Karen Gomez

Board of Advisors

karem gomez disa desmf
Karen Gomez

Karen Gomez,  Deputy Chief, Operations Center Mission Support, DISA and was the Chief Strategist for ITSM. She has embraced many aspects of Information Technology over a 20+ year career, including international and executive consulting, process engineering, strategic and global

deployment, full life cycle application design/development, organizational redesign and change, resource utilization and management, and ITIL/ITSM thought leadership and training. She draws from the breadth of experience gained in working within diverse industries, and government, including city, county, state and federal.

In the Service Operations realm, Ms. Gomez has led such initiatives as convergence of national disparate multi-location, multi-tool, widely distributed support skill sets into a single concept of operations implementation of a Virtual Service Desk model.  Additionally, she spear-headed national and international efforts to establish a new organizational structure, set new standards and operations guidelines, and develop communications, training, transition and implementation plans to merge 79 global Help Desks.

In recent years, Ms. Gomez has also focused on bringing the vision and evolution of the Department of Defense Enterprise Service Management Framework (DESMF) to its’ current status. The DESMF is a confluence of industry best practices, standards and frameworks and is the culmination of broad participation inside and outside the Department of Defense.

Ms. Gomez holds Business Management undergrad with an MBA in Industrial Management and is Master Certified in ITIL v2 and v3 Expert along with the PMP.  She has led training and spoken at various venues including the Acropolis, Nice, France the Long Beach Convention center and other national and international forums.

Karen has been active with the Forum since its inception in 2015.

Larry Wilson

Board of Advisors

Larry Wilson UMASS
Larry Wilson UMASS

Larry Wilson is the Chief Information Security Officer (CISO) in the UMASS President’s office and is responsible for developing, implementing and managing the University of Massachusetts Information Security Policy and Written Information Security Program (WISP). The University program is based on a “Controls Factory” approach Larry created to help organizations operationalize the NIST Cyber Security Framework and its industry best practices (ISO 27001, SANS 20 Critical Controls etc.) across an enterprise and its supply chain. Larry’s approach has been implemented consistently across all five UMASS campuses plus six other universities in the Commonwealth of Massachusetts.

Prior to joining UMASS, Larry was the Vice President, Network Security Manager at State Street Bank. Larry’s industry experience includes IT audit manager for Deloitte Enterprise Risk Services (ERS) consulting practice. In this role he managed a staff responsible for developing and completing a Sarbanes Oxley compliance audit for MasterCard International.

Larry holds a Master of Science degree in Civil / Structural Engineering from the University of New Hampshire. His industry certifications include CISSP, CISA and ISA (PCI Internal Security Assessor). He serves on the Advisory Board for Middlesex Community College and CISO Advisory Board for Oracle. He co-chairs the Massachusetts State University and Community College Information Security Council, and serves as Certification Director for ISACA New England. Larry has been teaching CISA certification training for ISACA for 5 years
His major accomplishments include Finalist for Information Security Executive® (ISE®) of the Year for both the Northeast Region and North America; the SANS People who made a difference in Cybersecurity award in 2013 and one of the top two most influential people in cyber security as selected by Security Magazine in 2016.

 

Foundation for Public Private Collaboration

Forum releases draft of the Foundation for Public Private Collaboration. Please Click here for a copy of the FPPC.  Draft V 1.00 3 March 2017

The Global Forum for Advanced Cyber Resilience released the first draft today of the Foundation for Public Private Collaboration based on the Department of Defense Enterprise Service Management Framework which the DoD CIO Terry Halvorsen directed all activities to conform to on December 24, 2015.

The Forum recognized the business value of the DESMF to provide a much-needed foundation and basic lexicon for collaboration including the recognition of business value for cyber resilience considerations during the strategy phase of the development of products and services.

