1 Federal Software Asset Management: The Government’s SAM Framework Alan Vander Mallie, Program Manager U.S. General Services Administration Office of Governmentwide Policy September 2009
Dec 20, 2015
1
Federal Software Asset Management: The Government’s SAM
Framework
Alan Vander Mallie, Program ManagerU.S. General Services Administration
Office of Governmentwide PolicySeptember 2009
2
Software Asset Management
Case Study: Running the Government’s SAM Framework
• The GSA Role
• Federal SAM/ITAM Program
• The Government’s SAM Framework
• How’s it working for US?– Successes, Challenges & Trends
3
GSA Role
GSA has a major role in managing Government assets:
• Real Property (over $1.4 trillion)
• Personal Property (disposes > $21 billion per year)
• Travel and Transportation (>600,000 vehicles/1,460
aircraft/$12.3 billion in annual travel expenditures)
• Information Technology Strategy (purchase $71 billion/year)
• Regulatory Information (FAR, FMR, FTR, GSAM)
• Federal Advisory Committees (public transparency)
4
GSA Role
Information Technology spending for FY 2009 may total $71 Billion
• Mission Systems – approx $36 billion– 6236 business cases for mission systems
• Infrastructure – approx $30 billion– 25 major business cases for IT infrastructure
Source: OMB VUE-IT Application for FY 2009: http://www.whitehouse.gov/omb/assets/egov_docs/VUE-IT.pdf
5
Federal SAM Program
Purpose• Support technology strategy efforts so govt is
running in the most secure, open, and efficient way possible
• Help govt realize technical and social goals -focus on process solutions vs technology solutions
• Create strategic value from SAM/ITAM Goals:• Manage Smarter, Buy Smarter, and Increase
compliance of IT assets
6
Federal SAM Program
Benefits include support for:• Aggregated buys through vehicles such as SmartBUY• Improved infrastructure optimization and efficient
software/hardware usage• Closer alignment with approved lists of COTS software (FEA
and EA)• Better use of acquisition, finance, and installed versus actual
usage data• Assurance that security features are incorporated into software
products as required (e.g., NIST FIPS 140-2 preclude the use of unvalidated encryption protection of sensitive or valuable data within Federal systems)
• Achieving Section 508 compliance for software/hardware use by persons with disabilities
• Going Green with IT purchase decisions for more energy efficient IT operating environments & end-of-use disposal
7
Federal SAM Program
Cont’d• Support for desktop management & core configurations • Auto-discovery of installed software• Scheduling maintenance upgrades and software/hardware
disposition• Improving and clarifying software-use policies (who, what,
where, when, why)• Development of standard federal-wide license use clauses to
protect intellectual property and prevent software piracy• Informed software security patching and upgrades, installation
and deployment• Informed user and IT support staff training.
8
Federal SAM Program
Challenges to Establishing Effective SAM:
• Reason it is not being already done – it is very hard• Commercial sector does not always do it well either• Data standards for feeder systems do not exist• Overall SAM Enterprise Frameworks do not exist • Implementing policy that integrates multiple key
business processes• Dealing with tangible and intangible assets that
have many different terms of use depending on the vendor, dealing with each vendor requires a unique approach
• Try not to create a process that requires excessive overhead for agencies
9
Discovery & Program Foundation•Recommend guidelines and strategic framework • Document lessons learned internal/industry• Asses current state-of-SAM across Government
Architect
Invest
Implement
FedITAM Program Realization• Launch Website so Citizens, Industry & Government can participate in advancing SAM• Highlight use of automated tools• Work with Agencies and LOBs re benefits
Govtwide SAM Programs
• Promote Govtwide standardization, consolidation and optimization
• FedITAM website available share best practices and tools
Federal SAM Program - Roadmap
10
Federal SAM Framework
The Federal SAM Framework focuses on process improvements using ISO 19770-1 and other SAM/ITAM related standards and tools for:
• Capturing inventories of deployed software, lists of approved software within FEA and agency enterprise architectures, CPIC investment portfolios, and authorized user data from CIOs;
• Capturing acquisition, purchasing, and negotiated license usage rights information from CAOs; and
• Capturing invoice, payment and finance information from CFOs.
11
Federal SAM Framework
• Highlights six key SAM process areas (ISO 19770-1) and 17 questions from chief officers:– Supports routine and extraordinary efforts to
standardize, consolidate, and optimize the management, purchase, and increased compliancy of IT assets.
– Supports collaboration and partnerships across the disciplines and between those responsible for enterprise architecture and standards, financial management, strategic sourcing and acquisition, IT operations, and asset management.
