Digital Government: Building a 21st Century Platform to Better Serve the American People The Digital Government Strategy sets out to accomplish three things: 1. Enable the American people and an increasingly mobile workforce to access high-quality digital government information and services anywhere, anytime, on any device. Operationalizing an information-centric model, we can architect our systems for interoperability and openness, modernize our content publication model, and deliver better, device-agnostic digital services at a lower cost. 2. Ensure that as the government adjusts to this new digital world, we seize the opportunity to procure and manage devices, applications, and data in smart, secure and affordable ways. Learning from the previous transition of moving information and services online, we now have an opportunity to break free from the inefficient, costly, and fragmented practices of the past, build a sound governance structure for digital services, and do mobile “right” from the beginning. 3. Unlock the power of government data to spur innovation across our Nation and improve the quality of services for the American people. We must enable the public, entrepreneurs, and our own government programs to better leverage the rich wealth of federal data to pour into applications and services by ensuring that data is open and machine-readable by default. The Digital Government Strategy complements several initiatives aimed at building a 21st century government that works better for the American people. These include Executive Order 13571 (Streamlining Service Delivery and Improving Customer Service), Executive Order 13576 (Delivering an Efficient, Effective, and Accountable Government), the President’s Memorandum on Transparency and Open Government, OMB Memorandum M-10-06 (Open Government Directive), the National Strategy for Trusted Identities in Cyberspace (NSTIC), and the 25-Point Implementation Plan to Reform Federal Information Technology Management (IT Reform). Through IT Reform, the Federal Government has made progress in foundational execution areas such as adopting “light technologies” (e.g. cloud computing), shared services (e.g. commodity IT), modular approaches for IT development and acquisition, and improved IT program management. The strategy leverages this progress while focusing on the next key priority area that requires government-wide action: innovating with less to deliver better digital services. It specifically draws upon the overall approach to increase return on IT investments, reduce waste and duplication, and improve the effectiveness of IT solutions defined in the Federal Shared Services Strategy. The Digital Government Strategy incorporates a broad range of input from government practitioners, the public, and private-sector experts. Two cross-governmental working groups—the Mobility Strategy and Web Reform Task Forces—provided guidance and recommendations for building a digital government. These groups worked with the Office of Management and Budget (OMB) and General Services Administration (GSA) to conduct current state research (e.g. the December 2011 State of the Federal Web Report) and explore solutions for the future of government digital services. Feedback was also incorporated from citizens and federal workers across the nation using online public dialogues, including the September 2011 National Dialogue on Improving Federal Websites and the January 2012 National Dialogue on the Federal Mobility Strategy which produced a combined total of 570 ideas and nearly 2,000 comments. The White House WH _a7b8b970-a556-11e1-8bd4-f02d65e20547 _a7b8be34-a556-11e1-8bd4-f02d65e20547 [To set forth] a series of critical next steps to help build a 21st century government that innovates with less. _a7b8bfec-a556-11e1-8bd4-f02d65e20547 Information Centricity An “Information-Centric” approach—Moves us from managing “documents” to managing discrete pieces of open data and content which can be tagged, shared, secured, mashed up and presented in the way that is most useful for the consumer of that information. The Federal Government must fundamentally shift how it thinks about digital information. Rather than thinking primarily about the final presentation—publishing web pages, mobile applications or brochures—an information-centric approach focuses on ensuring our data and content are accurate, available, and secure. We need to treat all content as data—turning any unstructured content into structured data—then ensure all structured data are associated with valid metadata. Providing this information through web APIs helps us architect for interoperability and openness, and makes data assets freely available for use within agencies, between agencies, in the private sector, or by citizens. This approach also supports device-agnostic security and privacy controls, as attributes can be applied directly to the data and monitored through metadata, enabling agencies to focus on securing the data and not the device. Platform Sharing A “Shared Platform” approach—Helps us work together, both within and across agencies, to reduce costs, streamline development, apply consistent standards, and ensure consistency in how we create and deliver information. To make the most use of our resources and “innovate with less”, we need to share more effectively, both within the government and with the public. We also need to share capacities to build the systems and processes that support our efforts, and be smart about creating new tools, applications, systems, websites and domains. Ultimately, a shared platform approach to developing and delivering digital services and managing data not only helps accelerate the adoption of new technologies, but also lowers costs and reduces duplication. To do so, we need to rapidly disseminate lessons learned from early adopters, leverage existing services and contracts, build for multiple use cases at once, use common standards and architectures, participate in open source communities, leverage public crowdsourcing, and launch shared government-wide solutions and contract vehicles. Customer