DoD Digital Modernization Strategy: DoD Information Resource Management Strategic Plan FY19-23The DoD Digital Modernization Strategy, which also serves as the Department’s Information Resource Management (IRM) Strategic Plan, presents Information Technology (IT)-related modernization goals and objectives that provide essential support for the three lines of effort in the National Defense Strategy (NDS), and the supporting National Defense Business Operations Plan (NDBOP). It presents the DoD Chief Information Officer’s (DoD CIO) vision for achieving the Department’s goals and creating “a more secure, coordinated, seamless, transparent, and cost-effective IT architecture that transforms data into actionable information and ensures dependable mission execution in the face of a persistent cyber threat.”1 This vision is guided by four priorities and framed within four organizing goals. DoD CIO Priorities: • Cybersecurity • Artificial Intelligence (AI) • Cloud • Command, Control and Communications (C3) Digital Modernization Goals: • Innovate for Competitive Advantage • Optimize for Efficiencies and Improved Capability • Evolve Cybersecurity for an Agile and Resilient Defense Posture • Cultivate Talent for a Ready Digital WorkforceThis strategy also fulfills the Office of Management and Budget (OMB) requirement to provide a description of how information resources management activities help accomplish agency missions, and ensure that information resource management decisions are integrated with organizational planning, budget, procurement, financial management, human resources management, and program decisions.2 It includes narratives that summarize the Department’s approach to IT modernization, focused on the Joint Information Environment (JIE) Framework (in Section 3), and describe how Cybersecurity is being strengthened (Section 4). These efforts support achievement of the DoD CIO’s modernization vision, and the goals and objectives identified in this strategy. Finally, appendices provide a brief description of promising technologies; tables showing alignment to the NDBOP, the President’s Management Agenda, and DoD IT Reform Initiatives, respectively; and a summary of DoD CIO authorities.DoD Chief Information OfficerDODCIO_1c8fd56c-ae8c-11e9-b5e7-fc4ee6bfe94dRole of the DoD CIO -- The DoD CIO is the Principal Staff Assistant (PSA) and senior advisor to the Secretary of Defense for information technology (IT) (including national security systems), information resources management (IRM) and efficiencies. The DoD CIO is responsible for all matters relating to the DoD Information Enterprise, including communications; spectrum management; network policy and standards; information systems; cybersecurity; positioning, navigation, and timing (PNT) policy; and the DoD Information Enterprise that supports DoD command and control (C2). The DoD CIO is tasked with improving the combat power of the Department - as well as its security and efficiency - by ensuring that the Department treats information as a strategic asset and that innovative information capabilities are available throughout all areas of DoD supporting warfighting, business, and intelligence missions. The DoD CIO is a vital member of the Office of the Secretary of Defense (OSD) staff that helps the Warfighter by fulfilling its PSA and Clinger-Cohen Act (CCA) roles that guide the Department in the incorporation of more agile, efficient and effective technology and practices. The DoD CIO works closely with other DoD and OSD Components in fulfillment of its responsibilities. As appropriate, the DoD CIO collaborates and coordinates with organizations including (but not limited to) the Chief Management Officer (CMO), the Office of the Under Secretary of Defense for Policy (OUSD(P)), the Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)), the Office of the Under Secretary of Defense for Research and Engineering (OUSD(R&E)), the Office of the Under Secretary of Defense for Intelligence (OUSD(I)), the Military Departments (MILDEPS), Joint Staff, and the Combatant Commands.David L. NorquistPerforming the Duties of the Deputy Secretary of DefenseAccelerated transition to foundational enterprise capabilities and services_1c8fd71a-ae8c-11e9-b5e7-fc4ee6bfe94dTo enable Department-wide IT modernization_1c8fd80a-ae8c-11e9-b5e7-fc4ee6bfe94dModernizationDoD CIO Management System -- This management system will enable continual, comprehensive Department-wide ITmodernization in a common, coordinated way. Furthermore, it will accelerate transition tofoundational enterprise capabilities and services, freeing DoD Components to focus on theirmission-unique capabilities and services, as shown in Figure 4 below. Combined with policy andgovernance changes, it will shift the Department from an "opt-in" approach to enterpriseservices. Leveraging commonalities among DoD Component, the many overlapping andduplicative IT systems, programs, projects, services, capabilities, operations, and governanceconstructs in the Department will be more effectively synchronized, consolidated, and integrated.Benefits of this shift will include:Speed• Increased speed and reduced duplication of effort – increasing IT return on investment (ROI)Non-DuplicationROIStandardization• Consistent, standardized enterprise IT architectures – supporting faster fielding of new capabilities, interoperability, usability, and improved cybersecurity risk