It aac defense-it-cloud2013

Assuring National Security Mission Outcomes By leveraging IT innovations and industry standards of practice

Kevin Carroll, former Army PEO EISDr. Marv Langston, former DoD CIO

Gen Ted Bowlds, former AF ESC CMDR

OPS: [email protected]

703 768 0400

IT Acquisition Advisory Council An ICH hosted public/private do-tank

“If confirmed, I would review the implementation of Section 804 and make any necessary recommendations for improvement. I believe many of the challenges in the past were the result of factors such as inadequate technical maturity, undisciplined or poorly understood requirements, poor configuration management practices, the lack of

disciplined and mature software development processes, and shortages of qualified people.” Honorable Frank Kendall, OSD ATL

http://www.it-aac.org/

ICHnet.org Company Confidential

IT Acquisition Advisory Councilassuring the business value of IT

“A public/private do-tank dedicated to ushering in commercial innovations and industry standards of practice

outside the reach of the Defense Industrial Base”

Honorable Mike Wynne, Chairman Emeritus


IT-AAC PartnershipCatalysts for Sustainable IT Acquisition Reform

GSA, who have certified a series of low cost, high impact Agile Acquisition Packages in support of OMB's 25 Point Plan and the President's Efficiency Initiatives.

Center for American Progress (CAP), the White House's preferred think tank dedicated to improving govt efficiency.

Cloud Security Alliance (CSA), one of the largest and most robust Cloud community of practices.

Defense Acquisition University (DAU), establishing a robust IT Acquisition training and mentoring curriculum.

Interoperability Clearinghouse (ICH), providing a repository of benchmarked best practices, solution architecture templates and Agile Acquisition IT methods (exceeding Clinger Cohen Act and NDAA Section 804 directive)

International Information Systems Security Certification Consortium (ISC2) providing the most highly recognized Information Security training available.

Information Systems and Security Association (ISSA), leaders in establishing industry IA standards of practice

Object Management Group (OMG), providing standards for IT infrastructure, Cloud Computing and SOA

University of MD School of Public Policy,

University of TN National Defense Business Institute,

Complimented by over 10,000 small/innovative businesses and a powerful network of world renown subject matter experts who are mutually dedicated to sharing innovations, standards of practice and lessons learned needed to achieving predictable outcomes

Emergent Partners: UK Trade Mission, UK MOD, Canadian Defence, VA Tech, MIT, CTC, UVA, ITIF, CMU SEI


IT-AAC “do tank” assuring business value of IT

IT-AAC Core Capabilities:

Just-In-Time IT Expertise critical to overcoming cultural resistance to change. Hundreds of years of lessons learned are invaluable in risk mitigating.

Rapid Tech Assessment to define the realm of the possible and inform the requirements process. Builds on NIAP and AF Solution Assessment Process (ASAP), evolving from a DARPA Research Grant called DCAM.

Agile IT Acquisition –the Acquisition Assurance Method (AAM) establishes a standardized framework for quantitative and data analysis that is based on Evidenced Based Research. The fact based approach was derived from benchmarked commercial best practices and adapted to meet FAR and White House policy directives.

SOA/Cloud Standards of Practice – Service Level Management, Risk Assessment Tools, Governance Models developed by SDO partners and enhanced by Global 500 companies

Innovation Research Coop – a virtual innovation lab composed of Universities, Standards Bodies, Communities of Practice, Innovators and SMEs that are not vested in the status quo, reaching deep into a $3.8Trillion global IT market. Defining the realm of the possible based on Evidenced Based Research.

GOAL: To provide decision makers with a conflict free IT Acquisition Advisory that ushers real world expertise, Decision Tools, Agile Acquisition Methods needed to enable rapid

implementation of emergent COTS/Open Source solutions that assure mission outcomes.

