Federal IT Modernization Report Recommendations
Thursday, June 28, 2018
Federal Information Technology IT Modernization

Related Practices & Jurisdictions
Print Mail Download i

This post is part of a continuing DBR on Data series on Executive Order 13800 and updates on its implementation a year after passage.

Strengthening federal information technology (IT) has been one of the priorities of the current administration, as outlined in the May 2017 Executive Order 13800. As summarized in our previous blog, the Director of the American Technology Council (ATC) was tasked, among other things, to coordinate the preparation of a report to the president regarding modernization of federal IT infrastructure. The draft report was made available for public comment in August, and finalized in December 2017. The final report’s implementation clock started on January 1, 2018.

Key recommendations of the report

The final report is structured around two major themes: “Network Modernization & Consolidation” and “Shared Services to Enable Future Network Architectures,” followed by a number of appendices detailing aspects relevant for implementation.

For the network modernization and consolidation, the report identified several objectives, such as “reduce the federal attack surface,” improve visibility and resilience against sophisticated attacks, and ensure that new technology can be used without sacrificing reliability or performance.  Accordingly, the implementation plan focused on the following three areas, with certain milestones required to be reached within the 30-, 60-, 90-, 120-, 150-, 180-, and 365-day period:

  • Prioritize the modernization of high-risk high value assets.
  • Modernize the trusted internet connections and national cybersecurity protection system program to enable cloud migration.
  • Consolidate network acquisitions and management.

With regard to shared services that would enable future network architectures, the report’s recommendations are as follows (each with a different milestones timeline):

  • Enable use of commercial cloud.
  • Accelerate adoption of cloud email and collaboration tools.
  • Improve existing and provide additional security shared services.

Enhanced use of commercial cloud is envisioned through:

  1. Vendor-owned and operated servers and applications (Software as a Service, SaaS).
  2. Vendor-owned and operated servers and government-operated applications with networks that utilize a secure connection (Infrastructure as a Service).

iii.  Government-owned data center buildings with vendor-owned and operated service.

  1. Vendor-owned and operated data centers with servers dedicated for government use.

Appendices provide guidelines for implementation

The report’s appendices provide guidelines for implementation. The following is a brief overview of each of the appendices:

Appendix A: Data-Level Protections and Modernization of Federal IT” discusses such issues as encryption of data in transit and at rest, multi-factor authentication, the least privilege principle, application whitelisting, mobile device security, and others.

Appendix B: Principles of Cloud-Oriented Security Protections” describes government-specific security needs, and potential ways to achieve appropriate protection.

Appendix C: Challenges to Implementing Federal Wide Perimeter-Based Security” focuses on cloud security and situational awareness, encrypted network traffic, overreliance on static signatures, use and value of classified indicators.

Appendix D: Acquisition Pilot: Change the Buying Strategy to Government-As-One-Purchaser” proposes creating “virtual street corners” for vendors of cloud applications and services, to encourage a robust marketplace for the government to reach into.

Appendix E: Legal Considerations” cites key Acts and statutes supporting the actions recommended by the report, including those related to privacy, homeland security, technology modernization, and fiscal aspects.

Appendix F: Summary of Recommendations” presents the report’s actionable recommendations in the form of a consolidated table and associated timelines for the specified milestones.

Appendix G: Summary of Comments Received” concludes the report, summarizing in just over two pages the public input received from over 100 commenters over the three-week period following the issuance of the draft report.

One year later

A year has passed since the issuance of the Executive Order 13800, and the half-year mark has just passed for the Federal IT Modernization report’s implementation plan.  Changes in IT-related processes and practices are sweeping through the government’s agencies and departments.  Their full impact still remains to be seen.  What is clear, however, is that much work still needs to be done, as documented, for example, in the just-released “Federal Cybersecurity Risk Determination Report and Action Plan.”  The IT modernization continues to be one of the top priorities on the President’s Management Agenda.

© 2024 Faegre Drinker Biddle & Reath LLP. All Rights Reserved.

Current Legal Analysis

More from Faegre Drinker

SCOTUS Denies Certiorari in Cases Concerning FCA Liability Requirement, Objective Falsity Circuit Split Remains Intact
by: Commercial Litigation Practice Group
Groundbreaking Fourth Circuit Decision Upholds Private Plaintiff’s Successful Effort to Unwind a Consummated Merger
by: Kathy L. Osborn , Emily E. Chow
Travel Bans and Quarantine Hotels: Traveling to the U.K. During COVID-19
by: Hodon Anastasi
TCPA Plaintiff Argues he wasn’t Injured in Attempt to Dodge Federal Jurisdiction
by: Marsha J. Indych , Renée M. Dudek
Silver Lining: COVID-19 Engagements Allow More Time for Premarital Financial Planning
by: Jaime A. Quick
Biden EPA Makes First Moves to Address PFAS in Drinking Water
by: Bonnie Allyn Barnett , Brandon W. Kirkham
Predicting the Enforcement Priorities of the Biden DOJ
by: Thomas J. Kelly , Daniel E. Pulliam
New York City Council Imposes Stricter Discipline Requirements on Fast Food Employers
by: Gerald T. Hathaway
Disclosure of Binding Arbitration Not Required In Consumer Warranties, Says Florida Supreme Court
by: Traci T. McKee , Lexi C. Fuson
FCC Order Causes Confusion Regarding Consent Required for Informational Calls to Residential Landlines
by: Matthew M. Morrissey

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins