Information Technology:
FBI Is Implementing Key Acquisition Methods on Its New Case Management System, but Related Agencywide Guidance Needs to Be Improved
GAO-08-1014: Published: Sep 23, 2008. Publicly Released: Sep 23, 2008.
Additional Materials:
- Highlights Page:
- Full Report:
- Accessible Text:
Contact:
(202) 512-3000
contact@gao.gov
Office of Public Affairs
(202) 512-4800
youngc1@gao.gov
The Federal Bureau of Investigation (FBI) is 3 years into its 6-year, $451 million program known as Sentinel, which is to replace its antiquated, paper-based, legacy systems for supporting mission-critical intelligence analysis and investigative case management activities. Because of the importance of Sentinel to the bureau's mission operations, GAO was asked to conduct a series of reviews on the FBI's management of the program. This review focuses on whether the FBI is employing effective methods in acquiring commercial solutions for Sentinel. To do so, GAO researched relevant best practices; reviewed FBI policies and procedures, program plans, and other program documents; and interviewed appropriate program officials.
The FBI's Sentinel program is implementing five key methods for acquiring commercial information technology solutions. In particular, it is managing Sentinel requirements by making sure that changes to established baselines are justified and approved on the basis of costs, benefits, and risks, and it is ensuring that different levels of requirements and related design specification and test cases are properly aligned with one another. In addition, the bureau is analyzing commercially available product alternatives in relation to requirements, costs, and other factors to ensure that the most cost-effective mix of products is being used to minimize requirement gaps. In doing so, it is taking steps to understand the dependencies among the commercial products, thus ensuring that they can interoperate effectively. Also, the bureau is not modifying the commercial products that it is selecting and using to develop Sentinel, which should allow it to minimize future maintenance costs by taking advantage of future product releases and other vendor product support. Last, it is taking steps to ensure that Sentinel integration with FBI legacy systems will occur when needed, for example, by establishing agreements with legacy system owners. Collectively, implementation of these acquisition methods should increase the chances of cost effectively delivering required Sentinel capabilities on time. However, the implementation of most of these acquisition methods is generally not governed by bureauwide policies and guidance that address all relevant practices. To the credit of program officials, this void in corporate policies and guidance has not affected Sentinel, as they are implementing all of the key practices either through reliance on their prime contractor's approaches or through Sentinel-specific plans. If policies and guidance relative to each of these methods for acquiring commercial component-based systems were incorporated into FBI-wide policies and guidance, the bureau could increase its chances of employing them on a repeatable basis across all applicable system investments.
Recommendations for Executive Action
Status: Closed - Implemented
Comments: In September 2011, the Federal Bureau of Investigation (FBI) implemented this recommendation by updating its recommended Analysis/Trade Study Report template (DT-005) to have project teams analyze trade-offs between implemented systems and competing design alternatives to determine the best fit based on commercial component capabilities and high-level project requirements as part of the tailoring process outlined in FBI's IT Life Cycle Management framework. The template states that this analysis should be revisited early and continuously throughout the system acquisition life cycle, beginning at the system concept exploration phase and continuing through project-level and bureau governance milestone reviews. Additionally, the template states that the analysis should address the relative quality and cost trade-offs between the commercial alternatives and should involve relevant stakeholders in trade-off analyses and decision making processes. By requiring periodic reassessment of system design with respect to commercial alternatives, the Bureau has increased the likelihood that its investments in information systems will deliver required capabilities in a timely and cost-effective way.
Recommendation: To leverage key commercial component-based acquisition methods being implemented on Sentinel, and increase the chances of these practices being implemented on all FBI IT programs, the FBI Director should instruct the Chief Information Officer to incorporate into FBI policy or guidance each of the practices that we identified in this report as not being addressed relative to requirements/commercial product trade-off analysis.
Agency Affected: Department of Justice: Federal Bureau of Investigation
Status: Closed - Implemented
Comments: In November 2008, the Federal Bureau of Investigation (FBI) implemented this recommendation by developing guidance for commercial product dependency analysis as part of the tailoring process outlined in FBI's IT Life Cycle Management framework. For instance, FBI project teams now allocate requirements among the various commercial components that constitute a given system design in a Requirements Traceability Matrix (DT-031). Consistent with our recommendation, the matrix requires, for example, that system and interface requirements be allocated to sub-systems, hardware and software components, as well as test procedures and results. In addition, FBI project teams complete an Interface Control Document, which specifies system requirements associated with the equipment, software, operations, or services affecting the involved systems or segments. Moreover, bureau officials stated that certain of its information technology (IT) projects have utilized iterative prototyping, a leading practice for ensuring that system components will successfully interact. By taking these actions, FBI has helped ensure that its IT investments will deliver required capabilities in a timely and cost-effective fashion.
Recommendation: To leverage key commercial component-based acquisition methods being implemented on Sentinel, and increase the chances of these practices being implemented on all FBI IT programs, the FBI Director should instruct the Chief Information Officer to incorporate into FBI policy or guidance each of the practices that we identified in this report as not being addressed relative to commercial product dependency analysis.