“Together, these steps will help to catalyze a fundamental reform of Federal IT, which is essential to improving the effectiveness and efficiency of the Federal Government” Peter Orszag, White House,

OMB Director


Information Technology Evolution

Info

rmat

ion

Dri

ven

Cap

abili

ty

• Central computer center, slow turn around• One size fits all• Limited reuse of application modules

1950 1960 1970 1980 1990 2000 2010 2020

1. Centralized - Mainframe

2. Client/Server - Decentralized

3. SOA - Cloud

• PC enabled and network• Software distributed in both server and client computers

• Heavy focus on software development and point to point integration

• Virtualized compute; global network enabled, plug & play

• IT Infrastructure decoupled from Applications

• COTS & OSS Integration, Software as a Service

Adding functional capability has become easier with each new wave

We are in early stages of Wave 3 information technology

Mainframe and Client-Server waves remain in place

Waves represent many co-dependent technologies, matured over time

But enterprise infrastructure gaps & vulnerabilities have become more critical

Innovations of the market and benchmarked best practices are invisible to the Defense Industrial Complex

SOA/Cloud Acquisition Challenge We are delivering yesterdays technology tomorrow


Four Dimensions of Agility Its About Leadership & Culture

ORGANIZATION HR/KNOWLEDGE

PROCESS/POLICY INCENTIVES/CULTURE

Empower decision makers, establish cross

functional collaboration. Establish IT Acquisition Center of Excellence with IC

partners.

Fill IT Expertise and Knowledge gap thru revamped IT training and mentoring

programs. Establish an IT Acquisition Center of Excellence with FAI, DAU and IT-AAC. Establish public/private partnerships with non-traditional

COPs.

Establish Value Streams, reward risk takers, encourage small failures,

focus on mission outcomes vs compliance.

Sunset old policies and acquisition processes, embrace existing Agile Frameworks like the Acquisition Assurance Method, Decentralize Decision Making and empower

leadership.

“People are critical in the acquisition process and getting the right people in terms of ability and expertise is absolutely critical in making the process work effectively” Kevin Meiners, OUSD Intel


OSD ATL view on IT Reform2009 DSB Re-Enforced By Many

Acquisition• Long acquisition cycle-times

• Successive layers … built over years • Limited flexibility and agility

Requirements• Understanding and prioritizing requirements

• Ineffective role and comm in acquisitions

Test/Evaluation• Testing is integrated too late and serially

• Lack of automated testing

Funding & Governance• Program-centric, not capability-centric

• Overlapping decision layers (e.g., multiple review processes)• Lack of customer-driven metrics

• Funding inflexibility & negative incentives

“The inability to effectively acquire information technology systems is critical to national security. Thus, the many challenges surrounding information

technology must be addressed if DOD is to remain a military leader in the future. The development of a new acquisition process, coupled with clear roles

and responsibilities of key decision makers, and an experienced leadership and workforce, are important elements of the solution.” 2009 Defense

Science Board Report to Congress


Summary Root Cause Analysis Summary findings of 42 Leadership Workshops, 40+ Studies & 30+

Major IT Program Failures across DHS, DoD and the IC

1. Us of Weapon Systems IT Acquisition Methods; Bureaucratic processes, upside-down incentives, redundant oversight, missing metrics (MOE, SLA) puts focus on compliance vs outcomes. MilSpec Acquisition methods do not work for fast paced IT market. DODAF, JCIDS, NESI, LISI were designed for top down Weapons Systems (by FFRDCs), and have no track record for successful delivery of IT (which average 91 months with 16% success rates).

2. Shortage of Qualified IT Expertise: FFRDCs and DIB Contractors lack organic access to commercial best practices or expertise in real world IT implementations. Concepts like SOA, Cloud Computing and Service Level Management cannot be embraced without access to industry lessons learned and experiential data.

3. Innovations and Best Practices Stifled: Contractors with IT buy/sell tech agreements or outcomes cannot objectively advise or firewall of OCI issues. Defense Industrial Complex suppliers are vested in legacy stove pipes and design-to-spec development approaches driven by the Weapon Systems Engineering methods.