The DESMF was written to appeal to a broader audience than just the DoD.  The Forum made only minor modifications to terms so it is easy for the DoD to continue to collaborate with the Forum as they have for over a year. Example: The Forum changed the terms ‘DoD’ to ‘organization’ and ‘warfighter’ to ‘customer’ in the document.  The Forum takes advantage of this as a foundation for private/public collaboration adding cyber resilient and business value underpinnings at a common level for all participants.  The Framework does not give guidance for how to do things, it provides a simple framework for what is needed in the development of services.  The Forum believes it has application for products as well.

Foundation for public private collaboration
Click image for copy of the Foundation for Public and Private Collaboration.

The Foundation for Public and Private Collaboration serves two purposes:  First as a reference document to enable and facilitate meaningful collaboration. Second as a framework for operationalizing service management within and between organizations.  It is up to your organization to see direct value for operationalization.  We believe it provides valuable guidance which you can take advantage of at the pace your organization is capable of.

To date the Forum has helped facilitate high level collaboration between participants from the DoD, several civilian agencies, telecommunications, energy, healthcare, transportation, hospitality, entertainment, finance and manufacturing sectors as well as state governments, not for profit organizations, higher education including colleges and universities part of the NSA/DHS Centers of Academic Excellence program and others.

Program and Project Management Study

Our Forum will conduct public/private sector collaboration to help interested parties create supplemental guidance explaining the role of program and project management relative to the creation and delivery of cyber resilient services.

Program and project management have important roles of helping underpin cyber resilience/security to protect business value. Organizations who are not taking advantage of the two may be putting their organizations at risk.  The following are the initial topics of consideration.  We are open for other useful considerations.

Topics to be addressed could include but are not limited to:

Identify Interdependence of IT service management and program, portfolio, and project management:

  • Come to an understanding of why these practices are not mutually exclusive and how they complement each other.
  • Show what needs to be done to properly integrate and align so program and project management complement each other and increase the service provider’s ability to deliver value.
  • Identify the natural touch points to the Foundation for Public Private Collaboration[1] and where integration must be accomplished.
  • Identify measurable business value.

Elements of successful project management:

  • Clarify the relationship between project management standards such as ISO 21500, bodies of knowledge such as the PMBOK®[2], including methods such as PRINCE2®[3], and the Baldrige Cybersecurity Initiative.

Project management in a ‘bi-modal’ environment:

  • Discuss importance of evaluation mechanisms for choosing between traditional vs. agile project methods, and how these methods can peacefully co-exist.

The Forum will use the broadly accepted Foundation for Public and Private Collaboration as the framework for discussion. The guidance will be a parallel document referencing this body of work to help participants operationalize outcomes.  Best practices and lessons learned will be made available to all interested parties.

A broad audience of subject matter experts have committed to participate including organizations from several critical infrastructure sectors, civilian and defense agencies, state governments and supporting not for profit associations.

The study kickoff meeting planned for the last week of February will clarify the scope and topics covered for this activity.  The Forum is accepting comments for these purposes.

[1] The Foundation for Public Private Collaboration document serves two purposes. The first as a foundation for public and private collaboration, the second as operational guidance. The Global Forum for Advanced Cyber Resilience is the custodian. A copy of the FPPC can be found here.

[2] PMBOK® is a registered trademark of Project Management Institute.

[3] Prince2® is a registered trademark of AXELOS llc.

Framework for Improving Critical Infrastructure Cybersecurity Update

DEPARTMENT OF COMMERCE National Institute of Standards and Technology Proposed Update to the Framework for Improving Critical Infrastructure Cybersecurity AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice, request for comments. SUMMARY: The National Institute of Standards and Technology (NIST) requests comments on a proposed update to the Framework for Improving Critical Infrastructure Cybersecurity (the ‘‘Framework’’). The voluntary Framework consists of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks. The Framework was published on February 12, 2014, after a year-long, open process involving private and public sector organizations, including extensive input and public comments. It has been used with increasing frequency and in a variety of ways by organizations of all sizes, areas of interest, and based inside and outside the United States.

