Defense Management: Electronic Commerce Implementation Strategy Can Be Improved
NSIAD-00-108
Published: Jul 18, 2000. Publicly Released: Jul 18, 2000.
Skip to Highlights
Highlights
Pursuant to a congressional request, GAO reviewed the Department of Defense's (DOD) efforts to implement its Joint Electronic Commerce Program, focusing on: (1) issues DOD needs to resolve to successfully implement its vision for electronic commerce; and (2) the implementation status and performance measures associated with key electronic commerce initiatives.
Recommendations
Recommendations for Executive Action
| Agency Affected Sort descending | Recommendation | Status |
|---|---|---|
| Department of Defense | To strengthen the Department's electronic commerce program, the Secretary of Defense should direct that all new electronic commerce initiatives sponsored by the military services and Defense agencies support the Department's strategic goals and electronic commerce architecture. |
Closed – Implemented
DOD concurred with this recommendation and stated that DOD Directive 8190.2, issued on June 23, 2000, incorporate the thrust of this recommendation.
|
| Department of Defense | To strengthen the Department's electronic commerce program, the Secretary of Defense should direct that both output- and outcome-oriented performance measures are identified for all new and ongoing electronic commerce initiatives. |
Closed – Implemented
DOD concurred with this recommendation and stated that it had incorporated it into DOD Directive 8190.2 which was issued on June 23, 2000. In addition, DOD provided GAO with additional performance metrics which it had prepared in response to the recommendation.
|
| Department of Defense | To strengthen the Department's electronic commerce program, the Secretary of Defense should direct that the Chief Information Officer develop an implementation plan that has a Department-wide focus, one that explicitly addresses the strategic plan's goals, objectives, and strategies. |
Closed – Not Implemented
DOD stated in its September 11, 2000, final response to the report that it will update its electronic business strategic plan and then develop an appropriate DOD implementation plan. In May 2001, the Assistant Secretary of Defense (C3I) reported to the DOD Inspector General that DOD's Electronic Commerce Board of Directors was still evaluating the direction DOD plans to take on developing an implementation plan. The Assistant Secretary further stated that the change in Administration increased the level of uncertainty about the process to develop a plan and resources to support the effort. Consequently, a plan is not likely to be completed until sometime in 2002.
|
| Department of Defense | To strengthen the Department's electronic commerce program, the Secretary of Defense should direct that the Chief Information Officer, in consultation with the principal staff assistants, military services, and Defense agencies, identify the approach and the schedule to be followed by all DOD business areas to develop a Department-wide electronic commerce architecture. |
Closed – Implemented
DOD established an Electronic Business Board of Directors to oversee its electronic commerce program. As part of its charter, the Board is expected to support and develop an approach for an electronic commerce architecture. It is expected to ensure that the architecture is developed in accordance with existing DOD guidance and is compatible with DOD's Global Information Grid. In May 2001, the Assistant Secretary of Defense (C3I) informed the DOD Inspector General that an electronic commerce common architecture was completed in July 2000 in the required format of the C4ISR framework. However, this version of the architecture included only the procurement process. Until DOD includes its many other functions into the common architecture framework, it will not have fully responded to this recommendation.
|
| Department of Defense | To strengthen the Department's electronic commerce program, the Secretary of Defense should provide the members of the proposed electronic commerce board of directors with sufficient authority to see that electronic commerce policies, plans, and architecture development are supported and implemented across the Department as well as in their respective services and agencies. |
Closed – Implemented
On July 7, 2000, the DOD Chief Information Officer created an Electronic Business Board of Directors and chartered it with the responsibility and authority to oversee electronic commerce policies, plans, and architecture development. Board membership is comprised of senior DOD managers at the general officer level. The Board began meeting in August 2000 and continues to oversee and address electronic commerce issues across DOD.
|
| Department of Defense | To strengthen the Department's electronic commerce program, the Secretary of Defense should ensure that the electronic commerce program office has clear lines of authority and funding necessary to implement a Department-wide program. |
Closed – Implemented
DOD agreed with this recommendation and created an office under the Deputy CIO that it believes has the authority and independence to program resources and act from a DOD-wide perspective. DOD incorporated this decision in DOD Directive 8190.2, which was issued in June 2000.
|
| Department of Defense | To strengthen the Department's electronic commerce program, the Secretary of Defense should ensure that realistic timeframes and costs are established for carrying out the tasks necessary to transition the Department's personnel, processes, and systems to the planned public key infrastructure to enhance security. |
Closed – Implemented
DOD concurred with this recommendation and noted that a number of technical issues still needed to be resolved before realistic timeframes and costs could be determined. In May 2001, the Assistant Secretary of Defense (C3I) reported that the Department had taken a number of actions that addressed this recommendation. On January 16, 2001, the Under Secretary of Defense (P&R) and the DOD CIO co-signed a memo establishing policies and timeliness for implementing aspects of the PKI. On April 1, 2004, DOD issued Instruction 8520.2, "Public Key Infrastructure (PKI) and Public Key (PK) Enabling." This instruction implemented policy, assigned responsibilities, and prescribed procedures for developing and implementing a Department-wide PKI and enhancing the security of DOD information systems by enabling these systems to use PKI for authentication, digital signatures, and encryption. The instruction aligned DOD PKI and PK (Public Key)-Enabling activities with DOD Directive 8500.1, as implemented by DOD Instruction 8500.2, and the DOD Common Access Card (CAC) program, as specified by DOD Directive 8190.3. The instruction was responsive to GAO's recommendation.
|
Full Report
Office of Public Affairs
Topics
Computer networksComputer securityDefense procurementElectronic benefits transfersE-commerceElectronic data interchangeInternetPerformance measuresSmart cardsStrategic information systems planning