4. Culture: Risk Avoidance vs Risk Management: Culture and Process focus on risk avoidance, and fail to identify or remediate real execution risk. Decision Analytics must focus on outcomes and maintain stake holder involvement. Title 41 violations abound. Without strong leadership focused on mission outcomes, change will never occur. "There is a lot of talk about agility, speed, acq reform, etc, but , in general, no one seems to be willing to take the actions needed. They would rather

just talk about it. When you look at the chart that shows the DoD acquisition model (you know the one I’m talking about that looks so byzantine), every would agree that it doesn’t make sense. And from the point of SEI or IT-AAC, even if we have built a better mousetrap, it won’t matter if no one listens. Right now, I see DoD increasingly moving away from good practices, to just giving up." CMU SEI Senior Executive on DOD’s struggle with IT Acquisition

Reforms


Transitioning JIE & IC-ITE Theory into Implementation Reality

Enterprise Architecture. Leverage IT-AAC Benchmarked SOA Best Practices and Architecture Design Patterns.

Common Standards. IT-AAC’s provides direct access to emerging Standards Partners and Standards of Practice of a $3.8Trillion market.

Efficient Business Operations. IT-AAC’s can provide expansive body of knowledge and benchmarked Fortune 500 best practices and lessons learned.

Effective Oversight. The Acquisition Assurance Method (AAM) is a robust Decision Analytics Framework proven to mitigate risk while assuring timely deliver of measurable outcomes

Performance Management. IT-AAC’s Standards Partners have ready to adopt SLAs and Performance Metrics.

Portfolio and Investment Management. DoD can immediate leverage IT-AAC’s existing collaborative structure that is open and conflict free.

Enhance public/private partnerships. IT-AAC provides an mature, open and inclusive public/private partnership that already reaches academia, standards bodies, innovators and non-traditional communities of practice

“Drive for stable requirements and funding. Use mature technologies, or fund and manage technology development rigorously. Demand domain credentials and experience in both government and industry teams. Insist on transparency. And conduct regular independent reviews.”

Al Munson Jr, first director of U.S. national intelligence, acquisition and technology


IT-AAC Acquisition Center of ExcellenceLeveraging Industry Innovations and Standards of Practice

MissionArchitecture:• Gaps• Mission Prioritization• Constraints

Technology Architecture:• Selection• Certification• Interop Spec• Openness

Service Architecture• Feasibility• SOA Attributes• SLAs• Shared Services

Industry CxOs

InnovatorsVendors/ISVs

SDOs/Labs/Universities

Align Proven Capabilities w/ business needs

Model New Solution

Solution Architecture Validation

and Demonstrations

ValueStreamAnalysis

ProvenIT Solutions

VettedSolution

Architecture

KnowledgeExchange

Prioritized Business

Requirements

Y

N

N

Y

Validated PastPerformance

Measurable OutcomesBusiness Metrics

Solution SetEvidenced-BasedAssessment

NormalizedService Components

Analysis of Alternatives

Solution Exist?

Service Oriented

Specs and SLAs

COTS Comparative

Analysis, Evidence

Mission Requirements& Capability

Gaps

Biz ProcessRe-Engineering

COTS/OSSInnovations

Best PracticesLessons Learned

Research,Testing Results

AcquisitionBluePrints & SLAs


Acquisition Assurance Method (AAM)SDLC touch points

COTS/OSS AoABiz Case & SLAsCOTS/OSS AoA

Biz Case & SLAs

Performance BasedAcquisition (increments)

Performance BasedAcquisition (increments)

