Federal Software Asset Management:The Government’s SAM Framework Alan Vander Mallie, Program Manager U.S. General Services Administration Office of Governmentwide Policy September 2009
Software Asset Management Case Study: Running the Government’s SAM Framework • The GSA Role • Federal SAM/ITAM Program • The Government’s SAM Framework • How’s it working for US? • Successes, Challenges & Trends
GSA Role GSA has a major role in managing Government assets: • Real Property (over $1.4 trillion) • Personal Property (disposes > $21 billion per year) • Travel and Transportation (>600,000 vehicles/1,460 aircraft/$12.3 billion in annual travel expenditures) • Information Technology Strategy (purchase $71 billion/year) • Regulatory Information (FAR, FMR, FTR, GSAM) • Federal Advisory Committees (public transparency)
GSA Role Information Technology spending for FY 2009 may total $71 Billion • Mission Systems – approx $36 billion • 6236 business cases for mission systems • Infrastructure – approx $30 billion • 25 major business cases for IT infrastructure Source: OMB VUE-IT Application for FY 2009: http://www.whitehouse.gov/omb/assets/egov_docs/VUE-IT.pdf
Federal SAM Program Purpose • Support technology strategy efforts so govt is running in the most secure, open, and efficient way possible • Help govt realize technical and social goals -focus on process solutions vs technology solutions • Create strategic value from SAM/ITAM Goals: • Manage Smarter, Buy Smarter, and Increase compliance of IT assets
Federal SAM Program Benefits include support for: • Aggregated buys through vehicles such as SmartBUY • Improved infrastructure optimization and efficient software/hardware usage • Closer alignment with approved lists of COTS software (FEA and EA) • Better use of acquisition, finance, and installed versus actual usage data • Assurance that security features are incorporated into software products as required (e.g., NIST FIPS 140-2 preclude the use of unvalidated encryption protection of sensitive or valuable data within Federal systems) • Achieving Section 508 compliance for software/hardware use by persons with disabilities • Going Green with IT purchase decisions for more energy efficient IT operating environments & end-of-use disposal
Federal SAM Program Cont’d • Support for desktop management & core configurations • Auto-discovery of installed software • Scheduling maintenance upgrades and software/hardware disposition • Improving and clarifying software-use policies (who, what, where, when, why) • Development of standard federal-wide license use clauses to protect intellectual property and prevent software piracy • Informed software security patching and upgrades, installation and deployment • Informed user and IT support staff training.
Federal SAM Program - Roadmap Implement • Govtwide SAM Programs • Promote Govtwide standardization, consolidation and optimization • FedITAM website available share • best practices and tools Invest • FedITAM Program Realization • Launch Website so Citizens, Industry & Government can participate in advancing SAM • Highlight use of automated tools • Work with Agencies and LOBs re benefits Architect • Discovery & Program Foundation • Recommend guidelines and strategic framework • Document lessons learned internal/industry • Asses current state-of-SAM across Government
Federal SAM Framework The Federal SAM Framework focuses on process improvements using ISO 19770-1 and other SAM/ITAM related standards and tools for: • Capturing inventories of deployed software, lists of approved software within FEA and agency enterprise architectures, CPIC investment portfolios, and authorized user data from CIOs; • Capturing acquisition, purchasing, and negotiated license usage rights information from CAOs; and • Capturing invoice, payment and finance information from CFOs.
Federal SAM Framework • Highlights six key SAM process areas (ISO 19770-1) and 17 questions from chief officers: • Supports routine and extraordinary efforts to standardize, consolidate, and optimize the management, purchase, and increased compliancy of IT assets. • Supports collaboration and partnerships across the disciplines and between those responsible for enterprise architecture and standards, financial management, strategic sourcing and acquisition, IT operations, and asset management.
