Information Technology

Jump To:
Image

Open Recommendations

DOD Software Licenses: Better Guidance and Plans Needed to Ensure Restrictive Practices Are Mitigated

GAO-23-106290
Sep 12, 2023
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Defense The Secretary of Defense should direct the DOD CIO, in coordination with ESI, to update and implement guidance and plans to fully address identifying, analyzing, and mitigating the impacts of restrictive software licensing practices on cloud computing efforts. (Recommendation 1)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Cloud Computing: DOD Needs to Improve Tracking of Data User Fees

GAO-23-106247
Sep 12, 2023
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Defense The Secretary of Defense should direct the DOD Chief Information Officer to develop a plan and time frame for adopting a tool to track and report cloud data egress fees across the department. (Recommendation 1)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Information and Communications Technology: DOD Needs to Fully Implement Foundational Practices to Manage Supply Chain Risks

GAO-23-105612
May 18, 2023
Show
3 Open Recommendations
Agency Affected Recommendation Status
Department of Defense The Secretary of Defense should direct the DOD CIO to commit to a time frame to fully implement an agency-wide ICT SCRM strategy, including how the department will assess, respond to, or monitor ICT supply chain risks across the life cycle of ICT products and services. (Recommendation 1)
Open
The Department of Defense (DOD) concurred with this recommendation and, in comments on the draft report, described plans to address this recommendation. Specifically, the DOD identified actions it is taking to finalize a document (the DOD Chief Information Officer's internal information and communications technology (ICT) supply chain risk management (SCRM) strategy) in April 2023. That document is intended to be the basis for a DOD enterprise-wide ICT SCRM strategy. DOD expects to finalize the draft of its enterprise-wide strategy in September 2023. We will continue to monitor the department's actions to address this recommendation.
Department of Defense The Secretary of Defense should direct the Undersecretary of Defense for Acquisition and Sustainment and the DOD CIO to commit to a time frame to fully implement a process to conduct SCRM reviews of potential suppliers. (Recommendation 2)
Open
The Department of Defense (DOD) concurred and, in its response, identified several key policies it is in the process of updating to incorporate relevant policies and procedures, as appropriate. Specifically, DOD indicated it was updating DOD Instruction (DODI) 5200.44, "Protection of Mission Critical Functions to Achieve Trusted Systems and Networks (TSN)" and intended to update DODI 5000.82, "Acquisition of Information Technology (IT)". The department stated that it would also update other DOD policy documents as needed to address all departmental information and communications technology acquisition. We will continue to monitor the department's actions to address this recommendation.
Department of Defense The Secretary of Defense should direct the Undersecretary of Defense for Acquisition and Sustainment and the DOD CIO to commit to a time frame to fully implement organizational counterfeit detection procedures for products prior to deployment. In doing so, the department should take into consideration the results of its pilot efforts of applicable tools. (Recommendation 3)
Open
The Department of Defense (DOD) concurred with the recommendation and, in comments on the draft report, described actions DOD planned to take to address the recommendation. For example, the department noted that it expects the completion of its pilot efforts to evaluate various ICT counterfeit detection tools and development of related policies and procedures in fiscal year 2023. DOD expects to incorporate those policies and procedures into department-wide policy by the end of March 2024. We will continue to monitor the department's actions to address this recommendation.

Software Acquisition: Additional Actions Needed to Help DOD Implement Future Modernization Efforts

GAO-23-105611
Apr 05, 2023
Show
4 Open Recommendations
Agency Affected Recommendation Status
Department of Defense The Secretary of Defense should ensure that, as the Software Modernization SSG and other relevant entities develop performance measures for future software modernization efforts, these measures incorporate GAO's key attributes of successful performance measures, to the extent appropriate, to track progress towards achieving agency goals. (Recommendation 1)
Open – Partially Addressed
The Department of Defense (DOD) agreed with our recommendation. In March 2023, DOD published its Software Modernization Strategy implementation plan. Among other things, the implementation plan outlines tasks associated with the February 2022 Software Modernization Strategy goals and includes current and proposed metrics for assessing some of these tasks. The proposed metrics largely align with elements of GAO's key attributes for successful performance measures. However, the implementation plan also notes the need to develop additional measures for certain tasks moving forward. It is too soon to tell whether these additional measures would incorporate key attributes of successful performance measures. Additionally, DOD has yet to publish the Software Science and Technology Strategy implementation plan, which DOD noted will establish performance measures to track progress towards achieving Software Science and Technology Strategy goals, DOD stated that this implementation plan is in draft and will, among other things, establish and define metrics for outcome-oriented goals.
Department of Defense The Secretary of Defense should direct the USD(A&S), USD(R&E), and DOD CIO to identify the resources needed, such as staffing and funding, to lead DOD's software acquisition and development reform efforts, and to address any related deficiencies these officials identify. (Recommendation 2)
Open
The Department of Defense (DOD) partially concurred with our recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Defense The Secretary of Defense should fully identify roles and responsibilities for leaders throughout the department for carrying out reforms included in key software strategies. (Recommendation 3)
Open – Partially Addressed
The Department of Defense (DOD) agreed with our recommendation. In March 2023, DOD published its Software Modernization Strategy implementation plan. Among other things, the plan identifies tasks aligned with key Software Modernization Strategy goals as well as the offices of primary and collateral responsibility for carrying out these tasks. In the report, we acknowledge that assigning lead offices is an important element in implementation planning. Yet, DOD's efforts to date have yet to fully identify the specific roles and responsibilities of leaders involved in transformational software reforms. As we noted in our report, until DOD fully identifies the roles and responsibilities for these leaders, DOD will likely be challenged to hold officials in charge of DOD's transformation accountable for implementation.
Department of Defense The Secretary of Defense should ensure the USD(R&E) finalizes an implementation plan that includes key milestones and deliverables to track progress on implementing the Software Science and Technology Strategy. (Recommendation 5)
Open
The Department of Defense (DOD) agreed with our recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Defense The Secretary of Defense should direct the USD(A&S), USD(R&E), and DOD CIO to establish processes to collect the data necessary to effectively measure progress against outcome-oriented goals related to software modernization efforts. (Recommendation 6)
Open
The Department of Defense (DOD) partially concurred with our recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Defense The Secretary of Defense should ensure that, once the software workforce is identified, the USD(A&S), the Under Secretary of Defense for Personnel and Readiness, and other relevant entities, use that information to develop a department-wide strategic workforce plan that identifies strategies tailored to address gaps in the critical skills and competencies needed to achieve software modernization goals. (Recommendation 7)
Open
The Department of Defense (DOD) partially concurred with our recommendation. As of September 2023, DOD was still in the process of identifying the software acquisition workforce, a preliminary step that needs to be completed before a workforce plan can be developed. We will continue to monitor DOD's efforts in this area.
GAO Contacts