A report from the Department of Defense Inspector General found various software management problems across several service components which the IG said raise cybersecurity risks and create unnecessary costs, but DoD’s Office of the CIO declined to respond to the draft report.
The report, released Tuesday, focused on seven commands and divisions from the Marine Corps, Navy, and Air Force. The IG’s office found multiple problems but chief among them is that none of the reviewed commands or divisions maintaining accurate software inventories and only one unit has employed a process to eliminate duplicative or obsolete software inventories.
“This occurred because the DoD Chief Information Officer (CIO) did not implement an enterprise-wide solution for software application rationalization in response to Federal Information Technology Acquisition Reform Act (FITARA) requirements and, instead, limited rationalization to data center consolidation efforts,” the report notes.
The IG’s office criticized the “unnecessary cybersecurity risks” and “not realizing cost savings” as a result of the lack of an enterprise software application rationalization program, but thus far has run into a cold shoulder from the DoD CIO’s office, which did not respond to the draft report.
In addition to FITARA compliance, the report cites guidance from service branches that requires components to maintain an inventory of software and eliminate duplication in the IT portfolio. The report also notes June guidance from the DoD CIO that requires components to improve software inventory reporting. The memo was sent out after the DoD CIO’s office found that over 30 percent of its software inventory went unreported.
The report recommended that the DoD CIO’s office develop an enterprise-wide process for software application rationalization, establish guidance for components, and require component CIOs to develop guidance from their office.
However, DoD CIO did not provide a response to the recommendations in the draft report. In releasing the draft report, the IG’s office requested comments on the final report by January 11.