Federal SAM Framework NOTES: The Federal SAM framework leads agencies towards higher levels of maturity in their software asset management programs so they do not continue to waste time and money with manual inventories, ineffective decision processes, and redundant software purchasing efforts. Through inputs to and relationships with federal-wide (SmartBUY) or agency strategic sourcing efforts and the IT Infrastructure LOB program the SAM framework (1) moves vendors towards constantly improving and better securing their products for government enterprise use and (2) moves IT operations and their vendors away from spending too much time and money on purchasing or marketing on many disparate levels.
Federal SAM Framework The goal of communicating a common framework across Government is to: -- foster visibility of standards and assets, and promote better management, strategic sourcing, and accurate tracking -- so that information, assets, people, and processes are adequately detected/identified, protected and connected across the federal government.
Federal SAM Framework NOTES: The Federal SAM Program & Framework recommends that every software acquisition should be aligned with: • OMB policy and guidance for software acquisition and SmartBUY acquisition • Federal enterprise architecture (FEA) • Agency strategic plans and enterprise architectures • Federal security standards • Capital planning and investment controls (CPIC) • Legislated acquisition and IT requirements.
Federal SAM Framework “The Govts SAM framework offers a view into integrated lifecycle management for IT assets” The Government’s SAM Framework – 6 process areas that cross organizational boundaries: • Approving Software & Hardware • Managing the Buy • Managing Contract Compliance • Monitoring Inventory Usage • Complying with Policies & Standards • Financial & Capital Planning
Framework Process Areas Approving IT Architecture Software & Hardware • What IT assets are approved to run on the network architecture? • What unapproved products are running on the network or are being purchased for deployment, exposing us to risk? • Are we addressing the security areas of patch-management and network identity-management?
Framework Process Areas Managing the Buy • What IT assets are good candidates for cost-saving Smart Buy, GWACs, and other Strategic Sourcing agreements? • What are relevant contract terms and clauses for enterprise-wide compliant use of assets? • Do our ordering practices reflect the actual depletion, deployment, saturation, and utility rates of my organization?
Framework Process Areas Managing Contract Compliance • What installed assets expose us to piracy liabilities because they lack licensing agreements? • Do our installations exceed authorized licensing? • Are agencies in compliance with contract terms and are S/W and H/W vendors in compliance with federal policies?
Framework Process Areas Monitoring Inventory Usage • What installed assets are not being actively used; and (how) should they be re-used or retired? • What assets are sitting on the shelf in large quantities reflecting potentially unwarranted ongoing expenses? • What critical asset inventories are nearly depleted?
Framework Process Areas Fostering Compliance with Policies & Standards • What Federal policies and guidelines govern particular categories of IT assets? • How are we working toward compliance with ISO 19770, UNSPSC, and other current or emerging global standards? • What are current ITAM policy guidelines issued by OMB, NIST, and OGP; and is our agency in compliance?
Framework Process Areas Financial & Capital Planning • What are opportunities to increase return on investment and improve cash-flow through smarter buys and uses? • What are noteworthy variances in unit pricing for similar products and how best can we close gaps and avoid costs?
How is it Working for US? ID Management technology strategy for Implementing HSPD12 Initiative has clear and visible govtwide architecture related to a govtwide acquisition strategy which includes a public list of approved & certified products and services. Website: http://www.IDManagement.gov
How is it Working for US? SmartBuy/ESI/GWACs and other Strategic Sourcing agreements Initiative has CoBranding between GSA and DoD - Use of common clauses, terms & conditions to achieve best value – Mandatory consideration of Smart Buy/ESI contracts in FAR Case 2005-014. Website: http://www.gsa.gov/smartbuy
How is it Working for US? IT Infrastructure Line of Business (LoB) Initiative promotes use of automated tools and adoption of SAM/ITAM processes – Consolidated hundreds of infrastructure investments into 25 and applied highend consulting and engineering expertise to five-year plans. Website: http://www.itinfrastructure.gov
How is it Working for US? Questions Raised by Tool Analysis: • Do CIOs have the personnel, policies, and procedures in place to optimize IT assets? • Do CIOs know what they have, where it is, who is using their IT assets? • Do CIOs have the right tools and enough information to optimize and manage their IT assets? • Are CIOs buying tools using SmartBUY agreements?
