1 Federal Software Asset Management: The Government’s SAM Framework Alan Vander Mallie, Program Manager U.S. General Services Administration Office of Governmentwide Policy September 2009

2 Software Asset Management Case Study: Running the Government’s SAM Framework The GSA Role Federal SAM/ITAM Program The Government’s SAM Framework How’s it working for US? –Successes, Challenges & Trends

3 GSA Role GSA has a major role in managing Government assets: Real Property (over $1.4 trillion) Personal Property (disposes > $21 billion per year) Travel and Transportation (>600,000 vehicles/1,460 aircraft/$12.3 billion in annual travel expenditures) Information Technology Strategy (purchase $71 billion/year) Regulatory Information (FAR, FMR, FTR, GSAM) Federal Advisory Committees (public transparency)

4 GSA Role Information Technology spending for FY 2009 may total $71 Billion Mission Systems – approx $36 billion –6236 business cases for mission systems Infrastructure – approx $30 billion –25 major business cases for IT infrastructure Source: OMB VUE-IT Application for FY 2009:

5 Federal SAM Program Purpose Support technology strategy efforts so govt is running in the most secure, open, and efficient way possible Help govt realize technical and social goals - focus on process solutions vs technology solutions Create strategic value from SAM/ITAM Goals: Manage Smarter, Buy Smarter, and Increase compliance of IT assets

6 Federal SAM Program Benefits include support for: Aggregated buys through vehicles such as SmartBUY Improved infrastructure optimization and efficient software/hardware usage Closer alignment with approved lists of COTS software (FEA and EA) Better use of acquisition, finance, and installed versus actual usage data Assurance that security features are incorporated into software products as required (e.g., NIST FIPS preclude the use of unvalidated encryption protection of sensitive or valuable data within Federal systems) Achieving Section 508 compliance for software/hardware use by persons with disabilities Going Green with IT purchase decisions for more energy efficient IT operating environments & end-of-use disposal

7 Federal SAM Program Cont’d Support for desktop management & core configurations Auto-discovery of installed software Scheduling maintenance upgrades and software/hardware disposition Improving and clarifying software-use policies (who, what, where, when, why) Development of standard federal-wide license use clauses to protect intellectual property and prevent software piracy Informed software security patching and upgrades, installation and deployment Informed user and IT support staff training.

8 Federal SAM Program Challenges to Establishing Effective SAM: Reason it is not being already done – it is very hard Commercial sector does not always do it well either Data standards for feeder systems do not exist Overall SAM Enterprise Frameworks do not exist Implementing policy that integrates multiple key business processes Dealing with tangible and intangible assets that have many different terms of use depending on the vendor, dealing with each vendor requires a unique approach Try not to create a process that requires excessive overhead for agencies

9 Discovery & Program Foundation Recommend guidelines and strategic framework Document lessons learned internal/industry Asses current state-of-SAM across Government Architect Invest Implement FedITAM Program Realization Launch Website so Citizens, Industry & Government can participate in advancing SAM Highlight use of automated tools Work with Agencies and LOBs re benefits Govtwide SAM Programs Promote Govtwide standardization, consolidation and optimization FedITAM website available share best practices and tools Federal SAM Program - Roadmap

10 Federal SAM Framework The Federal SAM Framework focuses on process improvements using ISO and other SAM/ITAM related standards and tools for: Capturing inventories of deployed software, lists of approved software within FEA and agency enterprise architectures, CPIC investment portfolios, and authorized user data from CIOs; Capturing acquisition, purchasing, and negotiated license usage rights information from CAOs; and Capturing invoice, payment and finance information from CFOs.

11 Federal SAM Framework Highlights six key SAM process areas (ISO ) and 17 questions from chief officers: –Supports routine and extraordinary efforts to standardize, consolidate, and optimize the management, purchase, and increased compliancy of IT assets. –Supports collaboration and partnerships across the disciplines and between those responsible for enterprise architecture and standards, financial management, strategic sourcing and acquisition, IT operations, and asset management.