This Request for Comments (RFC) is meant to facilitate coordination with, ‘‘private sector personnel and entities, critical infrastructure owners and operators, and other relevant industry organizations’’ as directed by the Cybersecurity Enhancement Act of 2014.1 The proposed update to the Framework is available for review at http://www.nist.gov/cyberframework. Responses to this RFC will be posted at http://www.nist.gov/cyberframework and will inform NIST’s planned update to the Framework.

DATES: Comments must be received by 5:00 p.m. Eastern time on April 10, 2017. ADDRESSES: Written comments may be submitted by mail to Edwin Games, National Institute of Standards and Technology, 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20899. Online submissions in electronic form may be sent to cyberframework@nist.gov in any of the following formats: HTML; ASCII; Word; RTF; or PDF. Please submit comments only and include your name, organization’s name (if any), and cite ‘‘Comments on Draft Update of the Framework for Improving Critical Infrastructure Cybersecurity’’ in all correspondence. Comments containing references, studies, research, and other empirical data that are not widely published should include copies of the referenced materials. The proposed update to the Framework is available for review at http://www.nist.gov/ cyberframework.

All comments received in response to this RFC will be posted at http:// www.nist.gov/cyberframework without change or redaction, so commenters should not include information they do not wish to be posted (e.g., personal or confidential business information). Comments that contain profanity, vulgarity, threats, or other inappropriate language will not be posted or considered.  FOR FURTHER INFORMATION CONTACT: For questions about this RFC contact: Adam Sedgewick, U.S. Department of Commerce, 1401 Constitution Avenue NW., Washington, DC 20230, telephone (202) 482–0788, email Adam.Sedgewick@nist.gov. Please direct media inquiries to NIST’s Office of Public Affairs at (301) 975–2762. SUPPLEMENTARY INFORMATION: The national and economic security of the United States depends on the reliable functioning of critical infrastructure,2 which has become increasingly dependent on information technology. Cyber attacks and publicized weaknesses reinforce the need for improved capabilities for defending against malicious cyber activity. This is a long-term challenge.

The Secretary of Commerce was tasked to direct the Director of NIST to lead the development of a voluntary framework to reduce cyber risks to critical infrastructure (the ‘‘Framework’’).3 The Framework consists of standards, methodologies, procedures and processes that align policy, business, and technological approaches to address cyber risks. The Framework was developed by NIST using information collected through the Request for Information (RFI) that was published in the Federal Register on February 25, 2013 (78 FR 13024), a series of open public workshops, and a 45-day public comment period announced in the Federal Register on October 29, 2013 (78 FR 64478). It was published on February 12, 2014, after a year-long, open process involving private and public sector organizations, including extensive input and public comments, and announced in the Federal Register on February 18, 2014 (79 FR 9167). Responses to subsequent RFIs, as announced through the Federal Register (79 FR 50891 and 80 FR 76934), and workshops encouraged NIST to update the Framework. The Cybersecurity Framework incorporates voluntary consensus standards and industry best practices to the fullest extent possible and is consistent with voluntary international

consensus-based standards when such international standards advance the objectives of the Cybersecurity Enhancement Act of 2014. The Framework is designed for compatibility with existing regulatory authorities and regulations, although it is intended for voluntary adoption. Given the diversity of sectors in the Nation’s critical infrastructure, the Framework development process was designed to build on cross-sector security standards and guidelines that are immediately applicable or likely to be applicable to critical infrastructure. The process also was intended to increase visibility and use of those standards and guidelines, and to find potential areas for improvement (e.g., where standards/guidelines are nonexistent) that need to be addressed through future collaboration with industry and industry-led standards bodies. While the focus of the Framework is on the Nation’s critical infrastructure, it was developed in a manner to promote wide adoption of practices to increase risk management-based cybersecurity across all industry sectors and by all types of organizations. NIST has worked closely with industry groups, associations, non- profits, government agencies, and international standards bodies to increase awareness of the Framework. NIST has promoted the use of the Framework as a basic, flexible, and adaptable tool for managing and reducing cybersecurity risks.