exposureTransparency• Increased budget transparency for DoD IT expendituresConvergence• Convergence of Component network infrastructure - reducing complexity and costEfficiency• Eliminates fielding of unnecessary capabilities and services - reducing program overheadCost Effectiveness• Enterprise acquisition/licensing discounts - reducing infrastructure and application licensesAgilityThe future DoD digital environment will provide seamless, agile, resilient, transparent and secure infrastructure and services that advance DoD information superiority and simplify information sharing with mission partners.ResilienceSimplicityInnovationIn accomplishing this, the future environment will leverage a number of innovative technologies, described in Section 3 and Appendix A, thatpromise to provide increased effectiveness, efficiency, and security. SecurityInnovationInnovate for Competitive Advantage_1c8fd8c8-ae8c-11e9-b5e7-fc4ee6bfe94d1Joint Artificial Intelligence Center (JAIC)Cloud and cognitive computing will significantly alter warfighting and defense businessoperations. Recognizing this, the Department established the Joint Artificial Intelligence Center(JAIC) to accelerate delivery of AI-enabled capabilities and is partnering with industry tosecurely deliver commercial cloud capabilities in alignment with mission requirements.DoD Information Network (DODIN)Modernization of warfighter support systems will enable improved command and control (C2),information sharing, and decision support, through a rich and diverse set of analytic capabilitiesfueled by data from sensors across the DoD Information Network (DODIN).Defense Information Systems Network (DISN)Modernization ofthe Defense Information Systems Network (DISN), a key component of the DODIN, willprovide critical enhancements necessary to fully realize the benefits from cloud computing, bigdata analytics, mobility, Internet of Things (IoT), increased automation and cognitivecomputing.4Joint ForceIncreased availability and use of secure, mobile, wireless platforms across theDepartment will increase Joint Force maneuver, accuracy, and information advantage.Healthcare FunctionsAdditionally, DoD will improve the efficiency and effectiveness of healthcare, logistics andother warfighting support functions. Enhanced delivery and protection of Positioning, Navigationand Timing (PNT), and development of a resilient, secure, and adaptive tactical IT infrastructure,will improve the Joint Force’s ability to operate in denied, degraded, contested, congested, andoperationally limited environments.Logistics FunctionsWarfighting Support FunctionsInnovation is a key element of future readiness. It is essential to preserving andexpanding US military competitive advantage in the face of near-peer competition andasymmetric threats. A theme running through the National Defense Strategy—and subordinatestrategies like the Artificial Intelligence Strategy—is that preserving and expanding our militaryadvantage depends on our ability to deliver technology faster than our adversaries and the agilityof our enterprise to adapt our way of fighting to the potential advantages of innovativetechnology. The Department will evaluate opportunities for innovation, pursuing those deemedmost suitable to address military problems and including those likely to deliver leap-aheadcapabilities. JAICEstablish the Joint Artificial Intelligence Center (JAIC) to AccelerateAdoption and Integration of AI-Enabled Capabilities to Achieve Mission Impact at Scale_1c8fd972-ae8c-11e9-b5e7-fc4ee6bfe94d1.1Joint Artificial Intelligence Center (JAIC)The commercial sector is in the midst of a revolution in AI that isreshaping business and society. The 2018 NDS highlights that AI “will change society and,ultimately, the character of war.” The JAIC will accelerate DoD’s adoption and integration of AIcapabilities at speed and scale. It will operationalize AI capabilities by overcoming policy,technical, and financial roadblocks that prevent enterprise-level deployment, and by leveragingthe capabilities established through DISN modernization (as described in Goal 1, Objective 8).The JAIC will collaborate with DoD Components (e.g. OUSD(R&E), OUSD(I), MILDEPS,Combatant Commands) to synchronize DoD-wide AI activities to enhance operationaleffectiveness and lethality, and increase efficiency of back-office business functions.Commercial InnovationDeliver a DoD Enterprise Cloud Environment to Leverage Commercial Innovation_270e496a-afbd-11e9-a8f7-f6f9ed84a5a71.2DoD CIODoD CIO will collaborate with DoDComponents (e.g., OUSD(R&E), MILDEPS, Combatant Commands) to support achievement ofthis objective.OUSD(R&E)MILDEPSCombatant CommandsThe advent of commercial cloud capabilities is changing the way DoDdevelops, delivers, deploys, and ultimately, buys applications, systems, and services. Cloud is thefoundation upon which DoD will build and scale more effective cybersecurity, advancedanalytical capabilities, better command and control, and future enabling technologies. Thisfoundation will enable the Department to organize massive amounts of data and support rapid access to information for improved decision-making, preserving and extending our militaryadvantage. To better take advantage of this information, the optimized enterprise cloudenvironment will also provide a platform for advanced capabilities such as machine learning(ML) and AI that are necessary to increase decision-making quality, speed, and