Presentation is loading. Please wait.

Presentation is loading. Please wait.

Clinger-Cohen Act (CCA) Compliance Certification of Major Automated Information Systems for Fiscal Year (FY)04 and 05 24 June 2004 Willie Moss OASD(NII)

Published byBrendan Holt Modified over 9 years ago

Similar presentations

Presentation on theme: "Clinger-Cohen Act (CCA) Compliance Certification of Major Automated Information Systems for Fiscal Year (FY)04 and 05 24 June 2004 Willie Moss OASD(NII)"— Presentation transcript:

1 Clinger-Cohen Act (CCA) Compliance Certification of Major Automated Information Systems for Fiscal Year (FY)04 and 05 24 June 2004 Willie Moss OASD(NII) Willie.moss@osd.mil (703)602-0985 ext 105

2 2 Agenda Section 8084(c) National Defense Appropriations Act (Department of Defense Appropriation Act) MAIS CCA Certification Process What Happened FY03 CCA Reports to Congress CCA Certification Strategies BPR, AoA, EA, Performance Measures,and IA Strategy DOs and DON’Ts The Non-Compliant CCA Certification of MAIS Program In FY05 Section 8080(c)

3 3 Section 8084(c) – Certifications of CCA Compliance, FY04 DoD Appropriations Act Section 8084(c): (1)A MAIS may not receive MS A, B, or full rate production approval, or their equivalent, until the DoD CIO certifies, with respect to that milestone, that the system is being developed IAW the CCA of 1996. (2)The DoD CIO shall provide the Congressional Defense Committees timely notification of certifications under paragraph (1). Each such notification shall include, at a minimum, the funding baseline and milestone schedule for each system covered by such a certification and confirmation that the following steps have been taken with respect to the system: a)Business process reengineering b)An analysis of alternatives c)An economic analysis that includes a calculation of the ROI d)Performance measures e)An information assurance strategy consistent with the DoD’s Global Information Grid

4 4 PM Develops Section 8084(c) Certification for Milestone Report Congressional Defense Committees PM Develops CCA Table 1 7 MAIS CCA Certification Process DoD 5000 Requirements CCA Section 8084(C) Report To Congress DoD CIO Certifies to Congress 6 DoD DCIO Prepares /Coordinates CCA Certification Package 5 Milestone Review (ITAB) 4 Component CIO Submits CCA Certification Table/Report to DoD CIO 3 Component CIO Certifies CCA Compliance to MS Authority/ DoD CIO 2 Acquisition Decision Memorandum

5 5 What Happened and What Did We Do In FY03 FY03 - - Congress reenacted the previous requirement that the DoD CIO to certify CCA compliance to the Congressional Defense Committees. CCA Compliance was still required for all Information Technology systems, including those in weapons and weapon system programs. In response: no official memo was issued. A Clinger-Cohen Act Integrated Product Team was established for implementation of Section 8088(c), Certifications as to Compliance with CCA, FY03 National Defense Appropriations Act. Guidelines issued for reporting to the Congressional Defense Committees.

6 6 FY03 CCA Reports to Congress Under Section 8088(c) Congressional Defense Committees Received 11 MAIS CCA Certification Reports: Composite Health Care System II (CHCS II) – Heath Affairs Defense Integrated Military Human Resources System (DIMRS) - Navy Fuels Automated System (FAS) - DLA Global Combat Support System/Joint Task Force (GCSS/JTF) - DISA Global Information Grid – Bandwidth Expansion (GIG-BE) - DISA Joint Computer-Aided Acquisition and Logistics Support (JCALS) – Army Navy Enterprise Maintenance Automated Information System (NEMAIS) - NAVY Reserve Component Automation System (RCAS) - Army Teleport (TELEPORT) - DISA Theater Medical Information Program (TMIP) – Heath Affairs Transportation Coordinators Automatic Information for Movements System II (TC-AIMS II) - Army

7 7 CCA Certification Strategies DOs PMO make early contact with Component CIO and functional stakeholders. Identify your program in subject line of all CCA correspondences, especially emails. DON’Ts Don’t use acronyms, abbreviations not spelled out or terms not previously explained. Don’t make references to unattached or not provided documents. Don’t assert CCA compliance without adequate support documentation.