EstablishStrat Plan &

Policies

EstablishStrat Plan &

Policies

Measure the Gap & Impact

Measure the Gap & Impact

Define RealmOf the PossibleDefine Realm

Of the Possible

Outcome & RiskMetrics & SLAs

Outcome & RiskMetrics & SLAs

Validate MarketVitality, Risks

Validate MarketVitality, Risks

Reward Value& Past Performance

Reward Value& Past Performance

Assure TimelyTransition

Assure TimelyTransition

COTS/OSS FeasibilityAssessment

COTS/OSS FeasibilityAssessment

StrategicPlanningStrategicPlanning

COTS/OSS ServiceSpecifications

COTS/OSS ServiceSpecifications

Mission & CapabilityValue Analysis

Mission & CapabilityValue Analysis

Defining the Mission and Policy Drivers

Define the Mission Gap

Defining baseline and target performance measures

Validate stake holders, funding strategies, linkages to the FEA

Identify Key Capabilities that can be enabled with COTS/OSS

Understanding capabilities can be leveraged and prioritize

Develop Metrics and KPPs

Validate Stake Holder Agreements and Predictable outcomes

Market Research; Standards, Emerging Tech, Best Practices

Feasibility of available COTS technology to satisfied the critical capabilities

Determination of risk with custom vs COTS/OSS solutions

Service Oriented Enterprise

Architecture soundness of COTS technology to satisfied the required capability

Define Core Infrastructure Services to be used. Create Reference Implementation

Tiltle 41, Mark Research

COTS Validation prior to election through Industry vetting

Common score card approach

Assessing Implementations Reusable creditation & accreditation

Testing and Validation on Capabilities

User Acceptance Testing

Validation of Capabilities Delivered

Portfolio Management of Capabilities delivered and gaps

Stakeholder and partner expectations captures

Define target business requirements and processes

Solution Architecture (working draft): Business modeling

Prioritize KPPs

& MOEs

Prioritize KPPs

& MOEs

Acq

uis

itio

n A

ssu

ran

ce

Meth

od

Defin

ing

th

e 8

0%

CO

TS

/OS

S S

olu

tion

Iterative3-6 month

Cycle

Certification and Accreditation

Certification and Accreditation

Capabilities PrioritizationCapabilities Prioritization

Predictable Outcomes


Resource Considerations for Innovation Research & IT Acquisition support

Partner Type

SDLC Phase

FFRDC User Groups, Communities of Practice

Standards development orgs, trade associations

Non-profit Research Institutes, UARCs

Consultants, IV&V, A&AS Firms

Innovators, Tech Mfg, Open Source

System Integrators

Requirement, Gap Analysis

Only when no other company can support (4).

OMB Lines of Business offers Critical Role (6,7)

SDOs = Primary driver for open systems. Conflict free structures (2,3)

Provide Conflict free structure and economies of scale (2,6)

Limited access to industry lessons learned.

Great source for customer use cases, lessons learned.

FAR OCI Rules limit participation

Architecture and Planning, Mkt Research

Only when no other company can support (4)

Agency CxOs provides critical guidance (2, 3)

Provide standards of practice, not support

Principle source of expertise

Primary source of expertise

FAR OCI rules limit participation

FAR OCI rules prohibit direct support

PMO & IV&V Support

Only when no other company can support (4)

Not inherently governmental

Assess to standards of practice of suppliers

Optimized for this area

Key role FAR OCI rules prohibit participation

FAR OCI rules prohibit participation

Solution Engineering

Forbidden if available from other sources (4)

Not inherently Governmental

Assess to potential suppliers already in market

Support role, provide process standards, lessons learned

Support role Provide developmental

Primary partnership area

Solution development & integration

Forbidden, may not develop material solutions (4)

Not inherently Governmental

Potential OCI, objectivity

Potential OCI, Lack Resources & Expertise

Internal IV&V for Prime contract reduces risk.

Provider of key technologies

Primary partnership area


Past Performance = Assured Outcomes

Where AAM and IT-AAC have proven: better, faster, cheaper

Navy: Assessment of AFLOAT Program – CANES SOA & Security Strategy

Contact Value: $350kEliminated hi-risk Requirements by

23%, $100Ms in potential savings

USAF: Streamlined COTS Acquisition Process. Applied to Server Virtualization.