lethality. DoDwill partner with industry to securely deliver commercial cloud capabilities in alignment withmission requirements and will manage these capabilities across the enterprise, to include thetactical edge (e.g., Denied, Degraded, Intermittent or Limited-bandwidth (D-DIL)environments), for improved effectiveness and efficiency. C4Modernize Warfighter Command, Control, Communications, and Computer(C4) Infrastructure and Systems_270e4c94-afbd-11e9-a8f7-f6f9ed84a5a71.3C4 SystemsOUSD(R&E)MILDEPSCombatant CommandsGuide DoD investment to modernize Joint/Allied/Coalition C4capabilities that support and enable the Joint warfighter. In collaboration with DoD Components(e.g., OUSD(R&E), MILDEPS, Combatant Commands), outline the way ahead for futuredevelopment, implementation, fielding, and sustainment of strategic and tactical C2 andcommunications systems. Ensure that solutions are operationally effective in D-DILcircumstances.DataTreat Data as a Strategic Asset_270e4df2-afbd-11e9-a8f7-f6f9ed84a5a71.4The full benefits of decision-making, information sharing, cloudmigration, AI, and other DoD objectives stated in this strategy are dependent upon DoD’s databeing visible, accessible, understandable, trusted, and interoperable as prescribed by DoDInstruction (DoDI) 8320.07. Data owners and their communities of interest (e.g., financial,logistics, healthcare, human resources, cybersecurity, records management) are responsible formuch of the necessary work. However, essential infrastructure (e.g., IT services registry, metadata registry, authoritative data source registry) and defined, standardized data tags or labels donot currently exist. Additionally, the Department has no enterprise search capability to enablediscovery of critical DoD data across its network security domains.DoD CIO is collaborating with the DoD CMO and Joint Staff on initiatives to support thisobjective. Joint Staff is driving development of data standards supporting interoperability.Separately, the FY2018 NDAA established a comprehensive and detailed set of Congressionalexpectations for the DoD CMO with respect to the treatment of data, summarized as follows:1) Establish policy and governance for Common Enterprise Data related to business operationsand management; 2) Conduct pilot programs to extract this data from relevant systems;3) Analyze that data to generate insights that answer critical operational and business questions; 4) Evolve the pilots into a Data Management and Analytics Shared Service; and 5) Develop anImplementation Plan. The DoD CMO outlined its approach to Congress in December 2018. Collaboration, Partnerships & InteroperabilityStrengthen Collaboration, International Partnerships, and AlliedInteroperability_270e4f00-afbd-11e9-a8f7-f6f9ed84a5a71.5North Atlantic Treaty Organization (NATO)AlliesInternational PartnersCoordinate efforts across the DoD, North Atlantic Treaty Organization(NATO), Allies, and other international partners to advance warfighting interoperability andcoalition operations. Deepen C4 capability and information sharing. Maximize communications,export/sales, and other Security Cooperation activities with allied partner nations.The Mission Partner Environment (MPE) enables the DoD to collaborate, share information, andconduct operations with mission partners. MPE connects DoD with the whole of U.S.government, Federal, State, local, and tribal government entities, allies, non-governmentalorganizations, treaty and private sector organizations, and territorial mission partners on a globalscale, and supports the full range of military operations, including humanitarian assistance anddisaster relief. All Combatant Commands (CCMD) require network interoperability with missionpartners to optimize cooperation with a multi-national force. MPE will enable rapid formation ofCommunities of Interest (COIs) through all phases of military operations and for training andexercises. MPE will provide mission partners access to a set of core services and operationaltools for modernized mission execution.ConnectivityEnsure National Leadership Command Capabilities (NLCC) AssuredConnectivity_270e5022-afbd-11e9-a8f7-f6f9ed84a5a71.6The NLCC will provide diverse, accurate, integrated, survivable, secure,and timely assured communication pathways that allow national leadership to execute nationaland military command responsibilities. PNTEnhance the Delivery and Protection of Positioning, Navigation, and Timing(PNT)_270e513a-afbd-11e9-a8f7-f6f9ed84a5a71.7Ensure positioning, navigation, and timing (PNT) availability andaccess. Precision strike, navigation, and network synchronization are dependent on the accuracyand dissemination of PNT signals predominantly provided at the present time by the GlobalPositioning System (GPS) and terrestrial atomic clocks. Improving the capability of the JointForce (and Allies as appropriate) to operate in a GPS-denied or GPS-degraded environmentrequires a two-pronged effort: 1) decrease reliance on GPS-centric solutions by using ModularOpen Systems Approaches (MOSA) to incorporate promising alternative/complementary PNTcapabilities into Joint Force PNT devices; and 2) As improvements become operationallyavailable, increase military GPS resilience by incorporating modernized GPS satellite, control,and user equipment capabilities. The strategy elements within this objective support all threeDepartment strategic goals: Increase Lethality, Develop Alliances, and