Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you're on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

CIO Council Actions

To be Cloud Smart, agencies will consider how to extend their current resources to maximize value, by reskilling and retraining staff, enhancing security postures, and using best practices for purchasing. By leveraging modern technologies and practices appropriate to their missions, agencies will be able to harness new capabilities and expand existing abilities to deliver services to the public.

The Chief Information Officers Council has created the following list of action items as concrete steps that will be taken over the next 18 months to accelerate the adoption of cloud technologies. The Office of Management and Budget, the General Services Administration, and other agency partners will undertake these actions while continuing to evolve and improve upon the strategy using lessons learned during these tasks.

General

Action 1

Complete
The Chief Information Officers Council, the Office of Management and Budget, and the General Services Administration will work together to consolidate information into a central location to share guidance and best practices on cloud-related topics with agencies. This information portal will be designed to support transitions to cloud technologies and will cover a variety of topics, from acquisition to implementation and beyond.

Action 2

Complete
The Chief Information Officers Council will work with the Office of Management and Budget, the General Services Administration, and agency and private industry experts to develop methods for optimizing agency usage of cloud services. This will be accomplished by:
  • Determining and sharing best practices in cloud performance measurement, migration, and implementation based on leading industry trends;
  • Connecting agencies to gain insights into cloud options and access to subject matter expertise, or to review their cloud strategic plans; and
  • Coordinating to ensure agencies have access to Federal acquisition tools and services pertaining to cloud procurement, migration, and optimization.

Action 3

Complete
The Office of Management and Budget will release updated policy on infrastructure optimization, based on feedback from the Chief Information Officers Council’s Cloud & Data Center Community of Practice, and in alignment with the Cloud Smart strategy. This will update the Data Center Optimization Initiative established in M-16-19 in accordance with the requirements of the FITARA Enhancement Act of 2017.

Security

Action 4

In Progress
The Office of Management and Budget will work with the General Services Administration, the Chief Information Officers Council, and the Department of Homeland Security to update the Trusted Internet Connection (TIC) Policy to ensure program objectives can be achieved. Policy goals will be updated using security architectures that are scalable and allow for the efficient use of cloud. This includes creating a public-private forum for working with industry to collect their input. The Department of Homeland Security will also update the Trusted Internet Connections Reference Architectures to clarify potential alternative models.
Timeline: Within 6 months

Action 5

Complete
The Office of Management and Budget will publish an updated Identity, Credential, and Access Management (ICAM) Policy.

Action 6

Complete
The Office of Management and Budget will release updated guidance that focuses on accelerating the implementation of the Continuous Diagnostics and Mitigation (CDM) program across the Government, including the deployment of cloud monitoring tools and capabilities. The CDM program is a critical cybersecurity program that provides agencies with the necessary visibility into their environment to more effectively protect their data.
Timeline: Within 12 months

Action 7

Complete
The Office of Management and Budget will work with the General Services Administration to expedite the authorization of low risk Software-as-a-Service offerings through the effective implementation of FedRAMP Tailored. They will also work to revise FedRAMP and FedRAMP Tailored as necessary to expand adoption.

Action 8

Complete
The Office of Management and Budget, in coordination with General Services Administration, will develop a Strategic Plan to evolve the Authorization to Operate process to modernize the Federal technology landscape and enhance each agency-specific mission. This Strategic Plan will propose concrete deliverables seeking to simplify processes, eliminate duplication, and innovate agency approaches to security authorization in the cloud.
The CIO Council has created an ATO Working Group to further improve the process.

Action 9

Complete (ongoing)
The Office of Management and Budget will work with the General Services Administration and the Chief Information Officers Council to create a first-of-its kind view of agency requirements across the Federal security enterprise, which will serve as the foundation for future strategic initiatives. Individual agency risk management decisions will be used to better inform and articulate requirements and responsibilities across the executive branch enterprise and to create an agile iterative Authorization to Operate (ATO) process.
The CIO Council has created an ATO Working Group to further improve the process.

Procurement

Action 10

Complete
The Information Technology Category Manager and Cloud Solutions Category Team will work with the Office of Management and Budget to contribute to the portal in Action 1 to centralize information about cloud initiatives and resources for procurement. Information will include cloud readiness assessment guides, standard requirements, common contract terms and conditions, etc.

Action 11

Complete
The General Services Administration Cloud Solutions Category Team will implement supplier-relationship management through active engagement with industry partners. Key practices for successful category management include effective supplier-relationship management, managing supplier behavior beyond contract mechanics, and improved performance. It strives for two-way communication for proactive engagement to get ahead of supplier issues before they arise and focus on performance improvement opportunities. This collaborative process also drives innovation in the Federal marketplace.