The Framework was designed as a communication tool. It is applicable for leaders at all levels of an organization. For these reasons, NIST has engaged a wide diversity of stakeholders in Framework education. NIST has also issued several RFIs, held workshops, and encouraged direct communication with potential and current users of the Framework. Based on the information received from the public via these channels and the work that it has carried out on cybersecurity—including its collaborative efforts with the private sector—NIST has developed a draft update of the Framework (termed ‘‘Version 1.1’’ or ‘‘V1.1’’), available at http://www.nist.gov/cyberframework. This draft update seeks to clarify, refine, and enhance the Framework, and make it easier to use, while retaining its flexible, voluntary, and cost-effective nature. The update also will be fully compatible with the February 2014 version of the Framework in that either version may be used by organizations without degrading communication or functionality.

Request for Comments NIST is soliciting public comments on this proposed update. Specifically, NIST is interested in comments that address updated features of the Framework. These features seek to: • Clarify Implementation Tier use and relationship to Profiles, • Enhance guidance for applying the Framework for supply chain risk management, • Provide guidance on metrics and measurements using the Framework, • Update the FAQs to support understanding and use of Framework, and • Update the Informative References. NIST also will consider comments on other aspects of the Framework update. All comments will be made available to the public. These comments will be analyzed and will be one focus of a public workshop to be held in May 2017.

Details about that workshop, which also will feature user experiences with the Framework, will be announced on the NIST Cybersecurity Framework Web site at: https://www.nist.gov/ cyberframework. To receive notice about the workshop, please contact: cyberframework@nist.gov. After the May 2017 workshop and considering the comments received on this draft update, NIST intends to issue a final version of Framework V1.1 along with an updated Roadmap4 document that describes recommended activities in work areas that are related and complimentary to the Framework. Kevin Kimball, NIST Chief of Staff. [FR Doc. 2017–01599 Filed 1–24–17; 8:45 am] BILLING CODE 3510–13–P

1 See 15 U.S.C. 272(e)(1)(A)(i). The Cybersecurity Enhancement Act of 2014 (S.1353) became public law 113–274 on December 18, 2014.

2 For the purposes of this RFC the term ‘‘critical infrastructure’’ has the meaning given the term in 42 U.S.C. 5195c(e): ‘‘systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.’’ 3See Executive Order 13636, Improving Critical Infrastructure Cybersecurity (Feb. 12, 2013),

 

Cybersecurity Framework 1.1 Draft

The NIST Released its Cybersecurity Framework 1.1 draft today and you can find it here found here.

NIST Cybersecurity Framework Draft 1.1
Cybersecurity Framework 1.1 with comments
Cybersecurity Framework 1.1 draft excel

From Cybersecurity Framework 1.1 Draft

The draft Version 1.1 of Cybersecurity Framework refines, clarifies, and enhances the predecessor version 1.0 Version 1.1 can be implemented by first time and current Framework users. Current users can implement Version 1.1 with minimal or no disruption, as refinements were made with the objective of being compatible with Version 1.0. As with Version 1.0, use of the Version 1.1 is voluntary.  Users of Version 1.1 are invited to customize the Framework to maximize organizational value. The impetus to change and the proposed changes were collected from:

• Feedback and frequently asked questions to NIST since release of Framework Version 1.0 in February 2014,
• 105 responses to the December 2015 request for information (RFI), Views on the Framework for Improving Critical Infrastructure Cybersecurity, and
• Comments provided by approximately 800 attendees at a workshop held in Gaithersburg, Maryland on April 6-7, 2016. In addition, NIST previously released Version 1.0 of the Cybersecurity Framework with a companion document, NIST Roadmap for Improving Critical Infrastructure Cybersecurity. This Roadmap highlighted key “areas of improvement” for further “development, alignment, and collaboration.”  Through both private and public sector efforts, some areas of improvement have advanced enough to be included in the Framework Version 1.1