Contract Value: $500kEstablished optimal arch with ROI of

450% & $458 million savings

USAF: Full application of AAM ModulesFor eFOIA (KM)

Contract Value: $150KCompleted AoA, BCA, AQ Selection

in just 4 months.

USMC: Solution Architecture, AoA and BBA for Cross Domain, Thin Client

Contract Value: $300kGreatly Exceeded Forecasted Saving

in both analysis and acquisition

GSA: Financial Mgt System consolidation using AAM.

Contract Value: $500kMoved FMS from OMB “red” to “green”. Eliminated duplicative investments that saved $200M

BTA: Build out of AAM into BTA IT360, with two completed PilotsContract Value: $300kM

$300 million in potential savings with minimal investment

BTA: Apply AAM to complete AoA and BCA for DoD SOA Project

Contract Value: $250kReduced pre-acquisition cycle time

and cost of Analysis by 80%(4 months vs 18)

GPO: Developed Acquisition Strategy for Future Digital System FDSys

Contract Value: $150kLed to successful acquisition and

implementation on time, on budget and 80% cheaper than NARA RMS

JFCOM: MNIS Evaluation of Alternatives for Cross Domain Solutions

Contract Value: $350kEvaluated 100’s of Options in 90 days,

enabling stake holder buy in and source selection.

“we believe that it is necessary to develop a comprehensive set of metrics to give transparency to program execution, avoid subjective judgment, and avoid the wasting of time in both executing commands and in

oversight offices. This is consistent with the fundamental recommendations of the Packard Commission and Secretary Robert Gates’s initiative to eliminate inefficiency and waste.” PARCA-RAND Root Cause Analysis of

Nunn-McCurdy Breaches

ICHnet.org Company Confidential14

Fortune 100 SOA/Cloud Benchmarked Best Practices and Lessons Learned

OSD HA SOA Implementation Best Practices

BACKUP


SOA is about the Business: An architectures style and enterprise governance structure for communicating business needs and measurable service agreements associated with shared enterprise technology services.

SOA is not about Technology, Cloud is the Implementation Side of SOA!

SOA concepts can be operationalized with almost any technology; Web Services, COBAL, ISB, JAVA, RDB, WSDL, UDDI, etc… But focusing on technology & Standards is a common failure/anti-pattern

What is SOA/CloudA Fortune 100 User Perspective


Six CSFs for SOA/Cloud Transformationthat ICH can Assist you in achieving Success

To establish an SOA/Cloud Leadership must address six critical success factors;

1. Establish common requirements and capability development methods that remove ambiguity and over specification. Consider adoption of Capability Assessment Method refinement.

2. Revamp current Architecture Governance and Solution Engineering processes that drive a technology neutral SOA paradigm in automating Business Process and Infrastructure Capabilities. This requires access to commercial expertise and best practices.

3. Adopt SOA enabled methods that drive Reusable & Standardized Solution Architectures, Performance Metrics and Assessment Results. Reuse can significantly reduce cost, risk and cycle times.

4. Adopt a standardized data interoperability framework the establishes a common vocabulary and standards of practice established within a true public/private partnership.

5. Leverage public/private partnership structure and Solution Architecture Working Group approach that will establish standards of practice for community adoption and criteria for assessing the business fit of COTS, GOTS and Open Source Solutions.

6. Establish collaborative mechanisms by which practitioners, non-traditional suppliers, innovators, standards bodies and communities of practice can participate.

Weapons Systems Style Processes doesn’t work for IT or SOA

Weapons Systems Style Processes doesn’t work for IT or SOA


– Governance: Most Critical, Senior Mgt have Iron Fist on Common Data Model and Infrastructure services. Funding control is paramount.

