Actions Required to Comply With Title 40 U.S.C. Subtitle III
|
Applicable Program Documentation1
|
Applicable Milestone
|
Regulatory Requirement
|
1. Make a determination that the acquisition supports core, priority functions of the Department. 2
|
ICD Approval
|
Milestone A
|
CJCSI 3170.01
|
2. Establish outcome-based performance measures linked to strategic goals. 2
|
ICD, CDD, CPD and APB approval
|
Milestone A, B & C
|
CJCSI 3170.01
DoDI 5000.02
|
3. Redesign the processes that the system supports to reduce costs, improve effectiveness and maximize the use of COTS technology. 2
|
Approval of the ICD, Concept of Operations, AoA, CDD, and CPD
|
Milestone A, B & C
|
CJCSI 3170.01
DoDI 5000.02
|
4. Determine that no Private Sector or Government source can better support the function. 3
|
Technology Development Strategy
Acquisition Strategy page XX, para XX
AoA page XX
|
Milestone A
Milestone B
|
CJCSI 3170.01
DoDI 5000.02
|
5. Conduct an analysis of alternatives. 3
|
AoA
|
For MAIS:
Milestone A & B, & FRPDR (or their equivalent)
For non-MAIS: Milestone B or the first Milestone that authorizes contract award
|
DoDI 5000.02
|
6. Conduct an economic analysis that includes a calculation of the return on investment; or for non-AIS programs, conduct a Life-cycle Cost Estimate (LCCE). 3
|
Program LCCE
Program Economic Analysis for MAIS
|
Milestone A & B
|
CJCSI 3170.01
DoDI 5000.02
|
7. Develop clearly established measures and accountability for program progress
|
Acquisition Strategy page XX
APB
|
Milestone B
|
DoDI 5000.02
|
8. Ensure that the acquisition is consistent with the Global Information Grid policies and architecture, to include relevant standards
|
APB (Net-Ready KPP)
ISP (Information Exchange Requirements)
|
Milestone A, B & C
|
CJCSI 6212.01
DoDI 5000.02
|
9. Ensure that the program has an information assurance strategy that is consistent with DoD policies, standards and architectures, to include relevant standards
|
Acquisition Information Assurance Strategy
|
Milestone A, B, C, FRPDR or equivalent*****
|
DoDI 5000.02
DoDD 8580.01
|
10. Ensure, to the maximum extent practicable, (1) modular contracting has been used, and (2) the program is being implemented in phased, successive increments, each of which meets part of the mission need and delivers measurable benefit, independent of future increments
|
Acquisition Strategy page XX
|
Milestone B or the first Milestone that authorizes contract award
|
DoDI 5000.02
|
11. Register Mission-Critical and Mission-Essential systems with the DoD CIO 4/5
|
DoD IT Portfolio Repository
|
Milestone B,
Update as required
|
DoDI 5000.02
|
Title 40/CCA Compliance Table Notes:
1. The system documents/information cited are examples of the most likely but not the only references for the required information. If other references are more appropriate, they may be used in addition to or instead of those cited. Include page(s) and paragraph(s), where appropriate.
2. These requirements are presumed to be satisfied for Weapons Systems with embedded IT and for Command Control Systems that are not themselves IT systems.
3. These actions are also required in order to comply with Section 811 of Public Law 106-398 (Reference (ag)).
4. For NSS, these requirements apply to the extent practicable (Title 40 U.S.C. 11103, Reference (v)).
5. Definitions:
Mission-Critical Information System: A system that meets the definitions of "information system" and "national security system" in the Title 40/CCA (Reference (n)), the loss of which would cause the stoppage of warfighter operations or direct mission support of warfighter operations. (Note: The designation of mission critical shall be made by a Component Head, a Combatant Commander, or their designee. A financial management IT system shall be considered a mission-critical IT system as defined by the Under Secretary of Defense (Comptroller) (USD(C)).) A "Mission-Critical Information Technology System" has the same meaning as a "Mission-Critical Information System."
Mission-Essential Information System: A system that meets the definition of "information system" in Reference (n), that the acquiring Component Head or designee determines is basic and necessary for the accomplishment of the organizational mission. (Note: The designation of mission essential shall be made by a Component Head, a Combatant Commander, or their designee. A financial management IT system shall be considered a mission-essential IT system as defined by the USD(C).) A "Mission-Essential Information Technology System" has the same meaning as a "Mission-Essential Information System."
5. Only unclassified data may be entered into DoD Information Technology Portfolio Repository. If the information about the system being registered is classified up to SECRET collateral level, the system should be registered with the DoD CIO by entering it into the DoD Secret Internet Protocol Router Network IT Registry.
|