9.1 CIO Council Resources
Report to the President on Federal IT Modernization
In May 2017, President Trump issued Executive Order 13800, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, (Executive Order 13800. Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. 5/11/2017) which commissioned the Federal IT Modernization Report to describe the legal, policy, and budgetary considerations around federal network architectures and provide recommendations to improve security, make Federal IT more agile and responsive, and make infrastructure more cost effective.
The Report to the President on Federal IT Modernization (CIO Council. Report to the President on Federal IT Modernization. December 2017) was produced in December 2017 and outlines the White House’s American Technology Council and the Office of Science and Technology Policy’s vision and recommendations to modernize citizen-facing services. The report incorporates feedback from more than 100 companies and individuals, as well as extensive input from agencies and IT policy experts throughout the federal government.
The report chiefly recommended network modernization and consolidation, a shift toward shared services to enable future network architectures, and providing additional resources for federal network IT modernization. All recommendations made in the report were to be completed no more than 365 days after publication, and there are not current, ongoing requirements. The report heavily influenced the PMA, which established the White House’s 2018 priorities. (The White House. President’s Management Agenda. April 2018.)
Application Rationalization Playbook
In collaboration with OMB and GSA, the Application Rationalization Playbook (CIO Council. The Application Rationalization Playbook) was developed and finalized in June 2019 by the Federal CIOC in support of the Federal Cloud Computing Strategy, (OMB. Federal Cloud Computing Strategy) also known as “Cloud Smart”. It was designed for IT Portfolio Managers to consider their agency’s approach to IT modernization. Additional guidance and policies germane to application rationalization include: the Federal IT Modernization Report (CIO Council. Report to the President on Federal IT Modernization. December 2017) which was issued in December 2017; EO 13800, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure which was issued in May 2017; and Category Management Policy 16-1: Improving the Acquisition and Management of Common Information Technology: Software Licensing which was issued by OMB as Memorandum M-16- 12.
Application rationalization helps federal agencies mature IT portfolio management capabilities, empower leaders to make informed decisions, and improve the delivery of key mission and business services. It requires buy-in from stakeholders across the enterprise, including senior leaders, technology staff members, cybersecurity experts, business leads, financial practitioners, acquisition and procurement experts, and end user communities. Rationalization efforts rely on leadership support and continual engagement with stakeholders to deliver sustainable change. The playbook addresses challenges and opportunities for IT leaders, managers, and technical practitioners, and offers suggestions on how to overcome structural, logistical, and other significant barriers to success.
In January 2017, the CIOC released the State of Federal IT (SOFIT) report, which provided a comprehensive examination of the successes and challenges facing the Federal IT policy landscape. In addition, it provides recommendations on a variety of initiatives in order to improve Federal IT.
Future of the Federal IT Workforce Update
Drawing upon the workforce-related CAP Goals in the PMA, and building on the success of SOFIT, the CIOC undertook a similar examination of the Federal IT workforce and developed the Future of the Federal IT Workforce Update (CIO Council. Future of the Federal IT Workforce Update. May 2020) report in May 2020 as an update to SOFIT.
The update is organized around five Primary Issue Areas (PIAs) which form the essential actions required to build an IT workforce for the future. Each PIA is dependent upon the others, and together they form the pillars of a modern, adaptable, and effective Federal IT workforce.
- Recruit/Hire: As an increasing number of Federal employees near retirement eligibility, it is essential that Government is able to quickly and efficiently recruit and hire the best IT talent in order to adapt to constantly evolving technologies.
- Retain: Government will need to offer its IT workforce opportunities for growth, access to cutting-edge technological tools, and rewards for high performance so they will want to continue to serve agency missions and the public good.
- Reskill: Agency-specific and Governmentwide training opportunities will keep IT workers flexible and adaptable in order to keep up with both the pace of innovation and changes that will continue to disrupt the way we conduct work.
- Augment: The Federal IT workforce must continue to be supported by agile, flexible groups from both within Government and the private sector, providing surge capacity, access to expertise in cutting-edge process improvements, and emerging or highly specialized technological capabilities.
- Measure: Without sufficient qualitative and quantitative data, it will be impossible to gauge successes. Opportunities to leverage data will be identified in order to chart the best path forward by providing a focus on measuring alongside each of the other PIAs.
The Drivers of the Future of the IT Workforce underpin each of the PIAs. The PIAs must be examined in the light of every driver and the roles these drivers play in shaping the workforce. The considerations for each driver of the future can be described as follows:
- Innovation: The increasing pace of technological change is constantly impacting the modern workplace. Recent years have seen changes ranging from the adoption of new programming languages and cloud-based applications to paradigm shifts in emerging technologies, such as robotic process automation and machine learning. Additional training and collaboration opportunities will enable the IT workforce to be flexible enough to adapt to these changes, enabling agencies to execute their missions.
- Mobility: Increased flexibility in all of the PIAs will allow the Federal Government to adapt to the workforce of the future. This includes providing vertical career mobility and rewarding high performers, as well as horizontal career mobility opportunities such as reskilling, detailing, and industry exchange programs.
- Cybersecurity: All IT work requires some degree of security knowledge and protections, from basic sharing of unclassified documents to defending the nation’s most critical IT assets. As such, a skilled and qualified IT workforce is needed to manage an increasingly complex array of security policies and tools to mitigate evolving threats.
- Collaboration: As the world grows increasingly more interconnected, so must the Federal IT workforce. This includes coordinating across agencies and cross-functional teams. With the rise of regional offices and improved telework technologies, a more geographically dispersed workforce can now be productive over vast physical distances.
- Agility: The Federal Government needs to adapt and scale its use of technology more quickly than ever before. In addition to utilizing agile development methodology and continuous improvement, processes and procedures must also minimize downtime and be adaptable to changing circumstances and expectations in the workforce.
This handbook gives CISOs an overview of their roles and responsibilities in relation to Federal cybersecurity. It highlights laws, policies, tools, and initiatives that can be used to create or amend cybersecurity programs. (CIO Council. Guidance for Chief Information Security Officers (CISO).)
This handbook aims to:
- Educate and inform new and existing CISOs about their role in successfully implementing Federal cybersecurity;
- Provide resources to help CISOs responsibly apply risk management principles to help Federal agencies meet mission objectives; and
- Make CISOs aware of laws, policies, tools, and initiatives that can assist them as they develop or improve cybersecurity programs for their organizations.