Centricity A “Customer-Centric” approach—Influences how we create, manage, and present data through websites, mobile applications, raw data sets, and other modes of delivery, and allows customers to shape, share and consume information, whenever and however they want it. From how we create information, to the systems we use to manage it, to how we organize and present it, we must focus on our customers’ needs. Putting the customer first means quality information is accessible, current and accurate at any time whether the customer is in the battle field, the lab, or the classroom. It means coordinating across agencies to ensure when citizens and employees interact with government information and services, they can find what they need and complete transactions with a level of efficiency that rivals their experiences when engaging with the private-sector. The customer-centric principle charges us to do several things: conduct research to understand the customer’s business, needs and desires; make content more broadly available and accessible and present it through multiple channels in a program- and device-agnostic way; make content more accurate and understandable by maintaining plain language and content freshness standards; and offer easy paths for feedback to ensure we continually improve service delivery. The customer-centric principle holds true whether our customers are internal (e.g. the civilian and military federal workforce in both classified and unclassified environments) or external (e.g. individual citizens, businesses, research organizations, and state, local, and tribal governments). Security A platform of “Security and Privacy”—Ensures this innovation happens in a way that ensures the safe and secure delivery and use of digital services to protect information and privacy. As the Federal Government builds for the future, it must do so in a safe and secure, yet transparent and accountable manner. Architecting for openness and adopting new technologies have the potential to make devices and data vulnerable to malicious or accidental breaches of security and privacy. They also create challenges in providing adequate notice of a user’s rights and options when providing personally identifiable information (PII). Moving forward, we must strike a balance between the very real need to protect sensitive government and citizen assets given the realities of a rapidly changing technology landscape. To support information sharing and collaboration, we must build in security, privacy, and data protection throughout the entire technology life cycle. To promote a common approach to security and privacy, we must streamline assessment and authorization processes, and support the principle of “do once, use many times”. We must also adopt new solutions in areas such as continuous monitoring, identity, authentication, and credential management, and cryptography that support the shift from securing devices to securing the data itself and ensure that data is only shared with authorized users. When appropriate, requirements and solutions should be collaboratively developed with industry to match Federal Government needs, using the power of innovation and economies of scale to deliver better-value security and privacy products. Privacy Information-Centric _a7b8c10e-a556-11e1-8bd4-f02d65e20547 Part A The rich wealth of information maintained by the Federal Government is a national asset with tremendous potential value to the public, entrepreneurs, and to our own government programs. This information takes many forms. It can be unstructured content (e.g. press releases, help documents, or how-to guides) or more structured data (e.g. product safety databases, census results, or airline on-time records). Regardless of form, to harness its value to the fullest extent possible, we must adopt an information-centric approach to digital services by securely architecting for interoperability and openness from the start. Traditionally, the government has architected systems (e.g. databases or applications) for specific uses at specific points in time. The tight coupling of presentation and information has made it difficult to extract the underlying information and adapt to changing internal and external needs. This has necessarily resulted in a duplication of efforts and the building of multiple systems to serve different audiences where a single would suffice. For example, most websites are typically built with webpages sized specifically for computer screens. To serve mobile audiences, many agencies build an entirely new mobile site to present the same content to federal employees and the public. An information-centric approach decouples information from its presentation. It means beginning with the data or content, describing that information clearly, and then exposing it to other computers in a machine-readable format—commonly known as providing web APIs. In describing the information, we need to ensure it has sound taxonomy (making it searchable) and adequate metadata (making it authoritative). Once the structure of the information is sound, various mechanisms can be built to present it to customers (e.g. websites, mobile applications, and internal tools) or raw data can be released directly to developers and entrepreneurs outside the organization. This approach to opening data and content means organizations can consume the same web APIs to conduct their day-to-day business and operations as they do to provide services to their customers. In addition, by embedding security and privacy controls into structured data and metadata, data owners can focus more effort on ensuring the safe and secure delivery of data to the end customer and fewer resources on securing the device that will receive the data. For example, security of an endpoint device becomes less of a risk management factor if data is protected and authorized users must authenticate their identities to gain access to it. The private sector has proven an information-centric model for delivering digital services securely and efficiently. The time has come for the Federal Government