Joint Information Environment:
DOD Needs to Strengthen Governance and Management [Reissued on October 25, 2016]
GAO-16-593: Published: Jul 14, 2016. Publicly Released: Jul 14, 2016.
Additional Materials:
- Highlights Page:
- Full Report:
- Accessible Version:
Contact:
What GAO Found
The Department of Defense (DOD) plans to spend almost $1 billion by the end of this fiscal year to implement one element of the Joint Information Environment (JIE); however, the department has not fully defined JIE's scope or expected cost. Officials reported that assessing the cost of JIE is complex because of the size and the complexity of the department's infrastructure and JIE's implementation approach. However, without information about expected JIE costs, the ability of officials to oversee and make effective resource decisions is limited.
In addition, DOD has begun to assess the workforce needed to operate JIE, but has not determined the number of staff and the specific skills and abilities needed. DOD also lacks a strategy to ensure required JIE security assessments are conducted. Officials stated that the department has taken steps to address JIE personnel and security needs, but it does not have plans in place to address these existing gaps. As a result, DOD risks having a deficient security posture and not being able to ensure that it will have the appropriate workforce knowledge and skills needed to support JIE.
Table: JIE Elements
|
Element |
Description |
|
Single security architecture |
Department-wide network security architecture |
|
Optimized networks |
Reduced number of networks |
|
Identity and access management |
Capability to create and administer identities across the department |
|
Data centers and nodes |
Core data centers and nodes to provide fast and secure connections to any application or service from any authorized network at any time |
|
Software application rationalization and server virtualization |
An effort intended to enable efficiencies and enhance information sharing |
|
Desktop virtualization |
A standardized virtual desktop environment |
|
Mobility services |
Integration of secure and non-secure communications and portable, cloud-enabled command and control capability |
|
Enterprise services |
Services, such as e-mail, provided in a common way across the department |
|
Mission partner environment |
A common set of standards, protocols, and interfaces to enhance data sharing with other agencies; allies; coalition partners; and private sector organizations |
Source: GAO analysis of agency data. I GAO-16-593.
DOD has recently begun efforts to update the JIE governance structure and processes, including identifying the decisions and processes that it needs to document to support the effort. For example, it identified the need to document the process for planning and approving deployment of new JIE capabilities. However, the department has not established associated time frames. Until DOD establishes processes for helping to ensure that JIE decisions are based on reliable scope, cost, and schedule information, the department will face continued challenges in its ability to effectively oversee the initiative.
Why GAO Did This Study
For fiscal year 2017, DOD plans to spend more than $38 billion on information technology to support thousands of networks and millions of computers and other electronic devices connected to its networks. In August 2010, the Secretary of Defense announced an initiative, the JIE, to consolidate infrastructure in order to improve mission effectiveness, achieve savings, and improve network security.
A Senate Armed Services committee report included a provision for GAO to evaluate JIE. GAO's objectives were to (1) determine the extent to which DOD has effectively established scope, cost, and implementation plans for the initiative and (2) determine the extent to which DOD is executing effective oversight and governance of JIE. GAO compared JIE scope, cost, schedule, workforce planning, and security planning with leading program management practices, DOD guidance, and statutes. In addition, it compared JIE governance with leading practices.
What GAO Recommends
To help achieve JIE benefits and to enable effective oversight and governance, GAO recommends that DOD, among other things, fully define JIE's scope and expected cost, and take steps to improve workforce and security planning. DOD described steps it is taking or plans to take to address all of GAO's recommendations.
For more information, contact Carol C. Harris at (202) 512-4456 or chac@gao.gov.
Recommendations for Executive Action
Status: Open
Comments: As of July 2017, the Department of Defense had made progress in implementing the recommendation. Specifically, the department developed a draft Joint Information Environment (JIE) scope statement that can provide the context and framework for reporting, tracking, and controlling JIE activities. According to written comments on the status of the recommendation provided by the department in July 2017, this scope statement will be presented to the JIE Executive Committee in August 2017 for approval. We will continue to monitor the department's efforts to implement the recommendation.
Recommendation: To help the department achieve the benefits anticipated from JIE, the Secretary should direct the DOD Chief Information Officer (CIO), and other entities, as appropriate, to develop a detailed JIE scope statement that is verified by stakeholders and approved by the Executive Committee.
Agency Affected: Department of Defense
Status: Open
Comments: As of July 2017, the Department of Defense had made progress in implementing the recommendation. Specifically, the department developed a draft JIE scope statement, which documents the scope of JIE and describes how updates to its scope will be periodically reviewed and approved. According to written comments on the status of the recommendation provided by the department in July 2017, the draft will be presented to the JIE Executive Committee in August 2017 for approval. We will continue to monitor the department's efforts to implement the recommendation.
