OMB floats new rules of the road for IT modernization


The Obama White House is offering new guidelines on how agencies should go about modernizing legacy IT systems.

The draft policy, released Oct. 27, comes from federal CIO Tony Scott and , Office of Management and Budget Director Shaun Donovan. It is a distillation of the modernization policy Scott and others in the administration have been pushing since the rollout of President Barack Obama's FY2017 budget, which included a $19 billion cybersecurity action plan and a $3.1 billion governmentwide revolving fund to support the estimated $12 billion in tech upgrades that agencies need over the next decade.

As the hack of the Office of Personnel Management databases showed all too clearly, the government runs many legacy systems that operate on outmoded operating systems that are hard to update and in many cases difficult or impossible to secure using two-factor authentication, encryption and other security methods.

While the Obama budget hasn't moved in the Republican-controlled Congress, a bill that authorizes governmentwide and agency-based modernization funds passed the House of Representatives in September. Sponsors of a related cloud computing adoption bill in the Senate are hoping to advance similar legislation during the lame duck session of Congress after the election.

Scott has said that the drive toward legacy IT modernization funds is already affecting federal policy, and the draft guidance from the White House is a prime example of that.

At an Oct. 13 event, Scott said, "CIOs have to create more of a demand signal for what needs to be replaced. Frankly, we haven't done a really good job at that. We haven't said, 'Here's how old it is, here's how big it is, or here's how much of it there is, or here are the risks associated with it.'"

The draft policy is all about giving CIOs a way to prioritize IT projects for access to modernization funds. The policy calls for agencies to update enterprise technology roadmaps, identify and prioritize key systems, and come up with plans to move those systems to the cloud or other secure, modern platforms.

"The Federal Government has a unique obligation to protect the information entrusted to it by the American people," Scott wrote in an Oct. 27 blog post announcing the new policy.

The draft asserts that "moving the Federal Government to modern infrastructure and cloud-based solutions is a fundamental necessity to building a digital government that is responsive to citizen needs and secure by design."

Agencies were required to submit enterprise roadmaps to OMB by the end of FY2016, in which officials were asked to identify systems that could move to the cloud or to shared services. Now agencies are being asked to offer at least three likely candidates for modernization or retirement, including one project that could be executed within a year.

OMB is looking for agencies to prioritize systems that run on out-of-support software, are linked to previous security incidents, have documented deficiencies, have problems maintaining valid data as required under federal rules, offer the prospect of functional upgrades or could lead to substantial savings.

The public has 30 days to comment on the draft.


About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


  • Workforce
    Shutterstock image 1658927440 By Deliris masks in office coronavirus covid19

    White House orders federal contractors vaccinated by Dec. 8

    New COVID-19 guidance directs federal contractors and subcontractors to make sure their employees are vaccinated — the latest in a series of new vaccine requirements the White House has been rolling out in recent weeks.

  • FCW Perspectives
    remote workers (elenabsl/

    Post-pandemic IT leadership

    The rush to maximum telework did more than showcase the importance of IT -- it also forced them to rethink their own operations.

Stay Connected