Reform BusinessPractices. DISNModernize Defense Information Systems Network (DISN) TransportInfrastructure_270e5248-afbd-11e9-a8f7-f6f9ed84a5a71.8The promised benefits from cloud computing, big data analytics,mobility, IoT, increased automation, and cognitive computing can only be fully realized with asuitable network. Modernization of the DISN is necessary to improve performance, capability,capacity, agility, and security, while reducing cost and complexity. Greatly enhanced bandwidthcapacity and increased network resiliency support use of DoD-wide services and consolidation ofcritical IT systems, applications, and services from local installations to core data centers and theDoD enterprise cloud environment. Convergence on Everything over Internet Protocol (EoIP)and demand for information services, such as streaming video and real-time collaborationcapabilities, are further driving transport infrastructure bandwidth capacity and Quality ofService requirements. Modernization initiatives underway will drastically reduce the number ofnetwork connections needed at any given Base/Post/Camp/Station (B/P/C/S) by consolidating toan all-IP infrastructure sharing a common network connection that can be virtualized for specificmission needs and cybersecurity protection. Significant efficiencies will be gained by migrating to a standardized set of protocols and network connection types, requiring fewer hardware typesto operate, maintain, and refresh. The Joint Regional Security Stack (JRSS) improves mid-pointnetwork security, reduces attack surface, and improves situational awareness. Furthermore, itprovides failover, diversity, mitigation, and resilient cybersecurity capabilities as a means toassure timely delivery of critical information to warfighters around the globe.Networks & ServicesModernize and Optimize DoD Component Networks and Services_270e5374-afbd-11e9-a8f7-f6f9ed84a5a71.9In order to achieve a modernized and effective force, the Departmentneeds to consolidate and streamline capability delivery to support an evolving missionenvironment. The Department requires a secure, consistent, and cost efficient network to conductoperations and business functions. Modernization of the DoD IT infrastructure requires a focuson network and service optimization that converges DoD networks, Service Desks, andNetwork/Service Operation Centers into a consolidated, secure, and effective environmentcapable of addressing current and future mission objectives. Standardizing and modernizing theIT infrastructure and services eliminates unnecessary systems and allows the Department tofocus finite resources across fewer areas, ultimately shrinking the Department's threat surface incyberspace. Additionally, this convergence should yield reduced facility utilization. The initialphase of this effort includes Fourth Estate organizations, with the objective to reduce the numberof networking environments, move to a single service provider, and size the number of NetworkOperations Centers/Security Operations Centers (NOCs/SOCs) for greatest efficiency andeffectiveness.AISR DTProvide End-to-End Airborne Intelligence, Surveillance, and Reconnaissance(AISR) Data Transport (DT)_270e5496-afbd-11e9-a8f7-f6f9ed84a5a71.10Develop programmed capabilities and non-material processes to provideend-to-end AISR DT capabilities to globally dispersed strategic, operational, and tacticalconsumers (DoD and mission partners) at the time, place, quantity, and quality they require.AISR DT capabilities are defined as the signal transmission systems and processes required tomove data from airborne platforms to required data consumers at the point of need. In support ofJoint Requirements Oversight Council (JROC) tasking,5 DoD has established an AISR DTexecutive steering function and a joint Integration Task Force to provide direction fordevelopment of AISR transport capabilities and processes throughout the systems developmentlifecycle. Information SharingImprove Information Sharing to Mobile Users_270e55c2-afbd-11e9-a8f7-f6f9ed84a5a71.11Mobile UsersThe ongoing evolution of computing technology to mobile devicesoffers unprecedented opportunities to advance the operational effectiveness of the DoD. Throughfaster access to information and computing power from any location, field units will be able tomaneuver in unfamiliar environments with real-time mapping and data overlay capabilities;friendly forces will be identified with greater accuracy; engineers and technicians will havestreamlined identification and ordering of mechanical parts; and military healthcare providerswill be able to better diagnose injuries and remotely access lab results while away from hospitalpremises. Additionally, by enabling real-time access to important management and productivitytools (e.g., e-mail, collaboration), warfighter support functions will be able to more effectivelymanage the business of the DoD. The end result of enhanced enterprise mobility will be:• Increased availability and use of secure, mobile, wireless platforms across theDepartment - including within D-DIL circumstances• Access to multiple classification levels of plug and play using authorized governmentdevices with minimal configuration EMSOEvolve the DoD to Agile Electromagnetic Spectrum Operations (EMSO)_270e5702-afbd-11e9-a8f7-f6f9ed84a5a71.12Develop a resilient, secure, and adaptive tactical IT infrastructurecapable of operating within a contested, congested, and