The latest version of the Defense Department-wide Enterprise Service Management Framework places more emphasis on managing IT risk.
Defense Department CIO Terry Halvorsen's latest guide to managing IT services puts the emphasis on risk management.
Defense Department CIO Terry Halvorsen has signed a third version of department-wide guidance for managing IT services.
The new edition of the DOD Enterprise Service Management Framework puts more emphasis on IT risk and performance management, Halvorsen wrote in an introduction to the framework.
DESMF is meant to be a scalable framework for IT service management at the Pentagon. It came into being because the DOD lacked "an integrated framework that encompasses best practices from multiple frameworks, provides guidance to establish the structure, documentation, and roles and responsibilities to plan, implement, monitor and improve [IT service management]," according to the document.
DESMF II, released last year, built on the first edition of the guidance by including all DOD IT assets and not just services owned or adjudicated by the Defense Information Systems Agency.
Halvorsen sees the DESMF as a means of identifying and eliminating "redundancy, inefficiency, and service quality deficiencies," he wrote in the introduction. In December, he issued a directive requiring defense agencies to use the DESMF as a baseline for measuring their IT performance.
DESMF III includes new models for measuring the quality of IT services and assessing the processes through which they're delivered, which Halvorsen said came at the request of David Cotton, the deputy CIO for information enterprise.
Charlie Tupitza, whose nonprofit Global Forum to Advance Cyber Resilience has followed DESMF's development, said the framework is a good opportunity for industry and government to build out a common IT management language.
DESMF's basic lexicon comes from the IT Infrastructure Library, which the framework describes as the most widely used in the world to support IT services management.
"The various branches of the DOD should maintain a cooperative approach to defining, accepting, and socializing this terminology," the framework states.
Tupitza welcomed that embrace of ITIL, adding that a challenge for contractors has been that some IT terminology can be open to interpretation. In Tupitza's view, the more opportunities there are for industry and government to hash out a common language the better.
Clarification: This story was updated to clarify that the Global Forum to Advance Cyber Resilience does not have an official role in DESMF's development.
NEXT STORY: FedRAMP Ready or FedRAMP Irrelevant?