DOD updates enterprise services framework

Terry Halvorsen

Defense Department CIO Terry Halvorsen's latest guide to managing IT services puts the emphasis on risk management. 

Defense Department CIO Terry Halvorsen has signed a third version of department-wide guidance for managing IT services.

The new edition of the DOD Enterprise Service Management Framework puts more emphasis on IT risk and performance management, Halvorsen wrote in an introduction to the framework

DESMF is meant to be a scalable framework for IT service management at the Pentagon. It came into being because the DOD lacked "an integrated framework that encompasses best practices from multiple frameworks, provides guidance to establish the structure, documentation, and roles and responsibilities to plan, implement, monitor and improve [IT service management]," according to the document.

DESMF II, released last year, built on the first edition of the guidance by including all DOD IT assets and not just services owned or adjudicated by the Defense Information Systems Agency.

Halvorsen sees the DESMF as a means of identifying and eliminating "redundancy, inefficiency, and service quality deficiencies," he wrote in the introduction. In December, he issued a directive requiring defense agencies to use the DESMF as a baseline for measuring their IT performance.

DESMF III includes new models for measuring the quality of IT services and assessing the processes through which they're delivered, which Halvorsen said came at the request of David Cotton, the deputy CIO for information enterprise.

Charlie Tupitza, whose nonprofit Global Forum to Advance Cyber Resilience has followed DESMF's development, said the framework is a good opportunity for industry and government to build out a common IT management language.

DESMF's basic lexicon comes from the IT Infrastructure Library, which the framework describes as the most widely used in the world to support IT services management.

"The various branches of the DOD should maintain a cooperative approach to defining, accepting, and socializing this terminology," the framework states.

Tupitza welcomed that embrace of ITIL, adding that a challenge for contractors has been that some IT terminology can be open to interpretation. In Tupitza's view, the more opportunities there are for industry and government to hash out a common language the better.

Clarification: This story was updated to clarify that the Global Forum to Advance Cyber Resilience does not have an official role in DESMF's development.

About the Author

Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.

Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.

Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.

Nominate Today!

Nominations for the 2018 Federal 100 Awards are now being accepted, and are due by Dec. 23. 


Reader comments

Sun, Jul 3, 2016 Drew Jaehnig Fort Meade, Md

For Clarity though Charlie Tupitza and the Global Forum to Advance Cyber Resilience are a side organization and are being referenced by the DESMF working Group. They had no input into DESMF Edition III. The GFACR is a partner organization and is not involved in DESMF Edition IV development directly.

Fri, Jul 1, 2016 Charlie Tupitza Washington, DC

We are happy to have private and public organizations participate in our collaborative forums and focus groups using cyber resilience to enable your mission vs an expense later. The shift to the left to put cyber considerations in the strategy phase of any service consideration is critical. Taking advantage of the private and public sector, including the federal government, investments helps us move forward faster. Other current considerations of the Forum are the relationships between IT Service Management and: Cyber Security Framework, and Risk Management NIST SP 800-160 and its role in “Trustworthy Systems”, National Initiative for Cybersecurity Education (NICE), DevOps and Agile, Relationship of ITIL and COBIT Project Management and cyber resilient ITSM including Agile, Find us at and help with thought leadership.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group