operationally limited EMS environmentfor Joint EMSO sensing, planning, management, and execution in order to enable U.S.dominance in all warfighting domains. DoD CIO will collaborate with DoD Components (e.g.,OUSD(R&E), MILDEPS, Combatant Commands) to support achievement of this objective.StandardsDrive Standards into DoD IT Systems_270e5838-afbd-11e9-a8f7-f6f9ed84a5a71.13As required by Section 909 of the NDAA for FY2018, the DoD CIOwill lead development, implementation, and enforcement of an IT, networking, and cybersecuritystandards process for the Department. DoD CIO will collaborate with Department stakeholders,such as OUSD(A&S), OUSD(R&E), and Joint Staff, in assessment and revision of the currentprocesses, governance, policy, and standards. As part of this process, guidance for leveragingNorth Atlantic Treaty Organization (NATO) Standardization Agreements (STANAGs), as wellas commercial and governmental standards, will be provided. A critical desired outcome of thisoverall effort is increased interoperability. The DoD CIO envisions opportunities for synergy between compliance with standards and the Department’s overall digital modernization efforts. Efficiency & CapabilitiesOptimize for Efficiencies and Improved Capability_270e59be-afbd-11e9-a8f7-f6f9ed84a5a72Delivering IT capabilities with greater efficiency and performance requires theDepartment to reform the way it operates. In particular, the evaluation and implementation ofsuitable industry best current practices and proven technologies must be greatly accelerated, andoversight of IT spending must be improved. The objectives in this goal include shifting to anenterprise-wide operations and defense model; right-sizing DoD data centers; optimizing officeproductivity and collaboration capabilities, optimizing voice and video capabilities; improvingpurchasing through enterprise agreements; strengthening partnerships with industry; andstrengthening IT financial management and accountability.Mission Impact: This goal supports reform of the Department’s business practices (NDBOPGoal #3). It accomplishes this through such means as deploying shared and DoD-wide services;rationalizing DoD applications and systems for migration into core data centers, componententerprise data centers, and the DoD enterprise cloud environment; streamlining the technologyapproval process; and strengthening IT financial decision making. Enterprise-Wide ModelShift from Component-Centric to Enterprise-Wide Operations and DefenseModel_270e5bbc-afbd-11e9-a8f7-f6f9ed84a5a72.1Shifting from Component Centric to Enterprise Network Operations willprovide the capabilities necessary to enable operations centers - responsible for executingDODIN Operations and Defensive Cyber Operations-Internal Defense Measures (DCO-IDM)activities - to more effectively and efficiently secure, operate, and defend the DODIN. Thevision is to ensure that DoD military commanders, civilian leadership, warfighters, coalitionpartners, and other authorized non-DoD mission partners have access to information and dataprovided in a secure, reliable, and agile DoD-wide information environment to enable C2 offorces performing cyberspace operations. The JIE Management Network enables operationscenters to securely manage the DODIN and its elements. A fully converged DODIN IT ServiceManagement solution is envisioned to support change management, configuration management,asset management, knowledge management, and service level management. Data CentersOptimize DoD Data Centers_270e5cde-afbd-11e9-a8f7-f6f9ed84a5a72.2DoD Data CentersIn accordance with Federal guidance,6 DoD is optimizing theDepartment's data center facility footprint and the management and operation of those facilities.Ultimately, DoD's Information Enterprise will consist of a streamlined number of data centersthat effectively and efficiently meet DoD's broad range of missions—from recruiting toacquisition management to command and control. As part of the optimization process,Installation Processing Nodes must be re-designated as Closing, an Installation Service Node, aSpecial Purpose Processing Node, or a Component Enterprise Data Center. The re-designationwill be driven by an assessment of the systems and applications (if any) which must remain.DoD will migrate applications and systems to select data centers; optimize select data centers forperformance first, then cost; and consolidate data centers where practical.Productivity & CollaborationOptimize DoD Office Productivity and Collaboration Capabilities (ECAPSCapability Set 1)_270e5e14-afbd-11e9-a8f7-f6f9ed84a5a72.3DoD's cloud strategy is a main component in the overall efforts tomodernize the Department's information technology, with the objective of achieving aDepartment-wide enterprise cloud computing ecosystem. As an integral part of that strategy, theDefense Enterprise Office Solution (DEOS) will enable the Department to improveinteroperability and enhance cybersecurity across DoD operational boundaries. DEOS will putcollaboration and productivity capabilities in the hands of every DoD employee and warfighterto more effectively and efficiently accomplish their missions. DEOS will offer an interoperablesolution for timely and seamless collaboration and information-sharing across operational boundaries and including D-DIL environments. DEOS is the first capability set solution withinthe DoD Enterprise Collaboration and Productivity Services (ECAPS) portfolio.Voice & VideoOptimize DoD Voice and Video Capabilities (ECAPS Capability Sets 2 & 3)_270e5f7c-afbd-11e9-a8f7-f6f9ed84a5a72.4Modernizing existing voice and video capabilities is critical for theDepartment to achieve integrated and seamless DoD-wide communication in an effective andfinancially sound way. Existing DoD voice and video services are largely outdated. They includea mix of obsolete circuit-based switch systems and video technology reliant on non-IP transportthat is being phased out by commercial carriers. Eliminating these systems and transitioning toan integrated IP environment across Components will allow DoD to: 1) Optimize voice andvideo service, and 2) Effectively manage operating costs as commercial carriers escalatesustainment costs for remaining non-IP service. The DoD will also close a significant operationalgap in current 9-1-1 capabilities and enhance force protection with the implementation of theNext-Generation 9-1-1 (NG911) national standard. Once implemented, that standard will operateon IP-enabled emergency networks - allowing constituents on DoD installations to make a 9-1-1"call" from any communication device in any mode (e.g., voice, text, or video) - and provideinteroperability with civilian mission partners.Category ManagementImprove IT Category Management_270e60c6-afbd-11e9-a8f7-f6f9ed84a5a72.5Category management is an approach the Federal Government isapplying to eliminate redundancies, increase efficiency, and deliver savings from acquisitionprograms. DoD is aligning its IT Category Management with the Federal IT CategoryManagement efforts by pursuing strategic sourcing (e.g., enterprise license agreements (ELA))for the acquisition of commercial IT software, hardware, services, and telecommunications. DoD’s IT Category Management is designed to save time and money by leveraging commercialIT requirements across DoD Components to negotiate more favorable terms in purchasingagreements and maximize discounts through enterprise volume purchasing solutions.The result of IT Category Management will be:• Decreased procurement overhead costs by reducing the number of duplicativecommercial IT purchasing vehicles• Reduced procurement costs by consolidating orders for common commercial IT• Lower unit costs for common commercial IT goods and services by maximizingdiscounts through enterprise purchasing solutions• Reduced costs of procuring and maintaining underutilized IT assets by improving assetvisibility to reduce excess inventories• Improved IT contract and license terms and conditions by using a qualified IT acquisitionworkforce to align enterprise agreements with DoD requirements• Utilization of enterprise acquisition vehicles that enable the DoD to leverage economiesof scale• Improved product support services by including terms for minimum service levels forapplicable commercial support services in enterprise agreementsTechnology DeploymentImprove Rapid Technology Deployment Processes_270e621a-afbd-11e9-a8f7-f6f9ed84a5a72.6One persistent challenge for DoD has been that acquisition processeshave kept the Department from being able to adopt new technology in a timely manner. DoDwill bring new technology in house much faster through three approaches: streamlining thetechnology approval process, leveraging innovative technology development practices such asDigital Engineering, and leveraging approved processes such as Other Transactional Agreements(OTAs). All of these approaches will enable the Department to reap the benefits of greaterefficiency and security.Financial ManagementStrengthen IT Financial Management Decision Making and Accountability_270e64f4-afbd-11e9-a8f7-f6f9ed84a5a72.7The Component Financial Improvement Plans (FIPs), when summarizedcollectively, compose the Department's Financial Improvement and Audit Readiness (FIAR)Plan. The DoD Components' FIPs are prepared and executed in accordance with FIAR Guidanceissued by the Office of the Under Secretary of Defense (Comptroller) (OUSD(C)). The FIARGuidance provides the strategy and standard methodology, as well as the step-by-step approachfor discovery and evaluation; documenting, testing, and strengthening controls; and achieving anaudit ready systems environment.Existing and future systems will need to satisfy joint general and application level controlrequirements identified in the FIAR Guidance and the Federal Information System ControlsAudit Manual (FISCAM). In addition, Departmental investments made in Internal Use Software,purchased (Commercial Off the Shelf (COTS)) or internally developed, must be accounted for ina manner that addresses financial statement auditability requirements.To strengthen IT financial management and oversight, the FY2018 NDAA requires the DoD CIOto review each military department's and each Defense Agency's proposed budget against theresponsibilities outlined in Title 10 USC 142(b) paragraph (1) and submit to the Secretary ofDefense a report containing the comments of the CIO with respect to all such proposed budgets,together with the certification of the CIO regarding whether each proposed budget is adequate.CybersecurityEvolve Cybersecurity for an Agile and Resilient Defense Posture_270e665c-afbd-11e9-a8f7-f6f9ed84a5a73The scope, pace, and sophistication of malicious cyberspace activitycontinues to rise globally. Growing dependence on the cyberspace domain for nearly everyessential civilian and military function makes this