This section provides an overview of the actions stipulated in the Title 40/CCA Compliance Table, which must be addressed and ultimately lead to confirmation of compliance of a MAIS or MDAP by the DoD CIO. The DoD Component Requirements Authority, in conjunction with the Acquisition Community, is accountable for requirements 1 through 5 of the table; the program manager (PM) is accountable for requirements 6 through 11.

The PM should prepare a table similar to Table 7.8.4.T1, above, to indicate which documents support the Title 40/CCA requirements. DoD Component CIOs should use those supporting documents to assess and confirm Title 40/CCA compliance. For in-depth coverage of each Title 40/CCA requirement, refer to the CCA Community of Practice as well as the links provided in subsections 7.8.6.1 through 7.8.6.11 and section 7.9.

7.8.6.1. Determining that the Acquisition Supports the Core, Priority Functions of the Department

Overview: This element of the Title 40/CCA asks if the function supported by a proposed acquisition is something the Federal government actually needs to perform; i.e., for the DoD, is the function one that we (DoD and/or its Components) must perform to accomplish the military missions or business processes of the Department?

For Warfare Mission Area and Enterprise Information Environment functions, this question is answered in the Joint Capabilities Integration and Development System (JCIDS) process. Before a functional requirement or new capability enters the acquisition process, the JCIDS process (See the JCIDS Manual) requires the Sponsor/Domain Owner (hereafter referred to as the “Sponsor”)to conduct a series of analyses. The result of these analyses is reported in an Initial Capabilities Document.

Ideally, these analyses will show that the acquisition supports core/priority functions that should be performed by the Federal Government. Moreover, the analysis should validate and document the rationale supporting the relationship between the Department's mission (i.e., core/priority functions) and the function supported by the acquisition.

Who is Responsible? The Sponsor with cognizance over the function leads the analysis work as part of the JCIDS processes.

Implementation Guidance: Ensure that the JCIDS analytical work addresses the Title 40/CCA question by establishing the linkage between the mission, the function supported, the capability gap and potential solutions. The following questions should be helpful in determining whether a program supports DoD core functions:

Does the program support DoD core/primary functions as documented in national strategies and DoD mission and strategy documents like the Quadrennial Defense Review, Strategic Planning Guidance, Joint Operating Concepts, Joint Functional Concepts, Architectures (as available), the Business Enterprise Architecture, the Universal Joint Task List, mission area statements, or Service mission statements?

7.8.6.2. Establish Outcome-based Performance Measures

Overview: Title 40/Clinger-Cohen Act mandates performance and results-based management in planning and acquiring IT A key element of performance and results-based management is the establishment of outcome-based performance measures, also known as measures of effectiveness (MOE), for needed capability. MOEs for capabilities needed by the Warfighting and Enterprise Information Environment Mission Areas are developed during a Capabilities-based Assessment (CBA) and recorded in a validated Initial Concept Document. The Business Mission Area identifies outcome-based performance measures during the business case development process and records the approved measures in the business plan.

This section defines measurement terminology, relates it to DoD policy and provides guidance for formulating effective outcome-based performance measures for IT investments. For clarification, the various uses and DoD definitions of MOEs are provided in the CCA Community of Practice (CoP). Regardless of the term used, the Title 40/CCA states that the respective Service Secretaries shall:

Establish goals for improving the efficiency and effectiveness of agency operations and, as appropriate, the delivery of services to the agency's customers through the effective use of IT.
Ensure that performance measurements are prescribed for IT programs used by or to be acquired for the executive agency, and that the performance measurements measure how well the IT supports programs of the executive agency.
Conduct post-implementation reviews of fielded capabilities to determine if they were achieved, verify estimated benefits, and document effective management practices for broader use.

In summary, we are obligated to state the desired outcome, develop and deploy the solution, and then measure the extent to which we have achieved the desired outcome. For further discussion, see the Title 40/CCA language in OMB Circular A-11, Part 7, Page 16 of Section 300, Part ID. Additionally, discussions on the statutory basis and regulatory basis for MOEs and their verification are available in the IT-CoP.