itSMF USA Event

itSMF USA Advancing Cyber Resilience through Collaboration
itSMF USA FUSION16
Las Vegas, NV  November 02,
Experience Level: Advanced
This was a great success. There was a mix of people representing the government and private organizations, big and small participating. This was perfect for our value proposition.
The disconnection between ITSM and cyber resilience efforts across all sectors was obvious. Understanding this leads to great opportunity.
The focus of our session was to help identify the people who need to be at the table during the strategy phase of a product or service along with the value of collaboration. The attendees were left hungry for more time on the topic.
Advancing cyber resilience and business value through collaboration is a great opportunity.
We are excited to see our review of this session:
Average Overall Scores: 1 – 5
· Overall this session was: 5
· Speaker(s) expertise/knowledge of subject: 5
· Speaker(s) presentation skills: 5
· Value of Q&A segment: 5 – Practicality: 5
· Compliance with non-commercialism policy: 5
· Should this session be repeated next year: 100%
· Would you recommend this speaker for future events: 100%
· Was the session content what you thought it would be: 100%

charlie tupitza joan coolidge

Program Management Act Passes

Program Management Improvement Accountability Act
Signed into law 12/14/2016.

Summary Here
Public Law No: 114-264 (12/14/2016)

(This measure has not been amended since it was passed by the House on September 22, 2016. The summary of that version is repeated here.)

(Sec. 2) This bill establishes as additional functions of the Deputy Director for Management of the Office of Management and Budget (OMB) requirements to:

  • adopt and oversee implementation of government-wide standards, policies, and guidelines for program and project management for executive agencies;
  • chair the Program Management Policy Council (established by this Act);
  • establish standards and policies for executive agencies consistent with widely accepted standards for program and project management planning and delivery;
  • engage with the private sector to identify best practices in program and project management that would improve federal program and project management;
  • conduct portfolio reviews to address programs identified as high risk by the Government Accountability Office (GAO);
  • conduct portfolio reviews of agency programs at least annually to assess the quality and effectiveness of program management; and
  • establish a five-year strategic plan for program and project management.

The bill exempts the Department of Defense (DOD) from such provisions to the extent that they are substantially similar to: (1) federal provisions governing the defense acquisition workforce; or (2) policy, guidance, or instruction of DOD related to program management.

The head of each federal agency that is required to have a Chief Financial Officer shall designate a Program Management Improvement Officer to implement agency program management policies and develop a strategy for enhancing the role of program managers within the agency. The OMB must submit a report containing such strategy within one year after enactment of this bill. The Under Secretary of Defense for Acquisition, Technology, and Logistics shall be considered the Program Management Improvement Officer for DOD.

The Program Management Policy Council is established within OMB to act as the principal interagency forum for improving agency practices related to program and project management.

The Office of Personnel Management must issue regulations that: (1) identify key skills and competencies needed for an agency program and project manager, (2) establish a new job series or update and improve an existing job series for program and project management within an agency, and (3) establish a new career path for program and project managers.

The GAO must issue a report within three years of enactment, in conjunction with its high risk list, examining the effectiveness of the following (as required or established under this Act) on improving federal program and project management:

  • the standards, policies, and guidelines for program and project management;
  • the strategic plan;
  • Program Management Improvement Officers; and
  • the Program Management Policy Council.

——–The ACT ———————-

To amend title 31, United States Code, to establish entities tasked with improving program and project management in certain Federal agencies, and for other purposes.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled

SECTION 1. Short title.

Program Management Improvement Accountability Act

SEC. 2. Project Management.