8 8 Business Process Reengineering (BPR) DOs Prepare a summary of things done to achieve dramatic improvements in critical performance measures, i.e., cost, quality, service, and speed. Reflect rethinking of what the organization should be doing and how best to do it. Focus on the organization’s business processes. State whether the process has been implemented. Show that gaps have been assessed between current performance and functional proponent/user needs. Program mission being aligned with strategic goals. Identify cost savings when ever possible. Identify the governance process through which program executive leadership manages change. Restate the mission outcomes, measures, and rationale

9 9 Business Process Reengineering (BPR) DON’Ts Don’t use in document the term “To Be Determined”. Don’t use embedded pictures or embedded documents within your document. Don’t make references to unattached or not provided documents. Don’t provide unnecessary information that may lead to unanswered questions or follow-on inquiries by Congress. – An example would be your BPR results models. Don’t use acronyms, abbreviations not spelled out or terms not previously explained.

10 10 Analysis of Alternatives (AoA) DOs Identify and discuss alternatives analyzed to justify the preferred alternative to be initiated to satisfy a valid mission need. Identify proposed Information Technology investments that support the core mission and functions that need to be performed by the Government. Identify how investment supports work processes that have been simplified or otherwise redesigned to reduce cost, improve effectiveness, and make maximum use of COTS technology. Identify affordability analysis that the preferred alternative is consistent with cost section of APB and 300b budget exhibit. Identify through clear analysis the alternative selected. Identify acceptable methodology and calculations. Identify investments undertaken by DoD because no alternative private sector or governmental sources can better support the function.

11 11 Analysis of Alternatives (AoA) DON’Ts Don’t exclude elements that should be considered in ROI: –improvements to mission performance. –resource savings, or qualitative mission benefits. –If possible provide an overall ROI for each increment of an incremental or evolutionary acquisition program. Don’t automatically exclude privatization of functions. Don’t make references to unattached or not provided documents. Don’t provide unnecessary information that may lead to unanswered questions or follow-on inquiries by Congress. Don’t use overly formulaic AoAs with one clearly indefensible option (usually terminate), one easily identifiable & desired option, and one “blue –sky” stretch end state.

12 12 Economic Analysis (EA) DOs Identify information that indicates an improvement to mission performance. Identify resource savings, or qualitative mission benefits. Identify an overall Return on Investment (ROI) for each incremental or evolutionary acquisition program. Identify quantifiable numbers and measures. Provide a document that is consistent with the Measure of Effectiveness (MOE). Ensure the ROI is broad enough to capture all organizations, activities, etc. benefiting from the investment.

13 13 Economic Analysis (EA) DON’Ts Don’t make references to unattached or not provided documents. Don’t provide unnecessary information that may lead to unanswered questions or follow-on inquiries by Congress. Don’t use acronyms, abbreviations not spelled out or terms not previously explained. Don’t fail to establish solid ROI based on anticipated benefits (tangible and intangible) which the program is to deliver.

14 14 Performance Measures DOs Ensure there are clearly established mission performance measures and accountability for program progress for post deployment and evaluation. Ensure the performance measures are linked to DoD strategic goals and objectives. Ensure acquisition performance measures are being used. Ensure there is a balance of measures. Ensure processes for assuring measure have been met.

15 15 Performance Measures DON’Ts Don’t rely on single factors or overly simple formulas. Don’t provide unnecessary information that may lead to unanswered questions or follow-on inquiries by Congress. Don’t use acronyms, abbreviations not spelled out or terms not previously explained. Don’t submit poorly explained mission-level performance measures – which result in a faulty Post-Implementation Review Plan. Don’t fail to establish performance measures earlier in the process.

16 16 Information Assurance (IA) Strategy DOs Contact your Component IA POC early. Identify security features, practices, procedures, and architectures of the system that accurately mediate and enforce the DoD Security policy. –Describe how the security certification/accreditation from the Designated Accreditation Authority (DAA) is in compliance with the Defense Information Technology Security Certification and Accreditation Process (DITSCAP). –Describe how the system IA strategy is traceable through requirements, design, implementation, and operating procedure documents. –Describe how the IA strategy is reflected in the System Security Authorization Agreement (SSAA). –State IA strategy was approved by your Component CIO and give date.