to embrace this approach in stride. Recognizing that simply publishing snapshots of government information is not enough to make it open, we need to improve the quality, accessibility, timeliness, and usability of our data and content through well-defined standards that include the use of machine-readable formats such as web APIs and common metadata tagging schemas. Open Data, Content, and Web APIs Make Open Data, Content, and Web APIs the New Default _a7b8c24e-a556-11e1-8bd4-f02d65e20547 1 To lay the foundation for opening data and content efficiently, effectively and accessibly, OMB will work with representatives from across government to develop and publish an open data, content, and web API policy for the Federal Government. This policy will leverage central coordination and leadership to develop guidelines, standards, and best practices for improved interoperability. To establish a “new default,” the policy will require that newly developed IT systems are architected for openness and expose high-value data and content as web APIs at a discrete and digestible level of granularity with metadata tags. Under a presumption of openness, agencies must evaluate the information contained within these systems for release to other agencies and the public, publish it in a timely manner, make it easily accessible for external use as applicable, and post it at in a machine-readable format. 352518d2-a386-45fd-b6c5-3929888f0126 Policy and Standards Issue government-wide open data, content, and web API policy and identify standards and best practices for improved interoperability. _a7b8c3ac-a556-11e1-8bd4-f02d65e20547 Milestone 1.1 OMB "Owner" Timeframe: 6 months ffe96282-429e-440f-950d-3d681393bcfe New IT Systems Ensure all new IT systems follow the open data, content, and web API policy and operationalize pages. _a7b8c51e-a556-11e1-8bd4-f02d65e20547 Milestone 1.2 Agencies "Owners" Timeframe: 12 months [Within 6 months of release of open data policy—see milestone 1.1] a3ea87d1-50c5-4087-959d-75bce92c3675 High-Value Data and Content Make Existing High-Value Data and Content Available through Web APIs _a7b8c6a4-a556-11e1-8bd4-f02d65e20547 2 Recognizing that change will not happen overnight, we need to adopt an efficient and cost effective implementation strategy that will not place an undue burden on agencies to transition all existing systems and information upfront. While the open data and web API policy will apply to all new systems and underlying data and content developed going forward, OMB will ask agencies to bring existing high-value systems and information into compliance over a period of time—a “look forward, look back” approach. To jump-start the transition, agencies will be required to: ••Identify at least two major customer-facing systems that contain high-value data and content; ••Expose this information through web APIs to the appropriate audiences; ••Apply metadata tags in compliance with the new federal guidelines; and ••Publish a plan to transition additional systems as practical. Given the scope, scale, and complexity of some of these systems, agencies will be asked to prioritize release of data and content so the most valuable information is made available first. In cases where the system supports a website, content must also be structured, published through web APIs and tagged appropriately. Agencies will be required to engage with their customers within three months to identify the highest priority systems to transition, and work internally across communications, content, and infrastructure teams (e.g. program leads, digital strategists, web managers, Chief Information Officers (CIOs), Chief Financial Officers (CFOs), Chief Technology Officers (CTOs), Chief Acquisition Officers (CAOs), Chief Public Affairs Officers, Geographic Information Officers (GIOs), and data managers to select the final candidates. GSA will help agencies develop web APIs through the Digital Services Innovation Center (see section 3). Additionally, will be expanded to include a web API catalog to serve as an interactive directory of information made available to the public by agencies via web services so that customers may more readily utilize that information in their own applications. Web APIs posted on agencies’/developer pages will be automatically aggregated in this catalog. 3613b779-a8b1-4d1d-a989-3d3d9f8c8fa0 Customer Engagement Engage with customers to identify at least two existing major customer-facing services that contain high-value data or content as first-move candidates to make compliant with new open data, content, and web API policy. _a7b8c816-a556-11e1-8bd4-f02d65e20547 Milestone 2.1 Agencies "Owners" Timeframe: 3 months d7e5da6d-da85-4a4d-836f-1c418c962e06 Initial Systems Make high-value data and content in at least two existing major customer-facing systems available through web APIs, apply metadata tagging and publish a plan to transition additional high-value systems. _a7b8c99c-a556-11e1-8bd4-f02d65e20547 Milestone 2.2 Agencies "Owners" Timeframe: 12 months [Within 6 months of release of open data policy—see milestone 1.1] 7969e3c8-bd32-4711-adc7-a432e449a091 Expand to include a web API catalog that centrally aggregates web APIs posted on agencies’/developer pages. _a7b8cb54-a556-11e1-8bd4-f02d65e20547 Milestone 2.3 GSA "Owner" Timeframe: 12 months 5fee4e47-22cf-44cc-8b66-a572ff143553 Shared Platform _a7b8ccf8-a556-11e1-8bd4-f02d65e20547 Part B Government agencies are missing out on opportunities to share ideas and resources within the digital services space. Inefficiencies such as fragmented procurement and development practices waste taxpayer dollars and stymie the consistent adoption of new technologies and approaches. The shift to a shared platform culture will require strong leadership at the government-wide and agency levels. Agencies must begin to look first to shared solutions and existing infrastructure when developing new projects, rather than procuring new infrastructure and systems for each new project. They must also share ownership of common service areas, both within and across agencies, instead of creating