CIO Council Actions
To be Cloud Smart, agencies will consider how to extend their current resources to maximize value, by reskilling and retraining staff, enhancing security postures, and using best practices for purchasing. By leveraging modern technologies and practices appropriate to their missions, agencies will be able to harness new capabilities and expand existing abilities to deliver services to the public.
The Chief Information Officers Council has created the following list of action items as concrete steps that will be taken over the next 18 months to accelerate the adoption of cloud technologies. The Office of Management and Budget, the General Services Administration, and other agency partners will undertake these actions while continuing to evolve and improve upon the strategy using lessons learned during these tasks.
General
Action 1
Complete
The Chief Information Officers Council, the Office of Management and
Budget, and the General Services Administration will work together to
consolidate information into a central location to share guidance and
best practices on cloud-related topics with agencies. This information
portal will be designed to support transitions to cloud technologies and
will cover a variety of topics, from acquisition to implementation and
beyond.
Action 2
Complete
The Chief Information Officers Council will work with the Office of
Management and Budget, the General Services Administration, and agency
and private industry experts to develop methods for optimizing agency
usage of cloud services. This will be accomplished by:
- Determining and sharing best practices in cloud performance measurement, migration, and implementation based on leading industry trends;
- Connecting agencies to gain insights into cloud options and access to subject matter expertise, or to review their cloud strategic plans; and
- Coordinating to ensure agencies have access to Federal acquisition tools and services pertaining to cloud procurement, migration, and optimization.
Action 3
Complete
The Office of Management and Budget will release updated policy on
infrastructure optimization, based on feedback from the Chief
Information Officers Council’s Cloud & Data Center Community of
Practice, and in alignment with the Cloud Smart strategy. This will
update the Data Center Optimization Initiative established in
M-16-19 in accordance with the requirements of the FITARA
Enhancement Act of 2017.
Security
Action 4
In Progress
The Office of Management and Budget will work with the General Services
Administration, the Chief Information Officers Council, and the
Department of Homeland Security to update the Trusted Internet
Connection (TIC) Policy to ensure program objectives can be achieved.
Policy goals will be updated using security architectures that are
scalable and allow for the efficient use of cloud. This includes
creating a public-private forum for working with industry to collect
their input.
The Department of Homeland Security will also update the Trusted
Internet Connections Reference Architectures to clarify potential
alternative models.
Timeline: Within 6 months
Action 5
Complete
The Office of Management and Budget will publish an updated Identity,
Credential, and Access Management (ICAM) Policy.
Action 6
Complete
The Office of Management and Budget will release updated guidance that
focuses on accelerating the implementation of the Continuous Diagnostics
and Mitigation (CDM) program across the Government, including the
deployment of cloud monitoring tools and capabilities. The CDM program
is a critical cybersecurity program that provides agencies with the
necessary visibility into their environment to more effectively protect
their data.
Timeline: Within 12 months
Action 7
Complete
The Office of Management and Budget will work with the General Services
Administration to expedite the authorization of low risk
Software-as-a-Service offerings through the effective implementation of
FedRAMP Tailored. They will also work to revise FedRAMP and FedRAMP
Tailored as necessary to expand adoption.
Action 8
Complete
The Office of Management and Budget, in coordination with General
Services Administration, will develop a Strategic Plan to evolve the
Authorization to Operate process to modernize the Federal technology
landscape and enhance each agency-specific mission. This Strategic Plan
will propose concrete deliverables seeking to simplify processes,
eliminate duplication, and innovate agency approaches to security
authorization in the cloud.
The CIO Council has created an ATO Working Group to further improve the process.
Action 9
Complete (ongoing)
The Office of Management and Budget will work with the General Services
Administration and the Chief Information Officers Council to create a
first-of-its kind view of agency requirements across the Federal
security enterprise, which will serve as the foundation for future
strategic initiatives. Individual agency risk management decisions will
be used to better inform and articulate requirements and
responsibilities across the executive branch enterprise and to create an
agile iterative Authorization to Operate (ATO) process.
The CIO Council has created an ATO Working Group to further improve the process.
Procurement
Action 10
Complete
The Information Technology Category Manager and Cloud Solutions Category
Team will work with the Office of Management and Budget to contribute to
the portal in Action 1 to centralize information about cloud
initiatives and resources for procurement. Information will include
cloud readiness assessment guides, standard requirements, common
contract terms and conditions, etc.
Action 11
Complete
The General Services Administration Cloud Solutions Category Team will
implement supplier-relationship management through active engagement
with industry partners. Key practices for successful category management
include effective supplier-relationship management, managing supplier
behavior beyond contract mechanics, and improved performance. It strives
for two-way communication for proactive engagement to get ahead of
supplier issues before they arise and focus on performance improvement
opportunities. This collaborative process also drives innovation in the
Federal marketplace.