17 17 Information Assurance (IA) Strategy DON’Ts Don’t provide unnecessary information that may lead to unanswered questions or follow-on inquiries by Congress. –An example would be your specific IA Architecture. Don’t use acronyms, abbreviations not spelled out or terms not previously explained.

18 18 The Non-Compliant No Milestone Approval –Possible Funding withhold –Possible Schedule Delay No Further Contract Award NO WAIVERS!

19 19 CCA Certification of MAIS Programs In FY05 Recent proposed language indicating: –Possible repeat of congressional requirements –Notification to Congressional Defense Committees No Anticipated change in FY04 reporting requirement Impact on DoD Components

20 20 Section 8080(c) Section 8080(c): (1)A MAIS may not receive MS A, B, or full rate production approval, or their equivalent, until the DoD CIO certifies, with respect to that milestone, that the system is being developed IAW the CCA of 1996. (2)The DoD CIO shall provide the Congressional Defense Committees timely notification of certifications under paragraph (1). Each such notification shall include, at a minimum, the funding baseline and milestone schedule for each system covered by such a certification and confirmation that the following steps have been taken with respect to the system: a)Business process reengineering b)An analysis of alternatives c)An economic analysis that includes a calculation of the ROI d)Performance measures e)An information assurance strategy consistent with the DoD’s Global Information Grid

21 21 CCA Compliance Certification of MAIS for FY04 & 05 BACKUP

22 22 CCA Compliance Matrix/ Table Requirements Related to the Clinger-Cohen Act (CCA) of 1996 (reference (l)) Applicable Program Documentation ** *** Make a determination that the acquisition supports core, priority functions of the Department ICD Approval *** Establish outcome-based performance measures linked to strategic goalsICD, CDD, CPD and APB approval *** Redesign the processes that the system supports to reduce costs, improve effectiveness and maximize the use of COTS technology Approval of the ICD, Concept of Operations, AoA, CDD, and CPD * No Private Sector or Government source can better support the functionAcquisition Strategy page XX, para XX AoA page XX * An analysis of alternatives has been conductedAoA * An economic analysis has been conducted that includes a calculation of the return on investment; or for non-AIS programs, a Life-Cycle Cost Estimate (LCCE) has been conducted Program LCCE Program Economic Analysis for MAIS There are clearly established measures and accountability for program progressAcquisition Strategy page XX APB The acquisition is consistent with the Global Information Grid policies and architecture, to include relevant standards APB (Interoperability KPP) C4ISP (Information Exchange Requirements) The program has an information assurance strategy that is consistent with DoD policies, standards and architectures, to include relevant standards Information Assurance Strategy To the maximum extent practicable, (1) modular contracting has been used, and (2) the program is being implemented in phased, successive increments, each of which meets part of the mission need and delivers measurable benefit, independent of future increments Acquisition Strategy page XX The system being acquired is registeredRegistration Database * For weapons systems and command and control systems, these requirements apply to the extent practicable (40 U.S.C. 1451, reference (ay)) ** The system documents/information cited are examples of the most likely but not the only references for the required information. If other references are more appropriate, they may be used in addition to or instead of those cited. ***These requirements are presumed to be satisfied for Weapons Systems with embedded IT and for Command and Control Systems that are not themselves IT systems DoDI 5000.2 Table E4.T1. ENCLOSURE 4

23 23 FY2001 DoD Appropriations Bill Section 8121 (b) Clinger Cohen Act- Certification CAPITAL PLANNING 40 USC 1413 (b)(2)(A) BPR Mission Analysis ICD, CCD, CPD AoA Choosing Capital Asset Information Assurance Economic Analysis Cost, Schedule Performance Baseline Acquisition Program Baseline Information Assurance Performance Measures Actual Cost, Schedule and Benefits Information Assurance Performance Gaps Selection Control Evaluation Functional requirements CRP/ ORD requirements affordability Track and control program against baseline, to include performance (ORD KPP) Post implementation reviews: Has fielded system met functional requirements within cost and schedule? Draft

