Hill threatens to cut IT funds

Congress may cut off funding for some of the Defense Department's mission-critical information systems after March 31 unless the Pentagon's chief information officer can prove the department is managing the systems in compliance with the 1996 Clinger-Cohen Act.

That legislation was written to force agencies to minimize the risk associated with major acquisitions. It requires agencies to acquire information systems in stages while carefully gauging their cost and timeliness as well as ensuring that they support the agency's primary mission.

According to language buried in the fiscal 2000 Defense Department appropriations bill, signed into law Oct. 25 by President Clinton, DOD must "certify" that all its systems meet those requirements.

After March 31, "none of the funds appropriated in this act may be used for a mission-critical or mission-essential information technology system that is not registered with the chief information officer" of DOD, according to the law.

Congress is forcing DOD - and potentially all federal agencies - to file reports describing the five steps taken to ensure that systems comply with Clinger-Cohen: establishing performance measures, calculating return on investments, analyzing alternative systems, creating an information assurance strategy and employing business process re-engineering. "I believe that the intention is to ultimately have all IT systems certified as Clinger-Cohen compliant, meaning that we developed business cases, looked at outsourcing or commercial products, etc., before proceeding," said Marv Langston, DOD's deputy CIO. "I believe that this will also get applied to all federal agencies in the future."

Langston said DOD's strategy for complying with the law starts with the Pentagon's Year 2000 database, which DOD used to track the status of about 2,000 mission-critical and 6,000 noncritical systems. "This will likely cause some of these systems to be pulled from the list and others added, but in the end, I expect that we will have a validated IT systems list that is a large number - on the order of the 8,000 - that we have tracked for Y2K," Langston said. "All of this is a significant change to the way in which we have been doing IT system oversight within DOD."

According to an FCW survey this year, 19 of the 23 major agencies said they have begun to make the management changes that the law requires, but 17 agencies reported they have not conquered each of its basic mandates [FCW, May 17].

A member of the Information Technology Association of America said Congress' increased oversight will bog down the procurement system. "On the face of it, the congressional request seems entirely sensible and in line with good management practices," the source said. "However, I hate to see scarce DOD IT management time and dollars spent on the additional oversight burden that this will impose. If the five [requirements laid out by Congress] are documented thoroughly, the documentation cost will be far beyond its possible value. If the five [requirements] are reported on minimally, the documentation will be worthless."