12 Federal SAM Framework NOTES: The Federal SAM framework leads agencies towards higher levels of maturity in their software asset management programs so they do not continue to waste time and money with manual inventories, ineffective decision processes, and redundant software purchasing efforts. Through inputs to and relationships with federal-wide (SmartBUY) or agency strategic sourcing efforts and the IT Infrastructure LOB program the SAM framework (1) moves vendors towards constantly improving and better securing their products for government enterprise use and (2) moves IT operations and their vendors away from spending too much time and money on purchasing or marketing on many disparate levels.

13 Federal SAM Framework The goal of communicating a common framework across Government is to: -- foster visibility of standards and assets, and promote better management, strategic sourcing, and accurate tracking -- so that information, assets, people, and processes are adequately detected/identified, protected and connected across the federal government.

14 Federal SAM Framework NOTES: The Federal SAM Program & Framework recommends that every software acquisition should be aligned with: –OMB policy and guidance for software acquisition and SmartBUY acquisition –Federal enterprise architecture (FEA) –Agency strategic plans and enterprise architectures –Federal security standards –Capital planning and investment controls (CPIC) –Legislated acquisition and IT requirements.

15 Federal SAM Framework “ The Govts SAM framework offers a view into integrated lifecycle management for IT assets” The Government’s SAM Framework – 6 process areas that cross organizational boundaries: –Approving Software & Hardware –Managing the Buy –Managing Contract Compliance –Monitoring Inventory Usage –Complying with Policies & Standards –Financial & Capital Planning

16 Federal SAM Framework

17 Framework Process Areas Approving IT Architecture Software & Hardware What IT assets are approved to run on the network architecture? What unapproved products are running on the network or are being purchased for deployment, exposing us to risk? Are we addressing the security areas of patch-management and network identity- management?

18 Framework Process Areas Managing the Buy What IT assets are good candidates for cost-saving Smart Buy, GWACs, and other Strategic Sourcing agreements? What are relevant contract terms and clauses for enterprise-wide compliant use of assets? Do our ordering practices reflect the actual depletion, deployment, saturation, and utility rates of my organization?

19 Framework Process Areas Managing Contract Compliance What installed assets expose us to piracy liabilities because they lack licensing agreements? Do our installations exceed authorized licensing? Are agencies in compliance with contract terms and are S/W and H/W vendors in compliance with federal policies?

20 Framework Process Areas Monitoring Inventory Usage What installed assets are not being actively used; and (how) should they be re-used or retired? What assets are sitting on the shelf in large quantities reflecting potentially unwarranted ongoing expenses? What critical asset inventories are nearly depleted?

21 Framework Process Areas Fostering Compliance with Policies & Standards What Federal policies and guidelines govern particular categories of IT assets? How are we working toward compliance with ISO 19770, UNSPSC, and other current or emerging global standards? What are current ITAM policy guidelines issued by OMB, NIST, and OGP; and is our agency in compliance?

22 Framework Process Areas Financial & Capital Planning What are opportunities to increase return on investment and improve cash-flow through smarter buys and uses? What are noteworthy variances in unit pricing for similar products and how best can we close gaps and avoid costs?

23 How is it Working for US? ID Management technology strategy for Implementing HSPD12 Initiative has clear and visible govtwide architecture related to a govtwide acquisition strategy which includes a public list of approved & certified products and services. Website:

24 How is it Working for US? SmartBuy/ESI/GWACs and other Strategic Sourcing agreements Initiative has CoBranding between GSA and DoD - Use of common clauses, terms & conditions to achieve best value – Mandatory consideration of Smart Buy/ESI contracts in FAR Case Website:

25 How is it Working for US? IT Infrastructure Line of Business (LoB) Initiative promotes use of automated tools and adoption of SAM/ITAM processes – Consolidated hundreds of infrastructure investments into 25 and applied highend consulting and engineering expertise to five-year plans. Website:

26 How is it Working for US?

27 How is it Working for US? Strategic View of Tools# of Tools % Total Infrastructure Operations % Planning & Management % IT Security % Total %

28 How is it Working for US? Questions Raised by Tool Analysis:  Do CIOs have the personnel, policies, and procedures in place to optimize IT assets?  Do CIOs know what they have, where it is, who is using their IT assets?  Do CIOs have the right tools and enough information to optimize and manage their IT assets?  Are CIOs buying tools using SmartBUY agreements?

