GAO faults some DOD IT assessments

Related Links

GAO Report

The Defense Department needs to improve how it assesses if efforts to modernize the department’s thousands of business systems comply with its overarching information technology architecture, according to government auditors.

The Government Accountability Office concluded that DOD’s internal process for assessing whether efforts to comply with the department’s federated Business Enterprise Architecture (BEA) is insufficient. In a report issued today, GAO makes several recommendations for how DOD should improve its guidance, assessment tool and approval processes to ensure that business system investments comply with the department’s overall IT design.

According to the findings, GAO examined two Navy programs, and found that, although the programs largely followed DOD’s compliance guidance, used DOD's  compliance assessment tool, and were certified, it remains unclear whether the modernization investments satisfy the department’s BEA, GAO said.
 
The assessments did not include all relevant information and were not required to do so by DOD guidance, the auditors found.  For example, the assessments did not examine how the systems complied with certain technical standards useful for system interoperability, potential areas where the programs duplicated other efforts, or assess whether the systems complied with aspects of the Navy’s enterprise architecture.

According to the report, DOD does not require assessments to cover these areas and the assessment tools are not configured to do so.

In addition, even though the assessments were certified as compliant with DOD’s BEA, each program’s compliance assessment was not validated by  certification entities. GAO said.

To ensure that business system modernization investments comply with DOD’s BEA, the department should:

• Revise the compliance assessment guidance to include data about relevant architecture data and to ensure that assessments are conducted to have a timely effect on the program.

• Use the program-specific data in the compliance assessment tool to check for potential overlaps and duplication of other programs.

•Explicitly assign responsibility for validating BEA compliance assertions.

DOD said it agreed with GAO’s recommendations and it will meet the intent of the recommendations in future versions of its compliance guidance, policies and methodologies as architectures mature.

About the Author

Ben Bain is a reporter for Federal Computer Week.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.