multiple websites on the same topic. To alleviate the burden on individual agencies, prevent duplication, and spur innovation, we must provide central support for the adoption of new technologies, development of better digital services, and strengthening of governance. Digital Services Innovation Center Establish a Digital Services Innovation Center and Advisory Group _a7b8cea6-a556-11e1-8bd4-f02d65e20547 3 Digital Services Innovation Center Digital Services Innovation Advisory Group There are common challenges that all agencies face in trying to deliver better digital services at a lower cost to the American people and employees. Approaching these challenges as one government will enable agencies to focus their time and money on developing innovative, mission-facing solutions rather than re-inventing the wheel. •Launch a shared mobile application development program, in conjunction with the Federal CIO Council, that will help agencies develop secure, device-agnostic mobile applications, provide a development test environment to streamline app delivery, foster code-sharing, and validate official government applications. To augment the natural cross-agency collaboration that has developed through initiatives such as the Web Reform and Mobility Strategy Task Forces, OMB will formalize and sustain such coordination into the future by convening a Digital Services Advisory Group that draws membership from the Federal CIO Council, Federal Web Managers Council, and other agency leaders. Through its leadership, the Advisory Group will promote cross-agency sharing and accelerated adoption of mobile workforce solutions and best practices in the development and delivery of digital services that build in security and privacy and keep the federal workforce abreast of emerging technologies. Overall, in addition to advising the Federal CIO on implementation of the strategy, the Advisory Group will have three main focus areas: ••Help prioritize shared services needs for the Digital Services Innovation Center. The Advisory Group will identify areas that need government-wide leadership and work with the Innovation Center to determine the best shared solutions that leverage existing agency work and commercial options to the extent practical. ••Foster the sharing of existing policies and best practices using online platforms and communities of practice to provide more structure to existing ad-hoc collaboration efforts. For instance, many front-running agencies have already launched bring-your-own-device (BYOD) pilots that test new devices and solutions. The Advisory Group will work with the Federal CIO Council to develop government- Identifying opportunities for sharing existing solutions at agencies and building new solutions for government-wide use requires strong leadership, coordination, and support. To operationalize the principle of “build once, use many times”, GSA will expand its current efforts and establish a Digital Services Innovation Center. The Center will work with agencies to establish shared solutions and training to support infrastructure and content needs across the Federal Government (e.g. source code sharing tools, video captioning, language translation, usability and accessibility testing, web hosting, and security architectures). The Innovation Center will support agencies lacking these capabilities, not supersede agencies’ existing capabilities, and function as a cooperative enterprise that draws on resources from across government and leverages the expertise of forward-leaning agencies. At the outset, to support strategy implementation, the Center will focus on three initial actions: •• Identify shared and open content management system (CMS) solutions and support implementation through training and best practices. This will offer agencies an alternative to building their own platforms in isolation and enable code sharing and modular development. •• Help agencies develop web APIs and unlock valuable data by providing expert resources and other support to enable developers, entrepreneurs, and other end users take advantage of government data and content. wide BYOD guidance leveraging their findings. The Advisory Group will also work with the Federal Web Managers Council to develop guidelines for improving digital services and creating better digital content (see section 6) and setting up intra-agency governance models for delivering better digital services (see section 4). ••Identify and recommend changes to help close gaps in policy and standards. For instance, as new technologies are introduced into the federal environment, policies governing identity and credential management may need to be revised to allow the introduction of new solutions that work better in a mobile world. Equally, as new technologies emerge, telework rules may need to be revisited to allow employees to work from any location, as long as the device and connectivity are appropriately secure. 3ebe6ea0-987c-4945-82a7-54278f97d8a9 Digital Services Innovation Center Establish a Digital Services Innovation Center to improve the government’s delivery of digital services. _a7b8d0e0-a556-11e1-8bd4-f02d65e20547 Milestone 3.1 Digital Services Innovation Center GSA "Owner" Timeframe: 1 month 370012d0-3b00-48fe-b195-769acb43282b Digital Services Advisory Group Convene a Digital Services Advisory Group to provide input on priorities for the Innovation Center activities and recommend government-wide best practices, guidance, and standards. _a7b8d2e8-a556-11e1-8bd4-f02d65e20547 Milestone 3.2 OMB "Owner" Digital Services Advisory Group Timeframe: 1 month 853ce8c6-c1ae-44c3-97bf-ee23a7cd7669 BYOD Guidance Release government-wide bring-your-own-device (BYOD) guidance based on lessons learned from successful pilots at federal agencies. _a7b8d4e6-a556-11e1-8bd4-f02d65e20547 Milestone 3.3 Digital Services Advisory Group "Owner" Federal CIO Council "Owner" Timeframe: 3 months 657338e1-7517-4adf-b74e-a9090a237183 Content Management Systems Identify shared and open content management system solutions. _a7b8d73e-a556-11e1-8bd4-f02d65e20547 Milestone 3.4 Digital Services