(a) Deputy director for management.—

(1) ADDITIONAL FUNCTIONS.—Section 503 of title 31, United States Code, is amended by adding at the end the following:

(c) Program and project management.—

president of the united states
Office of the President

(1) REQUIREMENT.—Subject to the direction and approval of the Director, the Deputy Director for Management or a designee shall—

(A) adopt government wide standards, policies, and guidelines for program and project management for executive agencies;

(B) oversee implementation of program and project management for the standards, policies, and guidelines established under subparagraph (A);

(C) chair the Program Management Policy Council established under section 1126(b);

(D) establish standards and policies for executive agencies, consistent with widely accepted standards for program and project management planning and delivery;

(E) engage with the private sector to identify best practices in program and project management that would improve Federal program and project management;

(F) conduct portfolio reviews to address programs identified as high risk by the Government Accountability Office;

(G) not less than annually, conduct portfolio reviews of agency programs in coordination with Project Management Improvement Officers designated under section 1126(a)(1) to assess the quality and effectiveness of program management; and

(H) establish a 5-year strategic plan for program and project management.

(2) APPLICATION TO DEPARTMENT OF DEFENSE.—Paragraph (1) shall not apply to the Department of Defense to the extent that the provisions of that paragraph are substantially similar to or duplicative of—

(A) the provisions of chapter 87 of title 10; or

(B) policy, guidance, or instruction of the Department related to program management..

(2) DEADLINE FOR STANDARDS, POLICIES, AND GUIDELINES.—Not later than 1 year after the date of enactment of this Act, the Deputy Director for Management of the Office of Management and Budget shall issue the standards, policies, and guidelines required under section 503(c) of title 31, United States Code, as added by paragraph (1).

(3) REGULATIONS.—Not later than 90 days after the date on which the standards, policies, and guidelines are issued under paragraph (2), the Deputy Director for Management of the Office of Management and Budget, in consultation with the Program Management Policy Council established under section 1126(b) of title 31, United States Code, as added by subsection (b)(1), and the Director of the Office of Management and Budget, shall issue any regulations as are necessary to implement the requirements of section 503(c) of title 31, United States Code, as added by paragraph (1).

(b) Program management improvement officers and program management policy council.—

(1) AMENDMENT.—Chapter 11 of title 31, United States Code, is amended by adding at the end the following:

§ 1126. Program management improvement officers and program management policy council

(a) Program management improvement officers.—

(1) DESIGNATION.—The head of each agency described in section 901(b) shall designate a senior executive of the agency as the Program Management Improvement Officer of the agency.

(2) FUNCTIONS.—The Program Management Improvement Officer of an agency designated under paragraph (1) shall—

(A) implement program management policies established by the agency under section 503(c); and

(B) develop a strategy for enhancing the role of program managers within the agency that includes the following:

(i) Enhanced training and educational opportunities for program managers that shall include—

(I) training in the relevant competencies encompassed with program and project manager within the private sector for program managers; and

(II) training that emphasizes cost containment for large projects and programs.

(ii) Mentoring of current and future program managers by experienced senior executives and program managers within the agency.

(iii) Improved career paths and career opportunities for program managers.

(iv) A plan to encourage the recruitment and retention of highly qualified individuals to serve as program managers.

(v) Improved means of collecting and disseminating best practices and lessons learned to enhance program management across the agency.

(vi) Common templates and tools to support improved data gathering and analysis for program management and oversight purposes.

(3) APPLICATION TO DEPARTMENT OF DEFENSE.—This subsection shall not apply to the Department of Defense to the extent that the provisions of this subsection are substantially similar to or duplicative of the provisions of chapter 87 of title 10. For purposes of paragraph (1), the Under Secretary of Defense for Acquisition, Technology, and Logistics (or a designee of the Under Secretary) shall be considered the Program Management Improvement Officer.

(b) Program management policy council.—

(1) ESTABLISHMENT.—There is established in the Office of Management and Budget a council to be known as the ‘Program Management Policy Council’ (in this subsection referred to as the ‘Council’).

(2) PURPOSE AND FUNCTIONS.—The Council shall act as the principal interagency forum for improving agency practices related to program and project management. The Council shall—

(A) advise and assist the Deputy Director for Management of the Office of Management and Budget;

(B) review programs identified as high risk by the General Accountability Office and make recommendations for actions to be taken by the Deputy Director for Management of the Office of Management and Budget or a designee;

(C) discuss topics of importance to the workforce, including—

(i) career development and workforce development needs;

(ii) policy to support continuous improvement in program and project management; and

(iii) major challenges across agencies in managing programs;

(D) advise on the development and applicability of standards government wide for program management transparency; and

(E) review the information published on the website of the Office of Management and Budget pursuant to section 1122.