12
Federal SAM Framework
NOTES: The Federal SAM framework leads agencies towards higher levels of maturity in their software asset management programs so they do not continue to waste time and money with manual inventories, ineffective decision processes, and redundant software purchasing efforts.
Through inputs to and relationships with federal-wide (SmartBUY) or agency strategic sourcing efforts and the IT Infrastructure LOB program the SAM framework (1) moves vendors towards constantly improving and better securing their products for government enterprise use and (2) moves IT operations and their vendors away from spending too much time and money on purchasing or marketing on many disparate levels.
13
Federal SAM Framework
The goal of communicating a common framework across Government is to:
-- foster visibility of standards and assets, and promote better management, strategic sourcing, and accurate tracking
-- so that information, assets, people, and processes are adequately detected/identified, protected and
connected across the federal government.
14
Federal SAM Framework
NOTES: The Federal SAM Program & Framework recommends that every software acquisition should be aligned with: – OMB policy and guidance for software acquisition and
SmartBUY acquisition– Federal enterprise architecture (FEA)– Agency strategic plans and enterprise architectures– Federal security standards– Capital planning and investment controls (CPIC)– Legislated acquisition and IT requirements.
15
Federal SAM Framework
“The Govts SAM framework offers a view into integrated lifecycle management for IT assets”
The Government’s SAM Framework – 6 process areas that cross organizational boundaries:– Approving Software & Hardware– Managing the Buy– Managing Contract Compliance– Monitoring Inventory Usage– Complying with Policies & Standards– Financial & Capital Planning
16
Federal SAM Framework
Managing the Buy
Financial & Capital Planning
Approving SW & HW
Managing Contract
Compliance
MonitoringInventory
Usage
Complying withPolicies & Standards
Fed ITAM Integrated Life-Cycle
Management
17
Framework Process Areas
Approving IT Architecture Software & Hardware
• What IT assets are approved to run on the network architecture?
• What unapproved products are running on the network or are being purchased for deployment, exposing us to risk?
• Are we addressing the security areas of patch-management and network identity-management?
18
Framework Process Areas
Managing the Buy• What IT assets are good candidates for
cost-saving Smart Buy, GWACs, and other Strategic Sourcing agreements?
• What are relevant contract terms and clauses for enterprise-wide compliant use of assets?
• Do our ordering practices reflect the actual depletion, deployment, saturation, and utility rates of my organization?
19
Framework Process Areas
Managing Contract Compliance
• What installed assets expose us to piracy liabilities because they lack licensing agreements?
• Do our installations exceed authorized licensing?
• Are agencies in compliance with contract terms and are S/W and H/W vendors in compliance with federal policies?
20
Framework Process Areas
Monitoring Inventory Usage
• What installed assets are not being actively used; and (how) should they be re-used or retired?
• What assets are sitting on the shelf in large quantities reflecting potentially unwarranted ongoing expenses?
• What critical asset inventories are nearly depleted?
21
Framework Process Areas
Fostering Compliance with Policies & Standards
• What Federal policies and guidelines govern particular categories of IT assets?
• How are we working toward compliance with ISO 19770, UNSPSC, and other current or emerging global standards?
• What are current ITAM policy guidelines issued by OMB, NIST, and OGP; and is our agency in compliance?
22
Framework Process Areas
Financial & Capital Planning
• What are opportunities to increase return on investment and improve cash-flow through smarter buys and uses?
• What are noteworthy variances in unit pricing for similar products and how best can we close gaps and avoid costs?
23
How is it Working for US?
ID Management technology strategy for Implementing HSPD12
Initiative has clear and visible govtwide architecture related to a govtwide acquisition strategy which includes a public list of approved & certified products and services.
Website: http://www.IDManagement.gov
24
How is it Working for US?
SmartBuy/ESI/GWACs and other Strategic Sourcing agreements
Initiative has CoBranding between GSA and DoD - Use of common clauses, terms & conditions to achieve best value – Mandatory consideration of Smart Buy/ESI contracts in FAR Case 2005-014.
Website: http://www.gsa.gov/smartbuy
25
How is it Working for US?
IT Infrastructure Line of Business (LoB)
Initiative promotes use of automated tools and adoption of SAM/ITAM processes – Consolidated hundreds of infrastructure investments into 25 and applied highend consulting and engineering expertise to five-year plans.
Website: http://www.itinfrastructure.gov
26
How is it Working for US?
Strategic View of Automated Tools
Planning & Management
28%
Infrastructure Operations
46%
IT Security26%
Infrastructure Operations
Planning & Management
IT Security
27
How is it Working for US?