– Enterprise Architecture (EA): DODAF lacks Business Outcomes, COTS/Open Source Assessments and Performance Metrics. EHR EA efforts must be complimented with Bottom up Solution Architecture Views and Service Level Agreement (SLA) linkages. Using OMB’s FEA PMO would better enable VA architecture alignment

– Document and assess your current portfolio of IT Capabilities in a Services/Value Context. Leverage your current investments and licences.

– Shift Requirements focus to Capability & Service Component outcomes and measures. – Evaluating IT (COTS) in a Services and Capability context: View IT for what business and

infrastructure services are provided vs technology/standards focus. – Assessments (TA, AoA, Market Research, JCIDS, DODAF): Must have a bottom/service view of

COTS/Open Source that drives decisions– Key SOA Standards (process and technology), BPM, BPEL, AAM, FEA PMO Reference Models.– Key Technology and Approaches: Focus on Measures of Effectiveness (MOE) and SLAs– Security and ID Mgt Decisions also must be addressed early on at each level of architecture

decomposition. – Certification and Accreditation (C&A) and Testing considerations must be incorporated into the

Acquisition Lifecycle.

Cloud Key Impact AreasEach must be re-oriented towards Services/Outcomes


The Desired Outcome – Agility Through Design- Time & Real-Time SOA with Active Policy Enforcement

Real Time and Non-Real Time Services

Presentation Services

Security Services

Discovery Services

Management Services

Mediation Services

Messaging Services

Runtime Infrastructure Components Modelof the CANES SOA Reference Architecture

Machine-Machine enforcement


SOA/Cloud Success is Predicatedon Common Service Infrastructure


A 10 Company Distillation ofBest Practices

Best Practice Number 1: To succeed at SOA: align with your organization’s leadership by building services that are tightly coupled with the organization’s most important goals.

Best Practice Number 2: Services must be easy to find and understand. Those who do use them must be rewarded.

Best Practice Number 3: Ensure that services are well documented and widely publicized.

Best Practice Number 4: The SOA must allow data to flow from one end of the enterprise to the other with its meaning intact and in a secure fashion.

Best Practice Number 5: Don’t build SOA. Solve a business problem …. Agility and cost saving will follow. This ancillary to Best Practice 1. Build from within.


Recommendations to the FEDSIT-AAC is organized to help implement these CSFs

1. Focus on a major problem and let a SOA approach evolve from that problem.2. Determine what is a good service and enforce it3. Don’t start till your metadata is defined … you will never recover4. Use strongly enforced data policy and active governance policy enforcement to create

machine-machine mechanism for a real-time SOA needed in the Afloat program5. Reuse as much as possible from legacy (do not start from scratch)6. Determine how services are to built for the OSD HA, you cannot assume separate

funding will achieve enterprise SOA service components and pay for themselves during the life-cycle

7. Create and fund service component owners who’s customers will be the function al application owners

8. Build service domain that cover large major functions and not an array of small service components (subroutine-like; remember FEDEX has only 12)

9. Learn how to accredit a reusable service component, possibly from enclave testing policy.


Ph

ase 3

Ph

ase 3

Ph

ase

2P

hase

2P

hase 1

Ph

ase 1

What IT-AAC Proposes in first 3 monthsto operationalize IC ITE

1. Engage in contract to tap IT-AAC coalition of public service partners: tap alternative resources and expertise to provide critical resource support to the SD, Task Force and Services to guide successful implementation of Sec804 in terms of process, culture, incentives and mentoring. Leverage a network of non-profits and experts committed to achieving lasting IT Acquisition Reform.

2. Use IT-AAC as an IPT for establishing consensus and gaining buy-in among key stake holders. Use IT-AAC collaboratory to support AF requirements in meeting Sec 804 Implementation Deadline. “804 Solution” must address weakness of all acquisition lifecycle processes; requirements (JCIDS), architecture (DoDAF), tech assessment (TRL), acquisition strategy, source selection, decision analytics (oversight).