Innovation Center "Owner" Timeframe: 6 months 0a5bd1ad-14ef-4839-a441-c20ee3cddeb5 Web APIs Provide support to help agencies develop web APIs. _a7b8d93c-a556-11e1-8bd4-f02d65e20547 Milestone 3.5 Digital Services Innovation Center "Owner" Timeframe: 6 months a0c042e8-ca08-4928-9c03-d75e36dc43aa Mobile Apps Launch a shared mobile app development program. _a7b8db94-a556-11e1-8bd4-f02d65e20547 Milestone 3.6 Digital Services Innovation Center "Owner" Federal CIO Council "Owner" Timeframe: 12 months 90d6ff03-1565-43ed-9fd9-19cc3d9e01ad Intra-Agency Governance Establish Intra-Agency Governance to Improve Delivery of Digital Services _a7b8de28-a556-11e1-8bd4-f02d65e20547 4 At the agency-level, Agency CIOs are responsible for commodity IT services and information security. However, the lines of responsibility for developing and delivering content and data are not as clear and distinct. Agencies must decide how they will staff and manage the delivery of digital services across the enterprise. An uncoordinated approach at some agencies has resulted in the development and maintenance of dozens—in some cases hundreds—of separate websites and supporting infrastructure, and application of varying degrees of quality and fiscal control to these resources. In many cases, agencies lack consistent processes to measure performance and ensure content quality. Agencies must drive better decision-making across the organization about how best to spend resources on digital services and manage their data. The Digital Services Advisory Group (see section 3) will recommend guidelines to help agencies set up an effective governance structure where it does not yet exist. The guidance will suggest a range of approaches, but not prescribe specific structures, and set expectations for activities and outcomes. For example, as agencies establish new governance structures or strengthen existing ones, they will be required to establish specific, measurable goals for delivering better services at a lower cost (e.g. through domain consolidation) and set agency-wide standards for content lifecycle management, adoption of third-party online tools, mobile application delivery, and sharing (e.g. infrastructure and digital information). 61a3c961-f576-4d37-8ac2-e6c0b75f967c Agency-Wide Governance Guidelines Recommend guidelines on agency-wide governance structure for developing and delivering digital services and managing data. _a7b8e062-a556-11e1-8bd4-f02d65e20547 Milestone 4.1 Advisory Group "Owner" Timeframe: 3 months df5569fb-901c-41c9-bb1a-8dee2100f9b1 Agency-Wide Governance Structure Establish an agency-wide governance structure for developing and delivering digital services. _a7b8e27e-a556-11e1-8bd4-f02d65e20547 Milestone 4.2 Agencies "Owners" Timeframe: 6 months [Within 3 months of release of governance guidance—see milestone 4.1] c38fe7d1-fb0a-41a0-a4f0-1cdd441fa1b0 Asset Management and Procurement Shift to an Enterprise-Wide Asset Management and Procurement Model _a7b8e526-a556-11e1-8bd4-f02d65e20547 5 Traditionally, agencies have purchased technology products and services in a fragmented manner at the bureau, regional, team, and even individual levels. This approach has prevented the Federal Government from effectively leveraging its buying power with vendors and service providers. In the mobile space alone, the opportunity to increase efficiencies and cut costs is too great to overlook. The Federal Government currently spends approximately $1.2 billion annually for mobile and wireless services and devices with an inventory of approximately 1.5 million active accounts. These figures will only increase as agencies accelerate their adoption of new mobile technologies. By moving to an enterprise-wide model, we can leverage economies of scale and streamline purchasing, invoicing, and asset management processes. We can also explore different pricing models, such as usage-based pricing (e.g. metered), first at the agency-wide level and eventually at the government-wide level. Adopting a shared services approach and consolidating mobile device and wireless service contracts will not only reduce costs but also improve our ability to track usage, analyze pricing, secure devices, and deliver mobile applications. This is in line with the Administration’s overall effort to consolidate the acquisition and management of commodity IT services through mechanisms such as the Federal Strategic Sourcing Initiative, the PortfolioStat process, and the Administrative Efficiency Initiative. To jumpstart this shift, GSA will establish a government-wide contract vehicle for mobile devices and wireless service and offer agencies the option of accessing central portal services for placing orders, reporting inventory, and managing expenses to optimize their mobile usage. GSA will also set up a government-wide mobile device management platform to support enhanced monitoring, management, security, and device synchronization. The Federal CIO Council will work with the Digital Services Advisory Group (see Section 3) to develop models for the secure, yet rapid, delivery of commercial mobile applications into the federal environment to support the consistent application of security and interoperability requirements. For example, an enterprise mobile application environment could provide central hosting, distribution, certification, and management services for mobile applications. For their part, agencies will be required to develop and maintain an enterprise-wide inventory of their mobile devices and wireless service contracts, and include an evaluation of government-wide contract vehicles in their alternatives analysis for all new mobile-related procurements. 