§2222. Defense business systems: architecture, accountability, and modernization

(a) Conditions for Obligation of Funds for Defense Business System Modernization.-Effective October 1, 2005, funds appropriated to the Department of Defense may not be obligated for a defense business system modernization that will have a total cost in excess of $1,000,000 unless-

(1) the approval authority designated for the defense business system certifies to the Defense Business Systems Management Committee established by section 186 of this title that the defense business system modernization-

(A) is in compliance with the enterprise architecture developed under subsection (c);

(B) is necessary to achieve a critical national security capability or address a critical requirement in an area such as safety or security; or

(C) is necessary to prevent a significant adverse effect on a project that is needed to achieve an essential capability, taking into consideration the alternative solutions for preventing such adverse effect; and

(2) the certification by the approval authority is approved by the Defense Business Systems Management Committee.

(b) Obligation of Funds in Violation of Requirements.-The obligation of Department of Defense funds for a business system modernization in excess of the amount specified in subsection (a) that has not been certified and approved in accordance with such subsection is a violation of section 1341(a)(1)(A) of title 31.

(c) Enterprise Architecture for Defense Business Systems.-Not later than September 30, 2005, the Secretary of Defense, acting through the Defense Business Systems Management Committee, shall develop-

(1) an enterprise architecture to cover all defense business systems, and the functions and activities supported by defense business systems, which shall be sufficiently defined to effectively guide, constrain, and permit implementation of interoperable defense business system solutions and consistent with the policies and procedures established by the Director of the Office of Management and Budget, and

(2) a transition plan for implementing the enterprise architecture for defense business systems.

(d) Composition of Enterprise Architecture.-The defense business enterprise architecture developed under subsection (c)(1) shall include the following:

(1) An information infrastructure that, at a minimum, would enable the Department of Defense to-

(A) comply with all Federal accounting, financial management, and reporting requirements;

(B) routinely produce timely, accurate, and reliable financial information for management purposes;

(C) integrate budget, accounting, and program information and systems; and

(D) provide for the systematic measurement of performance, including the ability to produce timely, relevant, and reliable cost information.

(2) Policies, procedures, data standards, and system interface requirements that are to apply uniformly throughout the Department of Defense.

(e) Composition of Transition Plan.-(1) The transition plan developed under subsection (c)(2) shall include the following:

(A) The acquisition strategy for new systems that are expected to be needed to complete the defense business enterprise architecture.

(B) A listing of the defense business systems as of December 2, 2002 (known as "legacy systems"), that will not be part of the objective defense business enterprise architecture, together with the schedule for terminating those legacy systems that provides for reducing the use of those legacy systems in phases.

(C) A listing of the legacy systems (referred to in subparagraph (B)) that will be a part of the objective defense business system, together with a strategy for making the modifications to those systems that will be needed to ensure that such systems comply with the defense business enterprise architecture.

(2) Each of the strategies under paragraph (1) shall include specific time-phased milestones, performance metrics, and a statement of the financial and nonfinancial resource needs.

(f) Approval Authorities and Accountability for Defense Business Systems.-The Secretary of Defense shall delegate responsibility for review, approval, and oversight of the planning, design, acquisition, deployment, operation, maintenance, and modernization of defense business systems as follows:

(1) The Under Secretary of Defense for Acquisition, Technology and Logistics shall be responsible and accountable for any defense business system the primary purpose of which is to support acquisition activities, logistics activities, or installations and environment activities of the Department of Defense.

(2) The Under Secretary of Defense (Comptroller) shall be responsible and accountable for any defense business system the primary purpose of which is to support financial management activities or strategic planning and budgeting activities of the Department of Defense.

(3) The Under Secretary of Defense for Personnel and Readiness shall be responsible and accountable for any defense business system the primary purpose of which is to support human resource management activities of the Department of Defense.

(4) The Assistant Secretary of Defense for Networks and Information Integration and the Chief Information Officer of the Department of Defense shall be responsible and accountable for any defense business system the primary purpose of which is to support information technology infrastructure or information assurance activities of the Department of Defense.

(5) The Deputy Secretary of Defense or an Under Secretary of Defense, as designated by the Secretary of Defense, shall be responsible for any defense business system the primary purpose of which is to support any activity of the Department of Defense not covered by paragraphs (1) through (4).

(g) Defense Business System Investment Review.-(1) The Secretary of Defense shall require each approval authority designated under subsection (f) to establish, not later than March 15, 2005, an investment review process, consistent with section 11312 of title 40, to review the planning, design, acquisition, development, deployment, operation, maintenance, modernization, and project cost benefits and risks of all defense business systems for which the approval authority is responsible. The investment review process so established shall specifically address the responsibilities of approval authorities under subsection (a).

(2) The review of defense business systems under the investment review process shall include the following:

(A) Review and approval by an investment review board of each defense business system as an investment before the obligation of funds on the system.

(B) Periodic review, but not less than annually, of every defense business system investment.

(C) Representation on each investment review board by appropriate officials from among the armed forces, combatant commands, the Joint Chiefs of Staff, and Defense Agencies.

(D) Use of threshold criteria to ensure an appropriate level of review within the Department of Defense of, and accountability for, defense business system investments depending on scope, complexity, and cost.

(E) Use of procedures for making certifications in accordance with the requirements of subsection (a).

(F) Use of procedures for ensuring consistency with the guidance issued by the Secretary of Defense and the Defense Business Systems Management Committee, as required by section 186(c) of this title, and incorporation of common decision criteria, including standards, requirements, and priorities that result in the integration of defense business systems.

