The Department currently maintains the Information Technology (IT) Registry to provide an accurate and reliable enterprise-wide systems inventory. Information from the Registry is used as a basis of regular reporting to Congress, the Office of Management and Budget, and other stakeholders.
The need for a central authoritative IT information repository became clear in late 1990' when DoD wanted to define the scope and complexity of Y2K problem. At that time, the Department could not identify the number of IT systems it owned, operated, and maintained -- let alone determine how many were at risk. With the top down support from the Secretary of Defense, Deputy Secretary of Defense, and the Assistant Secretary of Command, Control Communications, and Intelligence (C3I), the DoD Y2K Database was created. The Y2K Database was the prime means by which the Department was able to manage and measure progress in overcoming the Y2K challenge. It was the basis for providing authoritative information to Congress and the Secretary of Defense. There has been a continuing need to maintain an accurate, current inventory of
the Department's IT assets.
IT best practices require that organizations maintain a complete inventory of their IT systems. Congress recognized the value of such an authoritative source of information and mandated that DoD maintains the IT Registry [The Floyd D. Spence National Defense Authorization Act for Fiscal Year 2001, Section 811 (a)]. Congress directed that Services and Agencies register their Mission Critical (MC) and Mission Essential (ME) IT systems in this database and also, required Chief Information Officers (CIOs) to certify their registry data's accuracy. Furthermore, Congress directed OSD to provide a report to the Hill on the Department's status complying with the law.
The Department's current IT Registry is derived from the Y2K Database. Communities in the Department have recognized the value of the IT Registry and have started to use it as a common information collection and analysis tool. These data submission requirements is designed to allow the Department to build on the efforts of those communities and eliminate multiple data calls in the future. It is intended to institutionalize the data collection process and consolidate fragmented reporting schedules into one cohesive schedule that provides predictability to OSD's information needs.
The current IT Registry is used to collect data on MC and ME IT systems. The IT Registry is being expanded to meet new statutory and management reporting requirements in the areas of financial management, information security, and public key enabling. Tabs B, C, and D of this guide detail requirements for further information on, Financial Management Systems (FMS),
Government Information Security Reporting Act (GISRA), and Public Key Enabling (PKE) reporting requirements respectively. With this expansion, the existing content will be enriched and made more valuable.