5696788b-c10f-414b-bcd9-22fd04c59c73 Contract Vehicle Establish government-wide contract vehicle for mobile devices and wireless service. _a7b8e760-a556-11e1-8bd4-f02d65e20547 Milestone 5.1 GSA "Owner" Timeframe: 6 months 668cdfa3-01c3-49c3-b3e8-7410a2751e3d Inventory Develop an enterprise-wide inventory of mobile devices and wireless service contracts. _a7b8e9ae-a556-11e1-8bd4-f02d65e20547 Milestone 5.2 Agencies "Owners" Timeframe: 6 months 4adbc040-c194-4d59-8532-34226e4bccf7 Alternatives Analysis Evaluate the government-wide contract vehicles in the alternatives analysis for all new mobile-related procurements. _a7b8ec42-a556-11e1-8bd4-f02d65e20547 Milestone 5.3 Agencies "Owners" Timeframe: 12 months 117edd41-a76f-40ea-8263-8956b3676fa2 Mobile Applications Develop models for the delivery of commercial mobile applications into the federal environment. _a7b8ee9a-a556-11e1-8bd4-f02d65e20547 Milestone 5.4 Digital Services Advisory Group "Owner" Federal CIO Council "Owner" Timeframe: 12 months f02467a6-0e7c-4fcf-9e2f-1c96a00459f6 Platform Set up a government-wide mobile device management platform. _a7b8f110-a556-11e1-8bd4-f02d65e20547 Milestone 5.5 GSA "Owner" Timeframe: 12 months ea91a178-e719-48ee-8269-da475f61d7f5 Customer-Centric _a7b8f3cc-a556-11e1-8bd4-f02d65e20547 Part C The quality of digital services that we provide determines our reputation and trust as an institution. It profoundly affects the customer experience that our employees and citizens have in working for, and engaging with, the Federal Government. Digital services include the delivery of digital information and transactional services (e.g. online forms, benefits applications, timecard submissions) across a variety of platforms, devices and delivery mechanisms (e.g. websites, mobile applications, and social media). Regardless of the form they take, these digital services must be designed and delivered with customer service first in mind and reflect the technologies used by today’s customers. Customer-centric government means that agencies respond to customers’ needs and make it easy to find and share information and accomplish important tasks. It requires holding ourselves to a high-standard of timely data, informative content, simple transactions, and seamless interactions that are easily accessible. The mantra of “anytime, anywhere, any device,” is increasingly setting the standard for how information and services are both delivered and received in a two-way exchange of information and ideas. We must embrace the ability of new technologies to drive participation in the digital public square. To develop innovative, transparent, customer-facing products and services efficiently and effectively, the Federal Government must also focus on the fundamentals of customer-centric design: measure how well we are providing meaningful services; focus our efforts on those interactions that have the most use and value; institutionalize performance measurement; and continuously improve services in response to those measurements. Tools and Technologies Deliver Better Digital Services Using Modern Tools and Technologies _a7b8f6a6-a556-11e1-8bd4-f02d65e20547 6 Using modern tools and technologies such as responsive web design and search engine optimization is critical if the government is to adapt to an ever-changing digital landscape and deliver services to any device, anytime, anywhere. Similarly, optimizing content for modern platforms, rather than just translating content from paper-based documents to the Web, will help ensure the American people and employees can access content regardless of platform. Agencies will need to keep current with the latest design concepts and refresh content delivery mechanisms to ensure the highest performance. To help achieve these objectives, the Digital Services Advisory Group (see section 3) will work with the Federal Web Managers Council to recommend guidelines for improving digital services and the customer experience that will set a new default for how digital services are developed and delivered. These guidelines will include: ••Approaches for consolidating duplicative websites and coordinating information delivery across agencies; ••Best practices for identifying and optimizing top tasks34, content, and transactions, including use of plain language; optimizing for usability, search, and accessibility; and implementing content lifecycle management; ••Best practices for standards-compliant, next-generation web development, including use of content delivery networks; content management systems; common code libraries, frameworks, and tools; and responsive web design (e.g. using HTML5 and CSS3 to provide a mobile-tailored experience); ••Standards for structuring and tagging content and data to be machine-readable; ••Approaches for using customer feedback to make improvements; and ••Considerations to support the adoption of an information-centric security model. The dot gov domain guidance and procedures will be updated to help ensure all new digital services meet these improvement guidelines. Under the principle of “no new domains”, criteria for approving new second-level domains will be strengthened and new domains will only be granted on an exception basis. For example, an agency may be granted a new single domain to host consolidated content previously spread across multiple domains, thus streamlining the customer experience and reducing redundant infrastructure. Domains will be approved or renewed only if they to comply with web-related federal standards, guidance, and regulations (e.g. adoption of the aforementioned guidelines, IPv6, DNSSEC, continuous monitoring, and externally-issued credentials). In addition, the dot gov domain registration process will reinforce existing policies prohibiting the use of (e.g. .org, .com) top-level domains. Through the Digital Services Innovation Center (see section 3), GSA will provide tools, guidelines, and training to help agencies comply with these new policies and continue efforts to consolidate websites along topical lines. d140c06b-640d-4cfa-8f77-fd5817467653 Guidelines Recommend guidelines for improving digital services and customer experience. _a7b8f944-a556-11e1-8bd4-f02d65e20547 Milestone 6.1 Digital Services Advisory Group "Owner" Federal Web Managers Council "Owner" Timeframe: 6 months 4e01fbba-717b-4ca4-9ed8-9a83996e0051 Dot Gov Domain Guidance Update the dot gov domain guidance and procedures to help ensure all new digital services meet improvement guidelines and provide support to agencies. _a7b8fc50-a556-11e1-8bd4-f02d65e20547 