29 How is it Working for US? Created SAM Framework and built proof- of-concept Federal SAM repository and reporting tool Initiative identified common data inputs and sources for using SAM automated tools. Website:

30 How is it Working for US? NOTES: Optimizing COTS software use requires collecting and analyzing SAM data using standard data collection best practices, such that data can be used within and across agencies toward making the Federal Government a leader in software investment management.

31 Sample Data Inputs Acquisition & Finance (CAO) (CFO) (CIO) Human Resources (CIO) (CHCO) IT Inventory System (CIO) (CFO) (Optional) Personnel Information  Agency org code  Sub agency org code  Region code  File send date  File Source Name  File Number  Sender  POC Name  POC Phone No.  POC Address  Employment Status  Department Acquisition & Financial Info  Agency org code  Sub agency org code  Region code  File send date  File Source Name  File Number  Sender  Product Name  Product Version  Manufacturer Name  Contract Number  License type  SIN Number  License description  National Stock Number  Price category  Quantity Purchased  Quantity Ordered  Contract Type  Contract Description  Date of Order  Order Number Cont’d… Deployed Software Inventory Discovery  Agency org code  Sub agency org code  Region code  File send date  File Source Name  File Number  Sender  Product Name  Product Version  Manufacturer Name  User Name  Machine Name  IP Address  MAC Address  Machine Platform  Location  Machine type (formerly Class)  Model No (formerly Model)  RAM  Free HDD Capacity  Total HDD Capacity  Processor Type Cont’d… Sample Inputs for Automated Tools and Life-Cycle Reporting IT Architecture (CIO) Agency’s Approved Software List  Agency org code  Sub agency org code  Region code  File send date  File Source Name  File Number  Sender  Product Name  Product version  Manufacturer Name  Product Type  Product Description  Software Category  Product OS  Version Release Date  Approving Agency Name  Transaction Code  Load Type

32 cont’d, Sample Data Inputs Acquisition & Finance Human Resources IT Inventory System (Optional) Personnel Information Acquisition & Finance, Cont’d…  Date of Receipt  Person to Contact  No of Licenses Received  Receiving person  License Start Date  License End Date  Smart BUY Status  Federal-wide Flag  Vendor Name  Vendor Number  Initial License Cost  Annual Subscription Cost  Annual Support Cost  Annual Subscription & Support  BPA number  Invoice number  ACT number  Fund Code Deployed Software Inventory Discovery Cont’d…  No. of Processors  Server Flag  Machine Serial Number  OS Domain  DNS Host Name  Server Manager Name  Server Used as  Server Name  Server Contact Name  Host Name  Software category  Installed quantity  Date Last Used  Date Installed  OS Platform  Processor/CPU speed  No. IPS Machine Sample Inputs for automated tools and Life-Cycle Reporting IT Architecture Agency’s Approved Software List

33 Reports Summary & Detailed Reporting aggregated by Organization View by Product Name (Oracle, Lotus Notes, MS Windows, etc.) View by Manufacturer (IBM, Microsoft, McAfee, etc.) View by Server Name View by Contract or Blanket Purchase Agreement Number View by Fiscal Year (original purchase date) List of Expired Licenses List of Approved & Non-Approved Products List of Charge Card Purchases Customized Reporting (you create your own report template) Administrative: List of SAM Tool Users Administrative: History of Agency Data Refreshes Executive Dashboard Reports: –Actionable Advices and Alerts –Executive Spreadsheet –Store Documents and Reports

34 How is it Working for US? Published website at to make technology strategy for Federal SAM visible to citizens, industry, and government so we can work together. Contact and interact with US at Alan Vander Mallie Federal SAM/ITAM Program Manager Office of Governmentwide Policy U.S. General Services Administration Phone: (202)