Who is Responsible?

The program Sponsor with cognizance over the function oversees the development of the MOEs during the CBA phase of the JCIDS process. The Sponsor ensures that the MOEs are outcome-based standards for the validated capabilities.
- The PM must be aware of the MOEs and how they relate to overall program effectiveness and document these MOEs in the Exhibit 300 that is part of DoD's budget submission to OMB.
The DoD CIO assesses the outcome-based measures in deciding whether to confirm Title 40/CCA compliance for ACAT IA programs and recommend Section 801 (2366(a)) (or subsequent defense authorization provision) compliance to the Milestone Decision Authority (MDA) for ACAT ID programs.

Implementation Guidance: This section is written to help the Sponsor prepare the MOEs and to help the PM understand his/her role in the MOE refinement process. The key to understanding and writing MOEs for IT investments is to recognize their characteristics and source. Therefore, MOEs should be:

Written in terms of desired outcomes.
Quantifiable (note that both subjective and objective goals can be quantified).
Serve as a measure of the degree to which the desired outcome is achieved.
Independent of any solution and should not specify system performance or criteria.

To satisfy the requirement that an MOE be independent of any solution and not specify system performance or criteria, the MOE should be established before the Materiel Solution Analysis phase because the MOEs guide the analysis and selection of alternative solutions leading up to Milestone A. Although the MOE may be refined as a result of the analysis undertaken during this phase, the source of the initial mission/capability MOE is the functional community. The MOE is the common link between the Initial Capabilities Document (ICD), the Analysis of Alternatives (AoA) and the benefits realization assessment conducted during a PIR as described in Section 7.9 of this guide.

As stated in Table 8 of DoD Instruction 5000.02, for a weapon system with embedded IT and for command control systems that are not themselves IT systems, it shall be presumed that the acquisition has outcome-based performance measures linked to strategic goals and that they are likely to be found in a JCIDS document (ICD, Capability Development Document (CDD) or Capability Production Document (CPD)). Note however that the presumption exists because the JCIDS requires the development of MOEs. For Title 40/CCA confirmation, approved MOEs are required to be presented to the DoD Component CIO.

For further MOE writing guidance, see the Information Technology Community of Practice Measures of Effectiveness Area.

7.8.6.3. Redesigning the Processes that the Acquisition Supports

Overview: This element of the Title 40/CCA asks if the business process or mission function supported by the proposed acquisition has been designed for optimum effectiveness and efficiency. Title 40/CCA requires the DoD Component to analyze its mission, and based on the analysis, revise its mission-related processes and administrative processes as appropriate before making significant investments in IT. There are a number of ways to accomplish this requirement, but this is known as business process reengineering (BPR) and is used to redesign the way work is done to improve performance in meeting the organization's mission while reducing costs.

To satisfy this requirement, BPR is conducted before entering the acquisition process. However, when the results of the JCIDS analysis, including the AoA, results in a Commercial-Off-The-Shelf (COTS) enterprise solution, additional BPR is conducted after program initiation, to reengineer an organization's retained processes to match available COTS processes. As stated in Table 8 of DoD Instruction 5000.02, for a weapon system with embedded IT and for command and control systems that are not themselves IT systems, it shall be presumed that the processes that the system supports have been sufficiently redesigned if one of the following conditions exist: "(1) the acquisition has a JCIDS document (ICD, CDD, CPD) that has been validated by the Joint Requirements Oversight Council (JROC) or JROC designee, or (2) the MDA determines that the AoA is sufficient to support the initial Milestone decision."

Who is Responsible?