Milestone 6.2 GSA "Owner" Timeframe: 6 months c696ab60-75ba-4ec6-a541-4cd5e840102e Compliance Ensure all new digital services follow digital services and customer experience improvement guidelines. _a7b8ff16-a556-11e1-8bd4-f02d65e20547 Milestone 6.3 Agencies "Owner" Timeframe: 12 months [Within 6 months of release of improvement guidance—see milestone 6.2] cc23b1e5-6bf3-4dd6-be52-fbf427f97fad Mobile Services Improve Priority Customer-Facing Services for Mobile Use _a7b901dc-a556-11e1-8bd4-f02d65e20547 7 The general public and our government workforce should be able to access government information and services on demand and on any device. To jump-start the transition to mobile platforms, agencies will be required to mobile-enable at least two priority customer-facing services within the next 12 months. This includes services currently provided offline or optimizing those currently delivered online for mobile platforms. Agencies will also be required to deliver information in new ways that fully harness the power and potential of mobile and web-based technologies and ensure that all domains (e.g. can be easily accessed and used on mobile devices. GSA will help coordinate these efforts to prevent the development of duplicative services and support the use of shared solutions to provide the best quality mobile services at the lowest costs (see section 3). Agencies will be required to engage their customers within three months to identify the highest priority services to optimize for mobile use, and work internally across communications, content, and infrastructure teams to select their final candidates. They will also be required to publish a plan for improving additional existing services as practical. 57fc60e4-32fb-4faf-8970-d318ac718592 Customer Engagement Engage with customers to identify at least two existing priority customer-facing services to optimize for mobile use. _a7b904fc-a556-11e1-8bd4-f02d65e20547 Milestone 7.1 Agencies "Owners" Timeframe: 3 months e8e16c10-db10-4164-b9cf-d01120496701 Optimization and Plan Optimize at least two existing priority customer-facing services for mobile use and publish a plan for improving additional existing services. _a7b907e0-a556-11e1-8bd4-f02d65e20547 Milestone 7.2 Agencies "Owners" Timeframe: 12 months [Within 6 months of release of digital services improvement guidance—see milestone 6.2] d73fd93c-99e0-48bb-9fc5-a65357776317 Performance and Satisfaction Measure Performance and Customer Satisfaction to Improve Service Delivery _a7b90ac4-a556-11e1-8bd4-f02d65e20547 8 Objective performance measures should drive the development and delivery of effective digital government services. Today most agencies lack enterprise-wide performance measures to consistently evaluate the success and usability of their websites. This limits their ability to allocate resources effectively to invest in critical-needs areas. Similarly, the lack of a government-wide view of performance for digital service delivery makes it difficult to properly address gaps or duplications in services. To enable data-driven decisions on service performance, agencies will be required to use analytics and customer satisfaction measurement tools on all .gov websites within 6 months. To help these efforts, the Digital Services Innovation Center (see Section 3) will identify common tools for agencies to use that will enable aggregation of this data at the federal level. Common tools will give us the ability—for the first time—to take a government-wide view of how well we serve our customers and opens up new possibilities for consolidating and improving the federal web space and the growing number of mobile services. 0939cbc6-0ee6-448a-8a8b-bb62c1a259ec Tools and Guidance Identify tools and guidance for measuring performance and customer satisfaction on digital services. _a7b90e02-a556-11e1-8bd4-f02d65e20547 Milestone 8.1 "Owner" Timeframe: 3 months 4a3b0d7a-38b0-4610-8bf1-a108cf0d66fd Implementation Implement performance and customer satisfaction measuring tools on all .gov websites. _a7b91104-a556-11e1-8bd4-f02d65e20547 Milestone 8.2 Agencies "Owners" Timeframe: 6 months [Within 3 months of release of tools and guidance—see milestone 8.1] 619cc978-8881-412f-ba81-321cc80a3f4c Security and Privacy _a7b91410-a556-11e1-8bd4-f02d65e20547 Part D The information maintained by the Federal Government needs to be secured regardless of how data is stored, processed, or transmitted. As information and devices become increasingly mobile, we must ensure confidentiality, integrity, and availability by building security into digital government services. As the government moves to an information-centric and mobility-enabled digital environment, existing security, privacy, and data protections and cyber security priorities—including Trusted Internet Connection (TICs), continuous monitoring, and strong authentication consistent with NSTIC and Federal Identity Credential and Access Management (ICAM) requirements—must be considered throughout the entire life cycle of existing and emerging technologies as part of agencies’ overall organizational risk management. They must also be updated to reflect the realities of a rapidly changing technology landscape. Mobile devices have unique security challenges. Due to their portability, they are easy to misplace, potentially compromising any unencrypted sensitive data or applications stored locally. Wireless connectivity allows users to bypass an agency’s secure TIC and connect directly to the Internet and other untrusted resources. These problems are not new, as the introduction of laptops into the workforce led to security and data breaches as employees took their electronic devices mobile. However, the new class of smaller, lighter smartphones and media tablets has elevated exposure to this risk. The rate of change of mobile operating systems, new update and notification capabilities from external hardware and software vendors, diversity of the devices themselves, and introduction of employee-owned devices (BYOD) also make security in the mobile space more challenging than in a