(h) Budget Information.-In the materials that the Secretary submits to Congress in support of the budget submitted to Congress under section 1105 of title 31 for fiscal year 2006 and fiscal years thereafter, the Secretary of Defense shall include the following information:

(1) Identification of each defense business system for which funding is proposed in that budget.

(2) Identification of all funds, by appropriation, proposed in that budget for each such system, including-

(A) funds for current services (to operate and maintain the system); and

(B) funds for business systems modernization, identified for each specific appropriation.

(3) For each such system, identification of the official to whom authority for such system is delegated under subsection (f).

(4) For each such system, a description of each certification made under subsection (d) with regard to such system.

(i) Congressional Reports.-Not later than March 15 of each year from 2005 through 2009, the Secretary of Defense shall submit to the congressional defense committees a report on Department of Defense compliance with the requirements of this section. The first report shall define plans and commitments for meeting the requirements of subsection (a), including specific milestones and performance measures. Subsequent reports shall-

(1) describe actions taken and planned for meeting the requirements of subsection (a), including-

(A) specific milestones and actual performance against specified performance measures, and any revision of such milestones and performance measures; and

(B) specific actions on the defense business system modernizations submitted for certification under such subsection;

(2) identify the number of defense business system modernizations so certified;

(3) identify any defense business system modernization with an obligation in excess of $1,000,000 during the preceding fiscal year that was not certified under subsection (a), and the reasons for the waiver; and

(4) discuss specific improvements in business operations and cost savings resulting from successful defense business systems modernization efforts.

(j) Definitions.-In this section:

(1) The term "approval authority", with respect to a defense business system, means the Department of Defense official responsible for the defense business system, as designated by subsection (f).

(2) The term "defense business system" means an information system, other than a national security system, operated by, for, or on behalf of the Department of Defense, including financial systems, mixed systems, financial data feeder systems, and information technology and information assurance infrastructure, used to support business activities, such as acquisition, financial management, logistics, strategic planning and budgeting, installations and environment, and human resource management.

(3) The term "defense business system modernization" means-

(A) the acquisition or development of a new defense business system; or

(B) any significant modification or enhancement of an existing defense business system (other than necessary to maintain current services).

(4) The term "enterprise architecture" has the meaning given that term in section 3601(4) of title 44.

(5) The terms "information system" and "information technology" have the meanings given those terms in section 11101 of title 40.

(6) The term "national security system" has the meaning given that term in section 3542(b)(2) of title 44.

(Added Pub. L. 108–375, div. A, title III, §332(a)(1), Oct. 28, 2004, 118 Stat. 1851 ; amended Pub. L. 109–364, div. A, title IX, §906(a), Oct. 17, 2006, 120 Stat. 2354 .)

Prior Provisions

A prior section 2222, added Pub. L. 105–85, div. A, title X, §1008(a)(1), Nov. 18, 1997, 111 Stat. 1870 ; amended Pub. L. 107–107, div. A, title X, §1009(b)(1)–(3)(A), Dec. 28, 2001, 115 Stat. 1208 , 1209, required Secretary of Defense to submit to Congress an annual strategic plan for improvement of financial management within Department of Defense and specified statements and matters to be included in the plan, prior to repeal by Pub. L. 107–314, div. A, title X, §1004(h)(1), Dec. 2, 2002, 116 Stat. 2631 .

Amendments

2006-Subsec. (j)(6). Pub. L. 109–364 substituted "in section 3542(b)(2) of title 44" for "in section 2315 of this title".

Limitation on Financial Management Improvement and Audit Initiatives Within the Department of Defense

Pub. L. 109–364, div. A, title III, §321, Oct. 17, 2006, 120 Stat. 2144 , provided that:

"(a) Limitation.-The Secretary of Defense may not obligate or expend any funds for the purpose of any financial management improvement activity relating to the preparation, processing, or auditing of financial statements until the Secretary submits to the congressional defense committees [Committees on Armed Services and Appropriations of the Senate and the House of Representatives] a written determination that each activity proposed to be funded is-

"(1) consistent with the financial management improvement plan of the Department of Defense required by section 376(a)(1) of the National Defense Authorization Act for Fiscal Year 2006 (Public Law 190–163 [109–163]; 119 Stat. 3213); and

"(2) likely to improve internal controls or otherwise result in sustained improvements in the ability of the Department to produce timely, reliable, and complete financial management information.

"(b) Exception.-The limitation in subsection (a) shall not apply to an activity directed exclusively at assessing the adequacy of internal controls and remediating any inadequacy identified pursuant to such assessment."

Time-Certain Development for Department of Defense Information Technology Business Systems

Pub. L. 109–364, div. A, title VIII, §811, Oct. 17, 2006, 120 Stat. 2316 , provided that:

"(a) Milestone A Limitation.-The Department of Defense executive or entity that is the milestone decision authority for an information system described in subsection (c) may not provide Milestone A approval for the system unless, as part of the decision process for such approval, that authority determines that the system will achieve initial operational capability within a specified period of time not exceeding five years.

"(b) Initial Operational Capability Limitation.-If an information system described in subsection (c), having received Milestone A approval, has not achieved initial operational capability within five years after the date of such approval, the system shall be deemed to have undergone a critical change in program requiring the evaluation and report required by section 2445c(d) of title 10, United States Code (as added by section 816 of this Act).

"(c) Covered Systems.-An information system described in this subsection is any Department of Defense information technology business system that is not a national security system, as defined in 3542(b)(2) of title 44, United States Code.

"(d) Definitions.-In this section:

"(1) Milestone decision authority.-The term 'milestone decision authority' has the meaning given that term in Department of Defense Instruction 5000.2, dated May 12, 2003.

"(2) Milestone a.-The term 'Milestone A' has the meaning given that term in Department of Defense Instruction 5000.2, dated May 12, 2003."