Recommendation: To help the department achieve the benefits anticipated from JIE, the Secretary should direct the DOD CIO and other entities, as appropriate, to establish a plan for managing, documenting, and communicating scope.
Agency Affected: Department of Defense
Status: Open
Comments: As of July 2017, the Department of Defense had not implemented the recommendation. According to written comments on the status of the recommendation provided by the department, it developed cost baselines for two components of JIE. However, it did not develop cost estimates for the other JIE components. Specifically, the JIE Executive Committee approved the cost estimate for the Joint Regional Security Stacks in April 2017. In addition, the department's comments stated that the cost baseline for the Mission Partner Environment-Information System (MPE-IS) was included in the MPE-IS Business Case Analysis and presented to the department's Office of Cost Assessment and Program Evaluation in July 2016. We are in the process of reviewing the cost estimates for these components. The department further stated that as solutions for other JIE efforts are established, their cost baselines will be added as appropriate.
Recommendation: To help the department achieve the benefits anticipated from JIE, the Secretary should direct the DOD CIO and other entities, as appropriate, to develop a reliable JIE cost estimate and baseline, consistent with the best practices described in this report.
Agency Affected: Department of Defense
Status: Open
Comments: As of July 2017, the department had not implemented the recommendation. We will continue to monitor the department's efforts to address this recommendation by periodically requesting and evaluating updated information.
Recommendation: To help the department achieve the benefits anticipated from JIE, the Secretary should direct the DOD CIO and other entities, as appropriate, to develop a JIE schedule management plan and reliable schedule, consistent with practices described in this report.
Agency Affected: Department of Defense
Status: Open
Comments: As of July 2017, the Department of Defense had not fully implemented this recommendation. In March 2017, the JIE Executive Committee approved a schedule baseline for the Non-secure Internet Protocol Router network component of JRSS. In addition, the Executive Committee memo approving this schedule baseline indicated that the Executive Committee planned to review and approve a schedule baseline for the Secure Internet Protocol Router network component of JRSS by the end of fiscal year 2017. However, the department has not demonstrated that it has a schedule management plan or that its schedule was developed consistent with the practices described in our report.
Recommendation: To help the department achieve the benefits anticipated from JIE, the Secretary should direct the DOD CIO and other entities, as appropriate, to develop a JRSS schedule management plan and reliable JRSS schedule and schedule baseline, consistent with practices described in this report.
Agency Affected: Department of Defense
Status: Open
Comments: As of July 2017, the Department of Defense had not implemented the recommendation. In its June 2016 written comments on a draft of our report, the department stated that the National Institute of Standards and Technology and the Office of Personnel Management were to publish a coding structure in response to the Federal Cybersecurity Workforce Assessment Act of 2015. DOD stated that this structure would inform steps DOD planned to take to identify the type of personnel and specific skills required to support enterprise operations and services and the government capabilities needed to effectively achieve JIE. However, as of July 2017, the department had not demonstrated that it has taken action to implement our recommendation.
Recommendation: To help the department achieve the benefits anticipated from JIE, the Secretary should direct the DOD CIO and other entities, as appropriate, to complete an assessment to determine the number of staff and the specific skills and abilities needed to effectively achieve JIE, consistent with the workforce planning practices described in this report.
Agency Affected: Department of Defense
Status: Open
Comments: As of July 2017, the Department had not implemented the recommendation. We will continue to monitor the department's efforts to address this recommendation by periodically requesting and evaluating updated information.
Recommendation: To help the department achieve the benefits anticipated from JIE, the Secretary should direct the DOD CIO and other entities, as appropriate, to develop a strategy for conducting JIE security assessments that describes the resources needed to execute the strategy, responsible organizations, and a schedule to complete the assessments.
Agency Affected: Department of Defense
Status: Open
Comments: As of July 2017, the Department of Defense had not implemented this recommendation. In January 2017, the Joint Regional Security Stacks (JRSS) program received a six-month provisional Risk Management Framework Authority to Operate. According to a July 2017 update from the department on the status of this recommendation, the JRSS program management office was in the process of requesting another six-month provisional authority to operate. However, the department has not developed a strategy and schedule to complete transition of JRSS to the Risk Management Framework or developed the security plan required by the framework.
Recommendation: To help the department achieve the benefits anticipated from JIE, the Secretary should direct the DOD CIO and other entities, as appropriate, to develop a strategy and schedule to transition JRSS to the Risk Management Framework, and develop the security plan required by the new framework.