traditional desktop environment and require new approaches to continuously monitor and manage devices and secure the data itself. The challenge extends beyond the workforce and into the delivery of services to external customers. When deploying applications and other mobile technologies to interact with citizens and businesses, the Federal Government will need to foster trust, accountability, and transparency about how user information is collected, used, shared, and secured, without unduly burdening the robust development of such technologies or the user experience. Safety and Security Promote the Safe and Secure Adoption of New Technologies _a7b91776-a556-11e1-8bd4-f02d65e20547 9 Agencies need to continue to integrate effective security and privacy measures into the design and adoption of all new technologies introduced to the federal environment, including mobile devices, applications, and wireless networks, consistent with existing policies, and incorporate commercial security and privacy capabilities by default, augmenting controls and policies as required. To enable agencies to share security testing information and prevent unnecessary duplication, the Department of Homeland Security (DHS) and the Department of Defense (DOD) will work with the National Institute of Standards and Technology (NIST) to develop a security baseline within 12 months that provides standardized security requirements for mobile and wireless adoption in the Federal Government. This will include the development of mobile and wireless security reference architectures that incorporate security and privacy by design while accounting for different agencies’ mission needs. For example, the Federal Government’s evolving enterprise wireless networks may have varying needs to support unclassified and classified high-bandwidth traffic, mission critical wireless coverage to in-building and terrestrial environments, and data offloading. A government-wide mobile and wireless security baseline will enable adoption of the “do once, use many times” approach to mobile and wireless security assessment, authorization, and continuous monitoring. Going forward, we must pilot, document, and rapidly scale new approaches to secure data and mobile technologies and address privacy concerns (see section 3 for role of the Digital Services Advisory Group in facilitating this process). Such pilots and documentation will help advance our security posture and communicate the Federal Government’s expectations on product capabilities to the private sector. Shifting to the cloud is one area of opportunity. For example, if applications, operating systems, and data reside in an appropriately secured cloud environment rather than on a device, this will limit the potential impact to an agency in the event a device is lost, stolen, or compromised. Other opportunity areas include adopting advanced mobile device management solutions to support continuous monitoring, strengthening identity and access management, and accepting externally-issued credentials on public-facing websites. ab1aee1d-8e5d-4e40-bf95-c9453c77edd9 Security Baseline Develop government-wide mobile and wireless security baseline (includes security reference architectures.) _a7b91aa0-a556-11e1-8bd4-f02d65e20547 Milestone 9.1 DHS "Owner" DOD "Owner" NIST "Owner" fba15283-17f3-435e-8612-7dbd4bf49aca Streamlining Evaluate and Streamline Security and Privacy Processes _a7b91e42-a556-11e1-8bd4-f02d65e20547 10 Given the realities of a rapidly changing technology landscape, we must continually evaluate current processes for adopting new technologies and ensuring they provide security and privacy protections. As part of its ongoing work on securing mobile devices, applications, and platforms to support wider mobile adoption across the Federal Government, NIST will review existing standards and guidelines to ensure they are sufficiently flexible to accommodate mobile technology. The Federal CIO Council’s Information Security and Identity Management Committee will also evaluate opportunities to accelerate the secure adoption mobile technologies into the federal environment at reduced costs. As good stewards of data security and privacy, the Federal Government must ensure that there are safeguards to prevent the improper collection, retention, use or disclosure of sensitive data such as personally identifiable information (PII). These safeguards should be regularly reviewed and updated as technology use, capability, and architectures advance so they do not unnecessarily stifle the government’s ability to architect for openness and engage with the public. The Federal CIO Council’s Privacy Committee will work with NIST and the National Archives and Records Administration (NARA) to develop guidelines for standardized implementation of privacy controls in a digital environment and educate key agency privacy and legal officials on the latest technology advances and options for addressing digital privacy (e.g. data collection and individual notice) as well as records retention and security issues. 0a03733a-40e7-4eda-b11f-d8a9d0e47938 Report Report on NIST’s ongoing work in mobile technology, including the applicability of NIST’s standards and guidelines to mobile devices and platforms. _a7b92202-a556-11e1-8bd4-f02d65e20547 Milestone 10.1 NIST "Owner" Timeframe: 3 months 757adf1c-e639-41ea-a424-e87c7709ac79 Evaluation Evaluate opportunities to accelerate the secure adoption of mobile technologies into the federal environment at reduced cost. _a7b92568-a556-11e1-8bd4-f02d65e20547 Milestone 10.2 Digital Services Advisory Group "Owner" Federal CIO Council "Owner" Timeframe: 6 months 71b9170b-c5be-4173-bf4d-61d1afaaab39 Guidelines Develop guidelines for standardized implementation of digital privacy controls and educate agency privacy and legal officials on options for addressing digital privacy, records retention, and security issues. _a7b928e2-a556-11e1-8bd4-f02d65e20547 Milestone 10.3 Federal CIO Council "Owner" NIST "Owner" NARA "Owner" Timeframe: 6 months 62c76f7b-10f9-4a7c-b220-8fe4249ebdac 2012-05-23 2012-05-23 Owen Ambur Submit error.