Download ppt "Clinger-Cohen Act (CCA) Compliance Certification of Major Automated Information Systems for Fiscal Year (FY)04 and 05 24 June 2004 Willie Moss OASD(NII)"

Similar presentations

Planning, Budgeting, Acquisition & Management of Capital Assets Capital programming is an integrated process within an agency for planning, budgeting,

Planning, Budgeting, Acquisition & Management of Capital Assets Capital programming is an integrated process within an agency for planning, budgeting,
Program Management Office (PMO) Design

Program Management Office (PMO) Design
METRICS AND CONTROLS FOR DEFENSE IN DEPTH AN INFORMATION TECHNOLOGY SECURITY ASSESSMENT INITIATIVE.

METRICS AND CONTROLS FOR DEFENSE IN DEPTH AN INFORMATION TECHNOLOGY SECURITY ASSESSMENT INITIATIVE.
Clinger Cohen Act (CCA): Integrating CCA (U. S. C

Clinger Cohen Act (CCA): Integrating CCA (U. S. C
BENEFITS OF SUCCESSFUL IT MODERNIZATION

BENEFITS OF SUCCESSFUL IT MODERNIZATION
4/29/2009Michael J. Cohen1 Practical DIACAP Implementation CS526 Research Project by Michael J. Cohen 4/29/2009.

4/29/2009Michael J. Cohen1 Practical DIACAP Implementation CS526 Research Project by Michael J. Cohen 4/29/2009.
1 May 2009 ver. 5.5 Materiel Development Decision (MDD) MDA: Approves AoA Study Guidance Determines acquisition phase of entry Identifies initial review.

1 May 2009 ver. 5.5 Materiel Development Decision (MDD) MDA: Approves AoA Study Guidance Determines acquisition phase of entry Identifies initial review.
Phase B Exit Criteria Issues Resolved or Addressed Technical Reviews / Readiness Reviews, Audits Initiate Milestone C Program Review Planning Process Initiate.

Phase B Exit Criteria Issues Resolved or Addressed Technical Reviews / Readiness Reviews, Audits Initiate Milestone C Program Review Planning Process Initiate.
“Common Process for Developing Briefings for Major Decision Points” INSTRUCTIONS Provide Feedback via to: Lois Harper PEO C4I and Space

“Common Process for Developing Briefings for Major Decision Points” INSTRUCTIONS Provide Feedback via to: Lois Harper PEO C4I and Space
Overarching Roles of Critical Partners In A Project 9:30 – 10:00 Rob Curlee, FMO Joseph Dominque, OCISO Mike Perry, EA.

Overarching Roles of Critical Partners In A Project 9:30 – 10:00 Rob Curlee, FMO Joseph Dominque, OCISO Mike Perry, EA.
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
Pertemuan 11-12 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Acquiring Information Systems and Applications

Acquiring Information Systems and Applications
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
DoD Acquisition Domain (Sourcing) (DADS) Analysis of Alternatives (AoA) E-Business/SPS Joint Users’ Conference November 15-19, 2004 Houston, TX.

DoD Acquisition Domain (Sourcing) (DADS) Analysis of Alternatives (AoA) E-Business/SPS Joint Users’ Conference November 15-19, 2004 Houston, TX.
Power to the Edge A Net-Centric DoD NII/DoD CIO Clinger-Cohen Act (CCA) from an OSD Perspective (Organizations to Achieve Transformation) Ray Boyd 703.602.0980.

Power to the Edge A Net-Centric DoD NII/DoD CIO Clinger-Cohen Act (CCA) from an OSD Perspective (Organizations to Achieve Transformation) Ray Boyd
NIST Special Publication Revision 1

NIST Special Publication Revision 1
Demystifying the Business Analysis Body of Knowledge Central Iowa IIBA Chapter December 7, 2005.

Demystifying the Business Analysis Body of Knowledge Central Iowa IIBA Chapter December 7, 2005.
Why is BCL Needed? BCL addresses long-standing challenges that have impacted the delivery of business capabilities The DepSecDef directed increasing the.

Why is BCL Needed? BCL addresses long-standing challenges that have impacted the delivery of business capabilities The DepSecDef directed increasing the.

Similar presentations

Ads by Google