results highlighting the challenge, approach and results as well as lessons learned • Distill results into a set of best practices to provide agencies with roadmap/playbook for initiating and driving IT Modernization • Gov Sponsor TBD