How is it Working for US? Created SAM Framework and built proof-of-concept Federal SAM repository and reporting tool Initiative identified common data inputs and sources for using SAM automated tools. Website: http://www.gsa.gov/feditam
How is it Working for US? NOTES: Optimizing COTS software use requires collecting and analyzing SAM data using standard data collection best practices, such that data can be used within and across agencies toward making the Federal Government a leader in software investment management.
Sample Inputs for Automated Tools and Life-Cycle Reporting Acquisition & Finance (CAO) (CFO) (CIO) Human Resources (CIO) (CHCO) IT Inventory System (CIO) (CFO) IT Architecture (CIO) • Agency’s Approved Software List • Agency org code • Sub agency org code • Region code • File send date • File Source Name • File Number • Sender • Product Name • Product version • Manufacturer Name • Product Type • Product Description • Software Category • Product OS • Version Release Date • Approving Agency Name • Transaction Code • Load Type • (Optional) Personnel Information • Agency org code • Sub agency org code • Region code • File send date • File Source Name • File Number • Sender • POC Name • POC Phone No. • POC Email Address • Employment Status • Department • Acquisition & Financial Info • Agency org code • Sub agency org code • Region code • File send date • File Source Name • File Number • Sender • Product Name • Product Version • Manufacturer Name • Contract Number • License type • SIN Number • License description • National Stock Number • Price category • Quantity Purchased • Quantity Ordered • Contract Type • Contract Description • Date of Order • Order Number • Cont’d… • Deployed Software Inventory Discovery • Agency org code • Sub agency org code • Region code • File send date • File Source Name • File Number • Sender • Product Name • Product Version • Manufacturer Name • User Name • Machine Name • IP Address • MAC Address • Machine Platform • Location • Machine type (formerly Class) • Model No (formerly Model) • RAM • Free HDD Capacity • Total HDD Capacity • Processor Type • Cont’d… Sample Data Inputs
Sample Inputs for automated tools and Life-Cycle Reporting Acquisition & Finance Human Resources IT Architecture IT Inventory System Agency’s Approved Software List (Optional) Personnel Information • Acquisition & Finance, Cont’d… • Date of Receipt • Person to Contact • No of Licenses Received • Receiving person • License Start Date • License End Date • Smart BUY Status • Federal-wide Flag • Vendor Name • Vendor Number • Initial License Cost • Annual Subscription Cost • Annual Support Cost • Annual Subscription & Support • BPA number • Invoice number • ACT number • Fund Code • Deployed Software Inventory Discovery • Cont’d… • No. of Processors • Server Flag • Machine Serial Number • OS Domain • DNS Host Name • Server Manager Name • Server Used as • Server Name • Server Contact Name • Host Name • Software category • Installed quantity • Date Last Used • Date Installed • OS Platform • Processor/CPU speed • No. IPS Machine cont’d, Sample Data Inputs
Reports • Summary & Detailed Reporting aggregated by Organization • View by Product Name (Oracle, Lotus Notes, MS Windows, etc.) • View by Manufacturer (IBM, Microsoft, McAfee, etc.) • View by Server Name • View by Contract or Blanket Purchase Agreement Number • View by Fiscal Year (original purchase date) • List of Expired Licenses • List of Approved & Non-Approved Products • List of Charge Card Purchases • Customized Reporting (you create your own report template) • Administrative: List of SAM Tool Users • Administrative: History of Agency Data Refreshes • Executive Dashboard Reports: • Actionable Advices and Alerts • Executive Spreadsheet • Store Documents and Reports
How is it Working for US? Published website at www.gsa.gov/feditam to make technology strategy for Federal SAM visible to citizens, industry, and government so we can work together. Contact and interact with US at SamBox@gsa.gov Alan Vander Mallie Federal SAM/ITAM Program Manager Office of Governmentwide Policy U.S. General Services Administration Phone: (202) 501-6901 Email: email@example.com