The Tech Policies the Trump Administration Leaves Behind

Evan El-Amin/Shutterstock

Featured eBooks
Digital Transformation
Read Now

Federal IT Modernization Still a Major Challenge

Read Now

DHS’ next chapter as an enterprise services provider

Read Now

What's happening in health tech

Read Now
Aaron Boyd By Aaron Boyd,
Senior Editor, Nextgov

By Aaron Boyd

|

Nextgov looks back at the Trump administration's major IT policy moves that will have lasting effects on federal technology for the foreseeable future.

Technology and tech policy have been at the heart of the Trump administration since the president took office, and major pushes over the last three years will have significant impacts on federal IT management for years to come.

Early on, the administration published the IT Modernization Plan and a tech-heavy President’s Management Agenda. While neither document is policy itself, they set the stage for a surge of IT policy updates from the Office of Management and Budget’s Office of the Federal Chief Information Officer.

The focus on technology as a driver of management decisions led to the creation of a few IT policies and significant updates to many more. While the Trump administration is coming to an end, the policies established during his term will live on—at least until updated, rescinded or superseded by new policies.

Extra Reading: Why It’s So Hard to Write Federal Technology Policy

Pandemic Policy

Before leaving office, then-Federal CIO Suzette Kent said 2020 would be the year all the planning and policy turned into progress. But COVID-19 had other ideas.

Despite—and, in one case, because of—the pandemic, there were a few IT policy moves this year.

From an IT perspective, 2020 was marked by two major policies: the “Maximum Telework” memo and release of documents for Trusted Internet Connection 3.

In response to the COVID-19 pandemic, OMB issued a memo in March instructing agencies to offer “maximum telework flexibilities,” followed by additional guidance for federal IT managers and contractors.

While these policies have a relatively small window of relevance—they only apply to working through the pandemic—they set the stage for the rest of 2020 and demonstrated how technology would be a core part of government operations during the new normal.

The IT-focused memo directs agencies to “utilize technology to the greatest extent practicable to support mission continuity” and to “use the breadth of available technology capabilities to fulfill service gaps and deliver mission outcomes.” This would result in big spending to increase teleworking capacity, including more devices, more virtual private networks and more cloud.

This year also saw the release of key documents and guidance as part of the update to the Trusted Internet Connection, or TIC, policy, which establishes how federal agencies should set up network access to safeguard government data.

In the past, TIC policy has focused on creating barriers to entry, namely by requiring all network traffic to flow through agency headquarters as a means of control. But in the modern IT environment that includes a reliance on mobility and cloud services, those boundaries no longer make sense.

In 2019, OFCIO released a finalized TIC 3 policy that set the stage for the future but left it to the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency, or CISA, to work out the details.

CISA released draft guidance and use cases in December 2019 and prepared to spend most of the year finalizing those documents. But COVID-19 had other plans for that program, too.

By April, the TIC program office was focused on helping agencies secure their remote workforce—issuing interim guidance and starting to work aggressively on a remote user use case, which was called for in the OFCIO policy but was a secondary priority before the pandemic hit.

That interim guidance was set to expire by the end of 2020, prompting CISA to release the draft remote user use case before the end of the year. The draft use case was put out for public comment Dec. 22, with plans to finalize that and the other outstanding use cases in early 2021.

The main body of the new TIC 3 policy was finalized in July, including the TIC 3 Guidebook; the reference architecture explaining how the concepts should be applied to agency enterprises; and the Security Capabilities Catalog, formerly the Security Capability Handbook.

The Big Push

The bulk of the Trump administration’s IT policy work came over the course of two years: 2018 set the stage with a number of draft policies and announced plans to update others, most—if not all—of which came to a head in 2019.

By the end of 2019, OFCIO had updated and finalized six major IT policies, including the base TIC 3 policy mentioned above. But the year also saw a number of the administration’s tentpole IT policies come to fruition, including Cloud Smart, a more nuanced version of the Obama-era Cloud First policy.

Cloud Smart looked to bring the government’s cloud policy forward by offering harder definitions of what counts as cloud services. After the initial draft received public comments and went through internal debate, the finalized policy released in June was similar to the original draft but contained several important changes, including a focus on application rationalization—making keep, upgrade or kill decisions on legacy apps—and a new avenue for agency-owned and -operated cloud environments where deemed appropriate.

The cloud policy update was joined by two other infrastructure-centric policy updates: the new Data Center Optimization Initiative, which, like Cloud Smart, shifted emphasis from closing government-owned data centers to optimizing that infrastructure, either in-house or through a cloud vendor; and a new Identity, Credential and Access Management, or ICAM, policy, which jumpstarted the government’s move toward zero-trust frameworks and established who—or what—would need to be credentialed going forward.

Together, these three policies have the largest effect on federal IT operations.

But the focus wasn’t only on cloud and infrastructure. 2019 also saw the release of two novel policies: the Federal Data Strategy and the establishment of the Quality Service Management Offices, or QSMO, program to reignite the push for governmentwide shared services.

The Federal Data Strategy was developed in the wake of the Foundations for Evidence-Based Policymaking Act and other initiatives—like the PMA—that pushed agencies to make better use of the data they collect. The strategy outlined a litany of principles and practices to frame how agencies collect, store, share and use data, coupled with a one-year action plan with specific deliverables.

As with just about everything else, COVID-19 derailed some of those efforts, though data strategy leaders worked to shift some deadlines and focus areas in response to the pandemic.

OMB and OFCIO also released a memo entitled, “Centralized Mission Support Capabilities for the Federal Government,” which established the QSMO concept as the next step in shared services. While past shared services efforts created single service offerings at multiple agencies, the QSMO construct looks to establish one agency as the lead for each service but with multiple offerings from that agency.

For example, rather than offering slightly different versions of payroll and accounting services from four different agencies, the QSMO effort looks to consolidate all such services in one agency—the General Services Administration—which would then offer a range of options, including full-service payroll management, a marketplace of third-party vendors and a set of governmentwide standards to guide the more independent agencies and programs.

“We’re creating a centralized place versus having agencies doing things that maybe aren’t their mission to do,” outgoing shared services lead Beth Angerman told Nextgov in a December 2019 interview. “That helps to stabilize a marketplace and a set of solutions for customers and it brings them the right kind of partnership with the right agencies to really help them think through how they would optimize that particular function in their agency.”

Per Kent’s promise that 2020 would be the year of implementation, three QSMO offices were officially designated this year, with CISA tapped to lead on cybersecurity, the Treasury Department on financial management and GSA on human resources services.

NEXT STORY: Trump Signs Omnibus Spending and COVID Relief Deal, Averting Shutdown

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.