The Sponsor with cognizance over the function with input from the corresponding DoD Component functional sponsor is responsible for BPR.
The PM should be aware of the results of the BPR process and should use the goals of the reengineered process to shape the acquisition.
The Director of the Office of the Secretary of Defense (OSD), Cost Assessment and Program Evaluation (CAPE) (OD/CAPE) assesses an ACAT IAM program's AoA to determine the extent to which BPR has been conducted.
The DoD CIO assesses an ACAT IAM program's AoA to determine whether sufficient BPR has been conducted.

Business Process Reengineering: Benchmarking

Benchmarking is necessary for outcome selection and BPR. The Sponsor should quantitatively benchmark agency outcome performance against comparable outcomes in the public or private sectors in terms of cost, speed, productivity, and quality of outputs and outcomes.

Benchmarking should occur in conjunction with a BPR implementation well before program initiation. Benchmarking can be broken into four primary phases:

Planning Phase: Identify the product or process to be benchmarked and select the organizations to be used for comparison. Identify the type of benchmark measurements and data to be gathered (both qualitative and quantitative data types). One method to gather data is through a questionnaire to the benchmarking organization that specifically addresses the area being benchmarked.
Data Collection and Analysis Phase: Initiate the planned data collection, and analyze all aspects of the identified best practice or IT innovation to determine variations between the current and proposed products or processes. Compare the information for similarities and differences to identify improvement areas. Use root cause analysis to break the possible performance issues down until the primary cause of the gap is determined. This is where the current performance gap between the two benchmarking partners is determined.
Integration Phase: Communicate the findings; establish goals and targets; and define a plan of action for change. This plan of action is often the key to successful BPR implementation. Qualitative data from a benchmarking analysis is especially valuable for this phase. It aids in working change management issues to bring about positive change.
Implementation Phase: Initiate the plan of action and monitor the results. Continue to monitor the product or process that was benchmarked for improvement. Benchmark the process periodically to ensure the improvement is continuous.

7.8.6.4. Determining That No Private Sector or Other Government Source Can Better Support the Function

Overview: This element of the Title 40/CCA asks if any private sector or other government source can better support the function. This is commonly referred to as the "outsourcing determination." The Sponsor determines that the acquisition MUST be undertaken by DoD because there is no alternative source that can support the function more effectively or at less cost. Note that for weapon systems and for command and control systems, the need to make a determination that no private sector or Government source can better support the function only applies to the maximum extent practicable. As an example, consider that both the DoD and the Department of Homeland Security have common interests. This requirement should be presumed to be satisfied if the acquisition has a MDA-approved acquisition strategy.

Who is Responsible?

The Sponsor with cognizance over the function leads the analysis work as part of the AoA process.
The PM updates and documents the supporting analysis in the AoA and a summary of the outsourcing decision in the Acquisition Strategy.

7.8.6.5. Analysis of Alternatives (AoA)

Overview: The Director of the Office of the Secretary of Defense (OSD), Cost Assessment and Program Evaluation (OD/CAPE), provides basic policies and guidance associated with the AoA process. Detailed AoA guidance can be found in Chapter 3.3. Analysis of Alternatives. For ACAT ID and IAM programs, OD/CAPE prepares and approves the AoA study guidance, approves the Component-prepared AoA study plan, and reviews the final analysis products (briefing and report). After the review of the final products, OD/CAPE provides an independent assessment to the MDA (see DoD Instruction 5000.02, Enclosure 7, paragraph 5). See Section 3.3 of this guidebook for a general description of the AoA and the AoA Study Plan.

7.8.6.6. Economic Analysis (EA) and Life-Cycle Cost (LCC) Estimates

Overview: An EA consists of an LCC and a benefits analysis and is a systematic approach to selecting the most efficient and cost effective strategy for satisfying an agency's need. See Sections 3.6 and 3.7 of this guidebook for detailed EA and LCC estimate guidance.

7.8.6.7. Acquisition Performance Measures

Overview: Acquisition performance measures are clearly established measures and accountability for program progress. The essential acquisition measures are those found in the acquisition program baseline (APB): cost, schedule and performance. See section 2.1 of this guide for detailed APB guidance.