Agency Affected: Department of Justice: Federal Bureau of Investigation
Status: Closed - Not Implemented
Comments: To date, the Federal Bureau of Investigation has not implemented this recommendation. In September 2011, the Bureau updated its recommended Analysis/Trade Study Report template (DT-005) to consider commercial product customization, when appropriate. However, this guidance does not specifically address effective controls for modifications to commercial components, which include (1) having a defined policy or guidance governing modification of commercial products, (2) ensuring that any modification is justified on the basis of the life-cycle impact on system costs and benefits, and (3) working proactively with the product's vendor to incorporate planned modifications into the next release of the product. By not addressing these leading practices for modifying commercial information technology components in its guidance, the Bureau may not be able to fully realize the advantages of such commercial components and may introduce problems in operating and maintaining its systems as a result of their modification.
Recommendation: To leverage key commercial component-based acquisition methods being implemented on Sentinel, and increase the chances of these practices being implemented on all FBI IT programs, the FBI Director should instruct the Chief Information Officer to incorporate into FBI policy or guidance each of the practices that we identified in this report as not being addressed relative to commercial product modification.
Agency Affected: Department of Justice: Federal Bureau of Investigation
Status: Closed - Implemented
Comments: In November 2008, the Federal Bureau of Investigation (FBI) implemented this recommendation by incorporating the Interface Control Document as part of the tailoring process defined in its IT Life Cycle Management framework. This document is used as a requirements agreement between two or more participants within a system, or between systems. It specifies the requirements and/or design definitions of system interfaces affecting multiple systems, segments, or contractors within a project. It establishes the specifications and system requirements associated with the equipment, software, operations, or services affecting the involved systems or segments. This document also defines a set of qualification methods (such as testing, analysis, and inspection) to be used to verify that the requirements for the interfaces have been met. FBI officials confirmed that although legacy systems are not specifically mentioned with regard to interface control documents, all legacy and existing systems are documented and tested to ensure proper integration. By adopting this approach, FBI has increased the likelihood that its IT investments will perform as required and will be fielded in a timely and cost-effective fashion.
Recommendation: To leverage key commercial component-based acquisition methods being implemented on Sentinel, and increase the chances of these practices being implemented on all FBI IT programs, the FBI Director should instruct the Chief Information Officer to incorporate into FBI policy or guidance each of the practices that we identified in this report as not being addressed relative to legacy system integration management.
Agency Affected: Department of Justice: Federal Bureau of Investigation
Explore the full database of GAO's Open Recommendations
»
Feb 24, 2021
-
Pregnant Women in DOJ Custody:
U.S. Marshals Service and Bureau of Prisons Should Better Align Policies with National GuidelinesGAO-21-147: Published: Jan 25, 2021. Publicly Released: Feb 24, 2021.
Oct 26, 2020
-
Intellectual Property:
CBP Has Taken Steps to Combat Counterfeit Goods in Small Packages but Could Streamline EnforcementGAO-20-692: Published: Sep 24, 2020. Publicly Released: Oct 26, 2020.
Sep 30, 2020
-
Federal Criminal Restitution:
Department of Justice Has Ongoing Efforts to Improve Its Oversight of the Collection of Restitution and Tracking the Use of Forfeited AssetsGAO-20-676R: Published: Sep 30, 2020. Publicly Released: Sep 30, 2020.
Sep 10, 2020
-
Federal Tactical Teams:
Characteristics, Training, Deployments, and InventoryGAO-20-710: Published: Sep 10, 2020. Publicly Released: Sep 10, 2020.
Sep 8, 2020
-
VA Police:
Actions Needed to Improve Data Completeness and Accuracy on Use of Force Incidents at Medical CentersGAO-20-599: Published: Sep 8, 2020. Publicly Released: Sep 8, 2020.
Aug 13, 2020
-
Anti-Money Laundering:
FinCEN Should Enhance Procedures for Implementing and Evaluating Geographic Targeting OrdersGAO-20-546: Published: Jul 14, 2020. Publicly Released: Aug 13, 2020.
Jul 29, 2020
-
Federal Prison Industries:
Actions Needed to Evaluate Program EffectivenessGAO-20-505: Published: Jul 29, 2020. Publicly Released: Jul 29, 2020.
Jul 8, 2020
-
Gun Control:
DOJ Can Further Improve Guidance on Federal Firearm Background Check RecordsGAO-20-528: Published: Jul 8, 2020. Publicly Released: Jul 8, 2020.
Jun 22, 2020
-
Federal Prisons:
Additional Analysis Needed to Determine Whether to Issue Pepper Spray to Minimum Security PrisonsGAO-20-342: Published: Jun 22, 2020. Publicly Released: Jun 22, 2020.
May 26, 2020
-
Bureau of Prisons:
Improved Planning Would Help BOP Evaluate and Manage Its Portfolio of Drug Education and Treatment ProgramsGAO-20-423: Published: May 26, 2020. Publicly Released: May 26, 2020.
Looking for more? Browse all our products here