Sprehe: FBI gets it right

The FBI has received a truckload of bad press recently. So it is a pleasure to dwell on some good news coming out of the agency. In May, the FBI received an Archivist's Achievement Award from the National Archives and Records Administration for its electronic recordkeeping certification project.

The project is modeled on a widely used certification and accreditation process for information technology security. All FBI systems that process federal information must be certified and accredited as complying with a specific records management standard.

To be compliant, a system must be able to export records and associated metadata to an electronic records management system within the agency that is certified under the Defense Department's 5015.2-STD. Alternatively, an electronic records management system certified under the DOD standard can be part of a larger IT system.

An FBI records officer and the IT system owner must work together to determine whether a system processes federal records. Just as with security certification and accreditation, an FBI system that handles federal records cannot receive the authority to operate until it is certified and accredited as an electronic recordkeeping system.

Initially, the FBI's rule is being applied to new IT systems, but eventually, the Records Management Division will apply the process to existing systems.

The process allows a system to receive interim authority to operate if it will take some time to carry out the changes required to make it compliant. Under the same process, a designated official can grant emergency authority to operate systems that need to be created quickly to deal with emergencies, such as the sniper attacks in the Washington, D.C., region in 2002.

Most agencies put the onus on the records officer to ensure appropriate handling of electronic records. The FBI's novel approach shifts much of the burden to the source of the information — the IT system that contains the records and the system's owner.

In the interest of full disclosure, I served as a consultant to the contractor that helped develop the FBI's project. All of the ideas for the process, however, originated in the bureau's Records Management Division.

I believe that the FBI has a superb idea that has value for every government agency. The idea is so good, in fact, that the Office of Management and Budget should consider incorporating it into everyone's favorite pest, OMB's Exhibit 300.

I recommend deleting the lines in Exhibit 300 under IT investments that pertain to electronic records and the Government Paperwork Elimination Act. That act has only limited applicability to public information collections. The Exhibit 300 form could be modified to ask: Does this investment implement electronic transactions or recordkeeping covered by the Federal Records Act? If so, is the system certified as being in compliance with 5015.2-STD?

That one change could largely solve the problem of capturing federal electronic records. Whether or not OMB acts on my suggestion, kudos to the FBI for developing and applying an effective way of managing federal records that are born digital.

Sprehe is president of Sprehe Information Management Associates in Washington, D.C. He can be reached at jtsprehe@jtsprehe.com.

The Fed 100

Read the profiles of all this year's winners.


  • Then-presidential candidate Donald Trump at a 2016 campaign event. Image: Shutterstock

    'Buy American' order puts procurement in the spotlight

    Some IT contractors are worried that the "buy American" executive order from President Trump could squeeze key innovators out of the market.

  • OMB chief Mick Mulvaney, shown here in as a member of Congress in 2013. (Photo credit Gage Skidmore/Flickr)

    White House taps old policies for new government makeover

    New guidance from OMB advises agencies to use shared services, GWACs and federal schedules for acquisition, and to leverage IT wherever possible in restructuring plans.

  • Shutterstock image (by Everett Historical): aerial of the Pentagon.

    What DOD's next CIO will have to deal with

    It could be months before the Defense Department has a new CIO, and he or she will face a host of organizational and operational challenges from Day One

  • USAF Gen. John Hyten

    General: Cyber Command needs new platform before NSA split

    U.S. Cyber Command should be elevated to a full combatant command as soon as possible, the head of Strategic Command told Congress, but it cannot be separated from the NSA until it has its own cyber platform.

  • Image from Shutterstock.

    DLA goes virtual

    The Defense Logistics Agency is in the midst of an ambitious campaign to eliminate its IT infrastructure and transition to using exclusively shared, hosted and virtual services.

  • Fed 100 logo

    The 2017 Federal 100

    The women and men who make up this year's Fed 100 are proof positive of what one person can make possibile in federal IT. Read on to learn more about each and every winner's accomplishments.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group