Strategic View of Tools # of Tools
% Total
Infrastructure Operations 520 46%
Planning & Management 317 28%
IT Security 291 26%
Total 1128 100%
28
How is it Working for US?
Questions Raised by Tool Analysis:
Do CIOs have the personnel, policies, and procedures in place to optimize IT assets?
Do CIOs know what they have, where it is, who is using their IT assets?
Do CIOs have the right tools and enough information to optimize and manage their IT assets?
Are CIOs buying tools using SmartBUY agreements?
29
How is it Working for US?
Created SAM Framework and built proof-of-concept Federal SAM repository and reporting tool
Initiative identified common data inputs and sources for using SAM automated tools.
Website: http://www.gsa.gov/feditam
30
How is it Working for US?
NOTES: Optimizing COTS software use requires collecting and analyzing SAM data using standard data collection best practices, such that data can be used within and across agencies toward making the Federal Government a leader in software investment management.
31
Sample Data Inputs
Acquisition & Finance(CAO) (CFO) (CIO)
Human Resources
(CIO) (CHCO)
IT InventorySystem
(CIO) (CFO)
(Optional) Personnel Information Agency org codeSub agency org codeRegion codeFile send dateFile Source NameFile NumberSenderPOC NamePOC Phone No.POC Email AddressEmployment StatusDepartment
Acquisition & Financial InfoAgency org codeSub agency org codeRegion codeFile send dateFile Source NameFile NumberSenderProduct NameProduct VersionManufacturer NameContract NumberLicense typeSIN NumberLicense descriptionNational Stock NumberPrice categoryQuantity PurchasedQuantity OrderedContract TypeContract DescriptionDate of OrderOrder Number
Cont’d…
Deployed Software Inventory DiscoveryAgency org codeSub agency org codeRegion codeFile send dateFile Source NameFile NumberSenderProduct NameProduct VersionManufacturer NameUser NameMachine NameIP AddressMAC AddressMachine PlatformLocationMachine type (formerly Class)Model No (formerly Model)RAMFree HDD CapacityTotal HDD Capacity Processor TypeCont’d…
Sample Inputs for Automated Tools and Life-Cycle Reporting
IT Architecture
(CIO)
Agency’s Approved Software ListAgency org codeSub agency org codeRegion codeFile send dateFile Source NameFile NumberSender Product NameProduct versionManufacturer NameProduct TypeProduct DescriptionSoftware CategoryProduct OSVersion Release DateApproving Agency NameTransaction CodeLoad Type
32
cont’d, Sample Data Inputs
Acquisition & Finance Human Resources IT Inventory
System
(Optional) Personnel Information
Acquisition & Finance, Cont’d…
Date of ReceiptPerson to ContactNo of Licenses ReceivedReceiving personLicense Start DateLicense End DateSmart BUY StatusFederal-wide FlagVendor NameVendor NumberInitial License CostAnnual Subscription CostAnnual Support CostAnnual Subscription & SupportBPA numberInvoice numberACT numberFund Code
Deployed Software Inventory Discovery
Cont’d…
No. of ProcessorsServer FlagMachine Serial NumberOS DomainDNS Host NameServer Manager NameServer Used asServer NameServer Contact NameHost NameSoftware categoryInstalled quantityDate Last UsedDate InstalledOS PlatformProcessor/CPU speedNo. IPS Machine
Sample Inputs for automated tools and Life-Cycle Reporting
IT Architecture
Agency’s Approved Software List
33
Reports
• Summary & Detailed Reporting aggregated by Organization • View by Product Name (Oracle, Lotus Notes, MS Windows, etc.)• View by Manufacturer (IBM, Microsoft, McAfee, etc.)• View by Server Name• View by Contract or Blanket Purchase Agreement Number• View by Fiscal Year (original purchase date)• List of Expired Licenses• List of Approved & Non-Approved Products • List of Charge Card Purchases• Customized Reporting (you create your own report template) • Administrative: List of SAM Tool Users • Administrative: History of Agency Data Refreshes• Executive Dashboard Reports:
– Actionable Advices and Alerts– Executive Spreadsheet– Store Documents and Reports
34
How is it Working for US?
Published website at www.gsa.gov/feditam to make technology strategy for Federal SAM visible to citizens, industry, and government so we can work together.
Contact and interact with US at [email protected]
Alan Vander Mallie
Federal SAM/ITAM Program Manager
Office of Governmentwide Policy
U.S. General Services Administration
Phone: (202) 501-6901
Email: [email protected]