an urgent issue that must be addressed. DoDovermatch in conventional and strategic weaponry may be overcome through sophisticatedattacks within cyberspace, supply chain exploitation across the acquisition and sustainmentlifecycle, and intelligence operations targeting insiders with access. The Department must adopta "Cyber First, Cyber Always"7 mindset and be prepared to defend DoD systems in a contestedcyberspace. Every network, system, application and enterprise service must be secure by design,with cybersecurity managed throughout the acquisition lifecycle. The Department will maintain system confidentiality, integrity, and availability by defending against avenues of attack used bysophisticated adversaries.Mission Impact: This goal secures the information technologies and data that enable the JointForce to gain information advantage, strike at long distance, and exercise global command andcontrol. It supports all three NDBOP goals (Increase Lethality, Strengthen Alliances, ReformBusiness Practices) and the cybersecurity-focused objectives of the DoD Cyber Strategy. Itachieves efficiencies by reforming the DoD Risk Management Framework; delivers capabilitiesto preserve the US military competitive advantage and assure mission completion; andstrengthens collaboration with interagency, international and industry partners. ArchitectureTransform the DoD Cybersecurity Architecture to Increase Agility andStrengthen Resilience_270e67b0-afbd-11e9-a8f7-f6f9ed84a5a73.1The Department’s approach to cybersecurity is documented in the DoDCybersecurity Reference Architecture (CSRA), which guides and constrains how networkboundaries, mobile and fixed end points, and data are protected. The DoD CSRA is developed incollaboration with DoD Component stakeholders (e.g., OUSD(R&E), DISA, NSA, MILDEPS,Combatant Commands). It reflects key cybersecurity principles: isolation, containment,redundancy, layers of defense, least privilege, situational awareness, and physical/logicalsegmentation of networks, services, and applications. The resulting protections contribute to aresilient defense posture and achievement of three cybersecurity objectives:• The DODIN - to include the data on the network - is defended as a virtual singleinformation environment through the use of common processes and capabilities.• Cyberspace-defenses sense and respond to external and internal threats and takeappropriate remediation. mitigation. and restoration actions.• Command and control of forces that operate on the DODIN is supported by sharedcybersecurity situational awareness of the network as a whole. IT security findings areshared and reused throughout the Department to the greatest extent practical.ICAMDeploy an End-to-End Identity, Credential, and Access Management (ICAM)Infrastructure_270e6972-afbd-11e9-a8f7-f6f9ed84a5a73.2DoD must promote implementation of enterprise ICAM to support rapidaccess to mission information, strengthen responsible information sharing and attribution withallies and partners, and support greater effectiveness and efficiency through mobile adoption andmigration to the cloud. ICAM encompasses the full range of activities related to creation ofdigital identities and maintenance of associated attributes, credential issuance for person/nonperson entities, authentication using the credentials, and making access management controldecisions based on authenticated identities and associated attributes. ICAM creates a secure andtrusted environment where any user can access all authorized resources (including applicationsand data) to have a successful mission, while also letting DoD know who is on the network atany given time. Among its benefits, ICAM also supports correction of weaknesses reported inthe notification of findings and recommendations (NFR) from the 2018 defense-wide financialaudit. Unclassified Networks & SystemsProtect Sensitive DoD Information and Critical Programs and Technologieson Defense Industrial Base (DIB) Unclassified Networks and Information Systems_270e6ada-afbd-11e9-a8f7-f6f9ed84a5a73.3DoD relies on the Defense Industrial Base to develop advancedtechnologies and warfighting capabilities. Adversaries exploit DIB unclassified internal networksand information systems, stealing sensitive information in order to kill, counter, or clone DoD'swarfighting capabilities before they are delivered to DoD. To improve the safeguarding of thisinformation, DoD CIO, OUSD(A&S), OUSD(R&E), the Principal Cyber Advisor, and otherstakeholders are collaborating on a multipronged approach that incorporates voluntarycyberspace threat information sharing, mandatory cybersecurity standards for defense contractorunclassified internal information systems and networks, and cybersecurity reporting of incidentsthat affect DoD controlled unclassified information on defense contractor unclassified internalinformation systems and networks.DoD CIO is a key stakeholder in the implementation of the Defense Federal AcquisitionRegulation Supplement (DFARS) 252.204-7012, "Safeguarding Covered Defense Informationand Cyber Incident Reporting" requiring industry to implement adequate security for theirinformation systems that process DoD controlled unclassified information, including at aminimum the security requirements in National Institute of Standards and Technology (NIST)Special Publication (SP) 800-171, Protecting Controlled Unclassified Information in NonfederalSystems and Organizations.DoD