Acquisition of the Electronics Records Archives Is Progressing
GAO-05-802: Published: Jul 15, 2005. Publicly Released: Jul 15, 2005.
- Highlights Page:
- Full Report:
- Accessible Text:
Since 2001, the National Archives and Records Administration (NARA) has been working to acquire the Electronic Records Archives (ERA) system. In August 2004, NARA awarded two contracts to design the ERA system. The agency plans to select one of the resulting designs for the development of the system in August 2005. Conference Report 108-792 directed GAO to report on ERA's costs, schedule, and performance. Our objectives were to determine (1) the extent to which NARA has achieved the ERA program's cost, schedule, and performance objectives and the extent to which the agency has identified risks to future objectives; and (2) the status of NARA's efforts to address prior GAO recommendations on the acquisition.
The ERA program is meeting its cost, schedule, and performance objectives and has identified risks to the program's objectives. For example, the program has achieved all major milestones to date on or ahead of schedule, accepted three major contractor deliverables that met the program's performance standards, and identified risks to the program including the lack of an integrated schedule that encompasses agency projects related to ERA. NARA continues to make progress in addressing recommendations from prior GAO reports: the agency has implemented one recommendation by hiring two key ERA personnel and has partially implemented the other recommendations. For example, NARA has addressed one of the two security weaknesses by bringing classified systems under the central control and protection of the chief information officer, and it has completed corrective action on five of nine security weaknesses in systems operating on its network. However, the Office of the Inspector General has identified additional security weaknesses, including the lack of a formal, documented, and tested agency disaster recovery plan; and inadequate physical and logical security in areas such as password and systems configuration management. Until NARA fully addresses all prior recommendations, risks remain to the successful implementation of the system.