3. Conduct Readiness Assessment & Root Cause Analysis: of current acquisition ecosystem (processes, culture, acqu resources and incentives) with public/private partners. Conduct impact assessment and cost of maintaining status quo. Establish Critical Success Factors.

4. Repurpose Existing Benchmark of SOA/IT Acquisition Best Practices: Benchmark existing innovative/industry IT Requirements, Architecture, Assessment & Acquisition practices, approaches, processes, processes standards that have already been proven in the market. Reduce cost and risk of “build from scratch” or “reshaping broken processes”. Identify high risk programs where new processes can be piloted.

5. Pilot Agile Acquisition Methods that operationalize NDAA Section 804, HR 5013 process implementation, training and piloting of the new IT Acquisition process. Mentor high profile IT programs ( who are already looking for change) through new 804 process; TMA’s EHR, DEEMs, Army FCS, DISA NECC, AF SOA, etc.

6. Roll out process training and program mentoring in partnership with NDU, DAU, ICH and SEI. Build out DAU’s IT Clearinghouse to capture benchmarked industry best practices and proven innovations of the market.

“If confirmed, I would review the implementation of Section 804 and make any necessary recommendations for improvement. I believe many of the challenges in the past were the result of factors such as inadequate technical maturity, undisciplined or poorly understood requirements, poor configuration management practices, the lack of disciplined and mature software development processes, and shortages of qualified people.”

Honorable Frank Kendall, OSD ATL


Pro

cess

Pro

cess

Tech

nolo

gy

Tech

nolo

gy

Peop

leP

eop

le

On-going Support Activities needed for Sustainable IT Acquisition Effectiveness

1. Workforce Empowerment: Establish robust IT Leadership Training and Mentoring program that builds on DAU/IT-AAC Partnership. Build out Best Practices Clearinghouse with reusable acquisition decision templates and solution architectures already proven in the market

2. Continuous Leadership Roundtables: directed at sharing lessons learned, gaining trust, exposing best practices and improving stake holder communications.

3. Industry Benchmarking and Innovation Research: Closing the knowledge gap. Baseline real world metrics and service levels. Leveraging ICH’s deep network of experts and expertise not available from traditional sources. (the realm of the possible).

4. Standards of Practice: Benchmarked IT infrastructure/Cloud design patterns and associated metrics that can be readily adopted to mitigate decision risks

5. Implement Agile Acquisition: Refresh SLDC processes and policies that are derived from proven practices & tuned for the fast paced IT market. Establish stake holder roles and responsibility that assure continuous monitoring and feedback.

6. Knowledge Management: Establish continuous Innovation Research and lessons learned exchanges that break down organizational stove pipes and enable info sharing.


IT-AAC = Sustainable IT ReformsAgile Acquisition, Standards & Innovation Research

The IT-AAC is uniquely positioned to drive sustainable IT Reforms;

Embrace of Open and Agile IT Acquisition frameworks (per DSB report) already proven to meet challenges of the fast paced IT market (AAM is the only conforming to-date)

Dynamic access to evolving commercial innovations, implementation best practices and lessons learned (CCA), outside the reach of the Defense Industrial Complex

A bottom up view of commercial capabilities that feeds the requirements process, (realm of the possible) to prevent over specification and costly custom development.

Means of deriving SLAs from both Measures of Effectives and Standards of Practice, critical to managed services, capability based acquisition and service level management.

Means of empowering and educating IT Program Management workforce via time proven expertise, tapping a wide range of gray beards with no inherent conflicts of interests.

“To decrease risk in source selections, the DoD will follow proven commercial processes,increasing the emphasis placed on past performance and experience on prior

government andcommercial efforts in selecting IT providers.” DepSec Bill Lynn on Section 804

Implementation Plan

It aac defense-it-cloud2013

Documents