Action 12

Complete
To ensure that all agencies have an opportunity to collaborate, share best practices, and apply cloud-solutions consistently across the Government, the government-wide Information Technology Category Manager at the General Services Administration will establish a government-wide Cloud Solutions Category Team (CSCT). This interagency team will be comprised of acquisition and technology professionals experienced in procuring cloud-based solutions. The team will apply the principles of category management to develop government-wide standards and approaches to cloud-implementation.

Action 13

In Progress
The Cloud Solutions Category Team will evaluate and recommend a set of government-wide contract vehicles for cloud services based on a thorough evaluation of each contract. Agencies need access to qualified contractors through well managed contracts that have demonstrated value. Once identified, these solution holders will collaborate to meet the needs of the Government and drive best value. Once approved by the Office of Management and Budget and the Information Technology Category Manager, agencies will be encouraged to leverage these contracts to meet their cloud requirements. Wide adoption of these solutions will maximize the Government’s purchasing power, help agencies operate more efficiently, and expand collection and sharing of government-wide buying data. Implementation of these solutions will lead to better-informed business decisions
Timeline: Within 18 months

Action 14

Complete
The Office of Management and Budget and the General Services Administration will create, or leverage existing, cross-government working groups to identify agency Service Level Agreements not addressed by existing commercial industry offerings specific to unique government requirements. Furthermore, they will standardize key indicators and create guidance in line with more modern practices, such as the use of "failure budgets" and cloud architecture principles so that agencies are more aware of how to design and measure the resiliency of their services, and other best practices that are related to cloud management practices.
Timeline: Within 6 months

Action 15

Complete
The Office of Management and Budget will provide direction to agencies to improve the security and visibility for information systems and data managed in the cloud, beginning with the incorporation of requirements set forth in the updated High Value Asset policy.

Workforce

Action 16

Complete
The Office of Personnel Management, with support from the Office of Management and Budget and the Department of Homeland Security, will identify critical skill gaps across the Federal enterprise for work roles within the NICE Cybersecurity Workforce Framework.
Timeline: Within 6 months

Action 17

Complete
Consistent with the President’s Management Agenda (PMA), each agency Chief Information Officer and Chief Human Capital Officer must jointly identify two top position or skill segment priorities and incorporate them into to the agency’s Human Capital Operating Plan. Actions to address these two gaps must be executed no later than the end of Fiscal Year 2019.
See each agency's Human Capital Operating Plan for specific implementation details.

Action 18

Complete (ongoing)
The Office of Management and Budget, supported by the Office of Personnel Management, will consider positions affected by cloud migration efforts as part of the strategic workforce planning efforts laid out in the President’s Management Agenda. Additionally, Federal reskilling initiatives will include positions affected by cloud migration, with the goal of training these Federal employees and providing them with the skillsets necessary to fill needed technology and cybersecurity work roles.

Action 19

In Progress
The Office of Management and Budget, in coordination with the Federal Acquisition Institute (FAI), will continue to conduct its biennial acquisition workforce competency survey to identify skill and talent gaps within the acquisition workforce. If appropriate, additional courses may be added to the FAI and Defense Acquisition University catalogs that help address skill gaps and strengthen course offerings in the acquisition of cloud-based services.
Timeline: Within 12 months

Action 20

Complete (ongoing)
The Chief Information Officers Council and the Chief Human Capital Officers Council will jointly develop and execute on strategies and initiatives that expand the use of career fairs, national hiring events, and “most wanted” talent advertisements. In addition, the councils will broaden the use of social media recruiting, and other hiring and recruitment best practices, as well as encourage adoption of the strategy at agencies with critical skill gaps or work role shortages.

Action 21

In Progress
The Office of Management and Budget, in collaboration with the Office of Personnel Management, will work with agencies that have managed successful migration efforts to collect a set of best practices and strategies for effective employee communication, engagement, and transition. This information will be available in the information repository described in Action 1.
Timeline: Within 12 months

Action 22

In Progress
The Office of Management and Budget, the Chief Information Officers Council, and the Chief Human Capital Officers Council, will develop a market-informed pay and compensation strategy. The strategy will address mission-critical technology and cybersecurity positions to improve recruitment and retention outcomes, as well as reduce barriers to hiring the nation’s top talent for technical and emerging technology roles
Timeline: Within 12 months