Text

Category - Element Initial Element Rating Annual Element Rating Current Element Rating Relevant Evidence Supporting Implementation of Element Obstacles/Risks/Challenges by Category 2018 August 2015 April 2017 May 2018 Budget Formulation - A 2 3 3 IT/IM Budget Guidance Budget Formulation - B 3 3 3 IT/IM Portfolio Executive Council Charter Budget Formulation - C 2 3 3 IT/IM Budget Guidance, MD 4.7, Budget Formulation Budget Formulation - D 2 3 3 Capital Planning and Investment Control Processes (Appendix B)

Budget Execution - E 2 3 3 Capital Planning and Investment Control Processes Budget Execution - F 2 2 2 IT/IM Budget Guidance The Office of the CIO and Office of the CFO have worked collaboratively to refine and streamline agencywide IT budget execution tools, processes, and reports, despite limited dedicated resources available to support this effort. Pilot testing has begun, and the new tools and processes will be documented, communicated, and implemented.

Budget Execution - G 2 3 3 MD 2.8, Integrated IT/IM Governance Framework, MD 4.8, Budget Execution Budget Execution - H 2 3 3 IT/IM Portfolio Executive Council Charter, Strategic Sourcing Group Charter Acquisition - I 2 2 3 IT Budget Execution Guidance, MD 4.8, Budget Execution; NRC Acquisition of Supplies and Services, MD 11.1; Memorandum of Understanding Between Office of Administration, Office of the Chief Financial Officers and Regions, Capital Planning and Investment Control Processes.

The Office of the CIO and Office of Administration have worked collaboratively to: define processes to ensure that the adequate use of incremental development is applied to IT acquisitions; develop formal procedures and training tutorials for the CORs and contractors to use in the execution and maintenance of various contracts or task orders; and the CIO is provided a report on a weekly basis that lists all requisitions received by the Acquisition Management Division for new IT purchases, regardless of dollar amount.

Budget Execution - J 3 3 3 TechStat Policy, Capital Planning and Investment Control Processes Acquisition - K 2 2 2 IT Budget Execution Guidance, MD 4.8, Budget Execution; NRC Acquisition of The GAOs January, 2018 report, Agencies Need to Involve Chief Information Supplies and Services, MD 11.1; Memorandum of Understanding Between Officers in Reviewing Billions of Dollars in Acquisitions, states that the NRCs CIO Office of Administration, Office of the Chief Financial Officers and Regions, reviews and approves IT acquisition plans over $1 million as a member of the Strategic Sourcing Group Charter Strategic Sourcing Group. The groups approval is required before any action can be taken on acquisition over $1million. Further, the report notes that the NRC does not require the development of acquisition plans for acquisitions under $1 million, and in the absence of acquisition plans or strategies, NRC has a process for approving contract actions under $1 million threshold. Additionally, the NRCs CIO reviews and approves high level information on every IT procurement request, such as the purpose, description, and committed amount, prior to contract award. In summary, GAO determined that the NRC fully satisfies OMBs requirements. GAO requested that the NRC provide supporting documentary evidence that acquisition office officials review acquisitions to ensure that IT is properly identified. NRC is now preparing this documentation, and, upon completion of this action, NRC will be fully compliant with FITARA Section K- Acquisition.

Budget Execution - L 2 3 3 IT/IM Budget Guidance, MD 4.8, Budget Execution

Organization and Workforce - M N/A 3 3 As a member of the Executive Review Board, the CIO is involved in the recruitment and selection of Senior Executive Service employees. Therefore if the agency had any other senior executives with CIO-like responsibilities, the CIO would be involved in their recruitment and selection, but the NRC does not.

Organization and Workforce - N N/A 3 3 There is no senior level IT management in the program or regional offices for which the CIO should provide input into critical elements or appraisals. There are only General Grade staff in the 2210 series, such as IT project managers, IT specialists, systems analyst, and cybersecurity specialist. The CIO and CHCO work jointly on the position descriptions and qualifications of the 2210 series for the entire agency.

Organization and Workforce - O N/A 3 3 A list of all individuals with IT responsibilities in the program and regional offices was provided in the NRC Common Baseline. None are senior managers; they are all in the General Grade 2210 series.

Organization and Workforce - P 1 2 2 NRC Strategic Workforce Plan The CIO continues to face challenges to address critical skill gaps. The most recent assessment indicated that skill gaps exist across several IT disciplines. The most prevalent IT skills gaps were determined to be in the areas of Cloud Computing; Computer Network Security; Digital and Cyber Security skills; Cyber Intelligence Analyst skills, IT security protocols, IT system management, web design, IT contract management, IT/AV system design, implementation, operation, and maintenance; Software design and development; and Communications Security. As attrition occurs, the agency is reassigning current staff where feasible; retraining agency staff; and using contractor support to close current IT workforce skill gaps. Limited external hiring is also taking place to address skill gaps that cannot be addressed with internal staff. The agency is also in the process of identifying IT positions for the development of comptency models with the associated core competencies and functions. Additionally, in an effort to more effectively assess future IT workforce needs, the agency has begun to develop a more comprehensive strategic workforce planning process that maps NRCs current IT workforce to the projected agency IT workforce.