Action 12
Complete
To ensure that all agencies have an opportunity to collaborate, share
best practices, and apply cloud-solutions consistently across the
Government, the government-wide Information Technology Category Manager
at the General Services Administration will establish a government-wide
Cloud Solutions Category Team (CSCT). This interagency team will be
comprised of acquisition and technology professionals experienced in
procuring cloud-based solutions. The team will apply the principles of
category management to develop government-wide standards and approaches
to cloud-implementation.
Action 13
In Progress
The Cloud Solutions Category Team will evaluate and recommend a set of
government-wide contract vehicles for cloud services based on a thorough
evaluation of each contract. Agencies need access to qualified
contractors through well managed contracts that have demonstrated value.
Once identified, these solution holders will collaborate to meet the
needs of the Government and drive best value. Once approved by the
Office of Management and Budget and the Information Technology Category
Manager, agencies will be encouraged to leverage these contracts to meet
their cloud requirements. Wide adoption of these solutions will maximize
the Government’s purchasing power, help agencies operate more
efficiently, and expand collection and sharing of government-wide buying
data. Implementation of these solutions will lead to better-informed
business decisions
Timeline: Within 18 months
Action 14
Complete
The Office of Management and Budget and the General Services
Administration will create, or leverage existing, cross-government
working groups to identify agency Service Level Agreements not addressed
by existing commercial industry offerings specific to unique government
requirements. Furthermore, they will standardize key indicators and
create guidance in line with more modern practices, such as the use of
"failure budgets" and cloud architecture principles so that agencies are
more aware of how to design and measure the resiliency of their
services, and other best practices that are related to cloud management
practices.
Timeline: Within 6 months
Action 15
Complete
The Office of Management and Budget will provide direction to agencies
to improve the security and visibility for information systems and data
managed in the cloud, beginning with the incorporation of requirements
set forth in the updated High Value Asset policy.
Workforce
Action 16
Complete
The Office of Personnel Management, with support from the Office of
Management and Budget and the Department of Homeland Security, will
identify critical skill gaps across the Federal enterprise for work
roles within the NICE Cybersecurity Workforce Framework.
Timeline: Within 6 months
Action 17
Complete
Consistent with the President’s Management Agenda (PMA), each agency
Chief Information Officer and Chief Human Capital Officer must jointly
identify two top position or skill segment priorities and incorporate
them into to the agency’s Human Capital Operating Plan. Actions to
address these two gaps must be executed no later than the end of Fiscal
Year 2019.
See each agency's Human Capital Operating Plan for specific implementation details.
Action 18
Complete (ongoing)
The Office of Management and Budget, supported by the Office of
Personnel Management, will consider positions affected by cloud
migration efforts as part of the strategic workforce planning efforts
laid out in the President’s Management Agenda. Additionally, Federal
reskilling initiatives will include positions affected by cloud
migration, with the goal of training these Federal employees and
providing them with the skillsets necessary to fill needed technology
and cybersecurity work roles.
Action 19
In Progress
The Office of Management and Budget, in coordination with the Federal
Acquisition Institute (FAI), will continue to conduct its biennial
acquisition workforce competency survey to identify skill and talent
gaps within the acquisition workforce. If appropriate, additional
courses may be added to the FAI and Defense Acquisition University
catalogs that help address skill gaps and strengthen course offerings in
the acquisition of cloud-based services.
Timeline: Within 12 months
Action 20
Complete (ongoing)
The Chief Information Officers Council and the Chief Human Capital
Officers Council will jointly develop and execute on strategies and
initiatives that expand the use of career fairs, national hiring events,
and “most wanted” talent advertisements. In addition, the councils will
broaden the use of social media recruiting, and other hiring and
recruitment best practices, as well as encourage adoption of the
strategy at agencies with critical skill gaps or work role shortages.
Action 21
In Progress
The Office of Management and Budget, in collaboration with the Office of
Personnel Management, will work with agencies that have managed
successful migration efforts to collect a set of best practices and
strategies for effective employee communication, engagement, and
transition. This information will be available in the information
repository described in Action 1.
Timeline: Within 12 months
Action 22
In Progress
The Office of Management and Budget, the Chief Information Officers
Council, and the Chief Human Capital Officers Council, will develop a
market-informed pay and compensation strategy. The strategy will address
mission-critical technology and cybersecurity positions to improve
recruitment and retention outcomes, as well as reduce barriers to hiring
the nation’s top talent for technical and emerging technology roles
Timeline: Within 12 months