7.8.6.8. The acquisition is consistent with the Global Information Grid (GIG) policies and architecture

Overview: The GIG is the organizing and transforming construct for managing IT for the Department. See Section 7.2.1.2 for detailed guidance on GIG policies and architecture.

7.8.6.9. The program has an Information Assurance (IA) strategy that is consistent with DoD policies, standards and architectures

Overview: IA concerns information operations that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. This includes providing for the restoration of information systems by incorporating protection, detection and reaction capabilities. See Section 7.5 of this guidebook for detailed guidance on IA.

7.8.6.10. Modular Contracting

Overview: Under modular contracting, a system is acquired in successive acquisitions of interoperable increments. The Title 40 is concerned with modular contracting to ensure that each increment complies with common or commercially acceptable standards applicable to IT so that the increments are compatible with the other increments of IT comprising the system.

Who is Responsible?

The PM is responsible for ensuring that modular contracting principles are adhered to.
The contracting strategy is addressed in the Acquisition Strategy, which is approved by the MDA.

Implementation Guidance: See Section 4.5.4 of this guidebook for a discussion of Open Systems Approach as a systems engineering technique that will support modularity, and Section 39.103 of the Federal Acquisition Regulations for a detailed discussion of Modular Contracting.

7.8.6.11. DoD Information Technology (IT) Portfolio Repository (DITPR)

Overview: The DITPR (requires login) supports the Title 40/CCA inventory requirements and the capital planning and investment processes of selection, control, and evaluation. The DITPR contains a comprehensive unclassified inventory of the Department's mission-critical and mission-essential NSS and their interfaces. It is web-enabled, requires a Common Access Card (CAC) to obtain access, and requires a user account approved by a DoD Component or DoD IT Portfolio Management (PfM) Mission Area or Domain Sponsor. There is a separate inventory on the Secret Internet Protocol Router Network (SIPRNET) called the DoD SIPRNET IT Registry, which requires a separate user account to obtain access. DoD Components provide their IT systems inventory data to either DITPR or the DoD SIPRNET IT Registry – there is no overlap between the two repositories. Data is entered into DITPR by one of two means. For the Army, Air Force, Department of the Navy (Navy, US Marine Corps), and the TRICARE Management Activity, data is entered into the DoD Component's IT inventory system and uploaded to DITPR by batch update monthly. All other Components work directly online in DITPR. The applicable policy and procedure document is the DoD IT Portfolio Repository (DITPR) and DoD SIPRNET IT Registry Guidance, August 10, 2009.

Who is Responsible? The PM is responsible for ensuring the system is registered and should follow applicable DoD CIO procedures and guidance.

DITPR Update Procedure: The DITPR guidance outlines a standard, documented procedure for updating its contents on a monthly basis. The rules, procedures, and protocols for the addition, deletion, and updating of system information are available to users once they are registered. Service and Agency CIOs confirm the completeness of the inventory and the accuracy of the data on the inventory on an annual basis.

Use of the DITPR for Decision Making: The DITPR and the DoD SIPRNET IT Registry are the Department's authoritative inventories of IT systems. They provide senior DoD decision makers a coherent and contextual view of the capabilities and associated system enablers for making resource decisions and a common central repository for IT system information to support the certification processes of the various Investment Review Boards (IRBs) and the Defense Business Systems Management Committee (DBSMC). DITPR provides consistent automated processes across the DoD Components to meet compliance reporting requirements (e.g., Ronald W. Reagan National Defense Authorization Act for Fiscal Year 2005 (NDAA), Federal Information Security Act of 2002 (FISMA), E-Authentication, Privacy Act, Privacy Impact Assessments, Social Security Number Reduction, Records Management, and Interoperability). DITPR also enables the Mission Areas and the Components to accomplish IT PfM.

Top of page

Previous and Next Page arrows