CIO also oversees the DIB Cybersecurity (CS) Program. The DIB CS Program is DoD’spublic-private cybersecurity threat collaboration partnership through which classified andunclassified cybersecurity threat information is shared with DIB participants. The DoD CyberCrime Center (DC3) is the operational focal point for the program, analyzing cybersecuritythreats, developing a common operational threat picture, and sharing mitigations with industry,DoD, and interagency partners. DC3 is also the designated single DoD focal point for receivingall cybersecurity incident reporting affecting unclassified networks of DoD contractors fromindustry and other government agencies.OUSD(A&S) is utilizing pathfinders to assure DIB cybersecurity requirements and expandcybersecurity threat information sharing to non-cleared defense contractors. These pathfinderswill examine (1) a standard cybersecurity maturity model certification for DIB companies,(2) external cybersecurity validation of DIB companies with on-premise Controlled UnclassifiedInformation (CUI) data through commercial 3rd party companies, and (3) internal cybersecurityvalidation of DIB company volunteers with off-premise CUI data in commercial clouds throughFFRDC and UARC partners.Risk ManagementReform DoD Cybersecurity Risk Management Policies and Practices_270e6c6a-afbd-11e9-a8f7-f6f9ed84a5a73.4DoD will reform its cybersecurity risk management policies andpractices to be more effective, yet responsive to the needs of the warfighter. DoD’s riskmanagement approach requires prioritizing critical systems and assets; identifying and mappingmission risks; and tailoring cybersecurity implementation to mission dependencies. Furthermore,increasing dependence on commercial technologies and services (e.g. commodity IT, IndustrialControl Systems, cloud services), coupled with the interdependent nature of cyberspace, requiresmore robust engagement to increase international cooperation, pro-actively shape standards,expand the use of software and hardware assurance methods, and address global supply chainrisks. Finally, the DoD Risk Management Framework process will be reformed to improveeffectiveness and efficiency, while ensuring it does not unnecessarily hinder the developmentand deployment of systems supporting the warfighter.Digital WorkforceCultivate Talent for a Ready Digital Workforce_270e6e04-afbd-11e9-a8f7-f6f9ed84a5a74Digital WorkforceCompetition for high quality, experienced digital workforce personnel isconstant and increasingly aggressive. The Department of Defense is one of the three largestmarkets for this talent in the United States due to its size, its continuous adoption and adaptationof technology, and its extensive mission requirements. Critical national infrastructure protectionin particular is a global growth industry.DoD is executing a new Functional Community Maturity Model for management of DoDcivilians. The DoD CIO will implement this model for elements of the Cyber Workforce andexpand implementation of more agile recruiting, training, and retention capabilities throughexpansion of the Cyber Excepted Service personnel system, incentives, and local supplements.Work continues on development of baseline qualification requirements for over 50 cyber workroles. This will provide the workforce with a common understanding of the concepts, principles,and applications of cyberspace functions to enhance interoperability across organizational linesand mission sets.Mission Impact: Accomplishing this goal will produce an appropriately sized workforce ofwell-trained, highly qualified professionals to support and defend the DoD InformationEnterprise. It will also develop an agile and responsive workforce management system capableof meeting the Department's current and emerging cyberspace mission requirements. This goalprimarily supports rebuilding military readiness and increasing the lethality of the Joint Force(NDBOP Strategic Goal #1).Cyber Functional CommunityStrengthen Cyber Functional Community Management_270e6f80-afbd-11e9-a8f7-f6f9ed84a5a74.1Cyber Functional CommunityImprove business practices to promote strategic management anddevelopment of the civilian cyber workforce.Acquisition WorkforceStrengthen the IT Acquisition Workforce_270e7110-afbd-11e9-a8f7-f6f9ed84a5a74.2Acquisition WorkforceDevelop and sustain a cyber workforce cadre skilled in the applicationof strategic planning processes and agile acquisition capabilities for the attainment of secure technologies and software.Cyber WorkforceEnhance Cyber Workforce Recruiting, Retention, Education, Training, andProfessional Development_270e7322-afbd-11e9-a8f7-f6f9ed84a5a74.3Cyber WorkforceIn 2018, DoD commenced conversion to a new, more agile personnelprogram developed specifically for the Cyber Workforce. This program will continue to expandin functionality and scope as additional organizations and individuals convert to Cyber ExceptedService, providing hiring managers with greater options for sourcing candidates and the ability tooffer more competitive compensation packages. A new Cyber Workforce Qualification Programis also under development which incorporates flexible attainment of credentials andperformance-based assessments to achieve a DoD-wide standard baseline of cyberspacecapabilities. 2019-07-122023-09-302019-07-25https://media.defense.gov/2019/Jul/12/2002156622/-1/-1/1/DOD-DIGITAL-MODERNIZATION-STRATEGY-2019.PDFOwenAmburOwen.Ambur@verizon.net