(3) MEMBERSHIP.—

(A) COMPOSITION.—The Council shall be composed of the following members:

(i) Five members from the Office of Management and Budget as follows:

(I) The Deputy Director for Management.

(II) The Administrator of the Office of Electronic Government.

(III) The Administrator of Federal Procurement Policy.

(IV) The Controller of the Office of Federal Financial Management.

(V) The Director of the Office of Performance and Personnel Management.

(ii) The Program Management Improvement Officer from each agency described in section 901(b).

(iii) Any other full-time or permanent part-time officer or employee of the Federal Government or member of the Armed Forces designated by the Chairperson.

(B) CHAIRPERSON AND VICE CHAIRPERSON.—

(i) IN GENERAL.—The Deputy Director for Management of the Office of Management and Budget shall be the Chairperson of the Council. A Vice Chairperson shall be elected by the members and shall serve a term of not more than 1 year.

(ii) DUTIES.—The Chairperson shall preside at the meetings of the Council, determine the agenda of the Council, direct the work of the Council, and establish and direct subgroups of the Council as appropriate.

(4) MEETINGS.—The Council shall meet not less than twice per fiscal year and may meet at the call of the Chairperson or a majority of the members of the Council.

(5) SUPPORT.—The head of each agency with a Project Management Improvement Officer serving on the Council shall provide administrative support to the Council, as appropriate, at the request of the Chairperson..

(2) REPORT REQUIRED.—Not later than 1 year after the date of enactment of this Act, the Director of the Office of Management and Budget, in consultation with each Program Management Improvement Officer designated under section 1126(a)(1) of title 31, United States Code, shall submit to Congress a report containing the strategy developed under section 1126(a)(2)(B) of such title, as added by paragraph (1).

(c) Program and project management personnel standards.—

(1) DEFINITION.—In this subsection, the term agency means each agency described in section 901(b) of title 31, United States Code, other than the Department of Defense.

(2) REGULATIONS REQUIRED.—Not later than 180 days after the date on which the standards, policies, and guidelines are issued under section 503(c) of title 31, United States Code, as added by subsection (a)(1), the Director of the Office of Personnel Management, in consultation with the Director of the Office of Management and Budget, shall issue regulations that—

(A) identify key skills and competencies needed for a program and project manager in an agency;

(B) establish a new job series, or update and improve an existing job series, for program and project management within an agency; and

(C) establish a new career path for program and project managers within an agency.

(d) Gao report on effectiveness of policies on program and project management.—Not later than 3 years after the date of enactment of this Act, the Government Accountability Office shall issue, in conjunction with the High Risk list of the Government Accountability Office, a report examining the effectiveness of the following on improving Federal program and project management:

(1) The standards, policies, and guidelines for program and project management issued under section 503(c) of title 31, United States Code, as added by subsection (a)(1).

(2) The 5-year strategic plan established under section 503(c)(1)(H) of title 31, United States Code, as added by subsection (a)(1).

(3) Program Management Improvement Officers designated under section 1126(a)(1) of title 31, United States Code, as added by subsection (b)(1).

(4) The Program Management Policy Council established under section 1126(b)(1) of title 31, United States Code, as added by subsection (b)(1).

 

 

 

Baldrige Performance Excellence Program

Baldrige-like Approach

“Thank you for continuing your efforts to help create opportunities for collaboration and coordination. Clearly, we, and the nation, are all better served if we work together. You are helping us take a “Baldrige-like” approach– driving alignment and integration across our distinct entities and helping us take a holistic perspective on how our efforts can inform and enhance each other’s work.”

Robert Fangmeyer Director of the Baldrige Performance Excellence Program