Agency Affected: Department of Defense
Status: Open
Comments: The Department of Defense had taken steps to address the recommendation and we are in the process of reviewing documentation the department provided in July 2017 to determine if it sufficiently addresses the recommendation. Specifically, in April 2017, the JRSS program office documented the methodology, ground rules, and assumptions, among other things, used to develop the cost estimate we reviewed in our report, and the JIE Executive Committee established the estimate as its JRSS cost baseline. We are in the process of reviewing the cost estimate documentation and will update this status after completing the review.
Recommendation: To help the department achieve the benefits anticipated from JIE, the Secretary should direct the DOD CIO and other entities, as appropriate, to develop a reliable Joint Regional Security Stacks (JRSS) cost estimate and baseline, consistent with practices described in this report.
Agency Affected: Department of Defense
Explore the full database of GAO's Open Recommendations
»
Explore the full database of GAO's Open Recommendations
Jul 19, 2018
![defense icon, source: [West Covina, California] Progressive Management, 2008](https://www.gao.gov/images/rip/defense.jpg "defense icon, source: [West Covina, California] Progressive Management, 2008")
Force Structure:
F-22 Organization and Utilization Changes Could Improve Aircraft Availability and Pilot TrainingGAO-18-190: Published: Jul 19, 2018. Publicly Released: Jul 19, 2018.
Jul 16, 2018
-
Defense Contracts:
DOD Should Develop a Strategy for Assessing Contract Award Time FramesGAO-18-467: Published: Jul 16, 2018. Publicly Released: Jul 16, 2018.
Jun 25, 2018
-
Defense Management:
DOD Senior Leadership Has Not Fully Implemented Statutory Requirements to Promote Department-Wide CollaborationGAO-18-513: Published: Jun 25, 2018. Publicly Released: Jun 25, 2018.
Jun 21, 2018
-
Military Personnel:
Collecting Additional Data Could Enhance Pilot Retention EffortsGAO-18-439: Published: Jun 21, 2018. Publicly Released: Jun 21, 2018.
Jun 20, 2018
-
Military Readiness:
Analysis of Maintenance Delays Needed to Improve Availability of Patriot Equipment for TrainingGAO-18-447: Published: Jun 20, 2018. Publicly Released: Jun 20, 2018.
Jun 18, 2018
-
Nuclear Nonproliferation:
The Administration's 2015 Plan and 2017 Update for Nuclear Proliferation Verification and Monitoring Generally Did Not Address Reporting RequirementsGAO-18-505R: Published: Jun 18, 2018. Publicly Released: Jun 18, 2018.
Jun 13, 2018
-
Defense Industrial Base:
Integrating Existing Supplier Data and Addressing Workforce Challenges Could Improve Risk AnalysisGAO-18-435: Published: Jun 13, 2018. Publicly Released: Jun 13, 2018. -
F-35 Joint Strike Fighter:
Development Is Nearly Complete, but Deficiencies Found in Testing Need to Be Resolved [Reissued with Revisions Jun. 13, 2018]GAO-18-321: Published: Jun 5, 2018. Publicly Released: Jun 5, 2018.
Jun 6, 2018
-
Navy Shipbuilding:
Past Performance Provides Valuable Lessons for Future InvestmentsGAO-18-238SP: Published: Jun 6, 2018. Publicly Released: Jun 6, 2018.
May 31, 2018
-
B61-12 Nuclear Bomb:
Cost Estimate for Life Extension Incorporated Best Practices, and Steps Being Taken to Manage Remaining Program RisksGAO-18-456: Published: May 31, 2018. Publicly Released: May 31, 2018.
Looking for more? Browse all our products here
Explore our Key Issues on National Defense
- Best Practices and Leading Practices in Acquisition Management
- Countering Overseas Threats
- DOD Approach to Business Transformation - High Risk Issue
- DOD Contract Management - High Risk Issue
- DOD Supply Chain Management - High Risk Issue
- DOD Support Infrastructure Management - High Risk Issue
- DOD Weapon Systems Acquisition - High Risk Issue
- Energy Management in DOD Facilities
- Ensuring the Effective Protection of Technologies Critical to U.S. National Security Interests - High Risk Issue
- Military Base Realignments and Closures
- Military Force Sizing and Organization
- NASA Acquisitions - High Risk Issue
- National Defense System Acquisitions
- Public Health Emergency Preparedness and Response
- Unmanned Aerial Systems (Drones)
- U.S. Arctic Interests
- U.S. - China Economic and Military Relations
Explore our other Key Issues here
