UNCLASSIFIED
ROUTINE
R 201202Z SEP 17
FM CNO WASHINGTON DC
TO NAVADMIN
INFO CNO WASHINGTON DC
BT
UNCLAS
PASS TO OFFICE CODES:
FM CNO WASHINGTON DC//N2N6//
INFO CNO WASHINGTON DC//N2N6//
NAVADMIN 234/17
MSGID/NAVADMIN/CNO WASHINGTON DC/N2N6/SEP//
SUBJ/INFORMATION TECHNOLOGY PROCUREMENT REQUEST APPROVAL PROCESS FISCAL YEAR
2018 GUIDANCE (CORRECTED COPY)//
REF/A/MSG/CNO WASHINGTON DC/031256ZOCT16//
REF/B/LTR/NIA CIO/06MAR17//
REF/C/MSG/CNO WASHINGTON DC/041557ZFEB16//
REF/D/LTR/DCIO CISO/06MAR17//
REF/E/LTR/DON CIO/12FEB16//
NARR/REF A IS NAVADMIN 222/16, FY17 ITPR APPROVAL PROCESS.
REF B IS NIA CIO GUIDANCE ON SUBMISSION REQUIREMENTS FOR NATIONAL
INTELLIGENCE PROGRAM ASSETS.
REF C IS NAVADMIN 026/16, GUIDANCE FOR MIGRATION FROM ALL LEGACY VERSIONS OF
WINDOWS OPERATING SYSTEMS TO WINDOWS 10.
REF D IS DCIO CISO UPDATED DIRECTION FOR THE IMPLEMENTATION OF MICROSOFT
WINDOWS 10 SECURE HOST BASELINE.
REF E IS DON CIO GUIDANCE ON THE REPORTING REQUIREMENTS FOR ASSETS $25,000
AND BELOW.//
POC/SALAZAR/JOSEPH/CIV/OPNAV N2N6G/-/TEL: (571)256-8248/E
-MAIL: joseph.a.salazar1@navy.mil//
RMKS/1. This NAVADMIN cancels and supersedes reference (a). As local policy
may be more restrictive, all subordinate commands should refer to their
Echelon II Command Information Officer (CIO) for additional guidance in
regards to this NAVADMIN.
2. The Information Technology Procurement Request (ITPR) process ensures
efficient expenditure of information technology (IT) funding, prevents
duplicative investments, provides visibility on all Navy information
technology related expenditures, and achieves strategic sourcing for IT
capabilities and procurements. Command Contracting Officers and Purchasing
Agents, including those operating at Fleet Logistic Centers, may "initiate"
contracting actions; however, they are not authorized to "obligate"
government funds without an approved ITPR control number included with the
procurement documents.
3. All Programs of Record (POR), including Defense Business System requests
should utilize the systems subject matter expert (SME) exemption Speed Pass
which allows the ITPR to skip the SME review group step. All PORs and non-
PORs are encouraged to submit an annual spend plan request for approval to
the designated Echelon II command approval authority.
4. The following IT procurement guidance for fiscal year 2018 (FY18) applies
to all IT assets including: hardware, software, maintenance, contract
support, telecommunication services, and back office IT that supports
tactical programs reported in the Program Budget Information System-IT (PBIS-
IT) or National Intelligence Program (NIP) reporting and oversight databases
and resourced with Navy or NIP appropriated funds. Echelon II CIOs are
authorized to utilize the ITPR process to track IT procurements resourced
outside of the Navys IT budget.
a. Commands acting as Executive Agents for Department of Defense
(DoD) programs using non-Navy IT budget funding to procure IT
hardware, software, maintenance, support, or telecommunications in
support of other DoD components (e.g., Defense Health Agency) or non
-DoD agency programs (e.g., Department of Energy) may submit an ITPR
for tracking purposes. Expenditures for such requests will not be
reported in the IT expenditure reporting summary.
b. Regardless of funding source, all ITPRs shall be properly
scoped for the required need and shall not be segmented to avoid IT
funding thresholds, oversight, and governance.
5. Procurement requests must be submitted electronically via the Navy
Information Technology Approval System (NAV-ITAS) for:
a. Business mission area programs certified and approved in the
year of execution (YoE) by the Defense Business Council Investment
Review Board.
b. Non-POR software, hardware, maintenance, and support
services.
c. Fleet Outside the Continental United States (OCONUS) network
centric IT assets (i.e., consolidated afloat network enterprise
services and OCONUS Navy Enterprise Network, including all support
service contracts regardless of contract value).
d. Next Generation (NGEN) program management and network IT
infrastructure.
e. Cryptologic (UNCLASSIFIED) IT assets including support
service contracts regardless of contract value.
f. Military Intelligence Program and NIP funds. Per reference
(b), ITPRs utilizing NIP sources are to be processed using the NAV
-ITAS. For these requests, submitters should select the SME
exception "non-Navy/non-IT Budget Procurement Request: hardware,
software, services, and telecom procured with non-Navy IT funding or
are NOT INCLUDED in the Navy's IT budget. The submitter will need
to upload a statement from the CIO or comptroller certifying
availability of funds. For NIP ITPRs that require a National
Defense Authorization Act (NDAA), the submitter will need to check
the Server and Data Center box. Submitters must manually fill out
the NDAA document and upload it to the ITPR. The Unique Investment
Identifier to use for NIP ITPRs is 007-000009995.
g. IT for industrial and base operating support and facilities
maintenance equipment (other than direct support for data
centers). Examples include heating, ventilation, air conditioning,
perimeter security, anti-terrorism and force protection, kW
generators, uninterruptible power supplies that do not have IT
embedded controls, battery packs, and all support service contracts
regardless of contract value.
h. Ashore excepted network infrastructure assets including all
support service contracts regardless of contract value.
i. Commercial off-the-shelf and government modified off-the
-shelf software.
j. Commercially supported handheld wireless communication
devices, non-tactical radios, and telecommunication service support
contracts regardless of contract value.
k. Back office IT that supports oversight and program management
operations of Program Executive Office, Program Manager Warfare, or
Program Manager Air and Weapon Systems support (i.e., portals,
hardware, and software tools, engineering services, financial
management, installation, and support service contracts regardless
of contract value).
l. Research, development, test, and evaluation laboratory
network infrastructure that supports weapon system replication,
trainers, ranges, and simulators, including related staff and
service support contracts.
m. Small Business Innovative Research pilots or proofs of
concept if funding source is in PBIS-IT.
n. Bureau of Medicine and Surgery. IT assets procured using
CONUS/OCONUS Navy IT funding and shipboard IT assets supporting
Fleet Force Health Protection operations, including related staff
and service support contracts.
o. Department of the Navy (DON) Enterprise License Agreement
(ELA) and Enterprise Software Initiative (ESI). Commands shall
continue to submit an ITPR for all ELA and ESI software and
maintenance products, including all PORs. If a DON ELA and ESI
cannot satisfy the requirement, an automated waiver request that
includes a justification for deviating from using DON ELA must be
submitted through NAV-ITAS. Catalog products, blanket purchase
agreement software products, and core products centrally funded and
paid annually must have ITPRs submitted within NAV-ITAS. Software
vendors will not initiate procurement actions without ITPR approval.
p. Portals, websites, and web presence. Commands must submit an
ITPR with detailed justification for the procurement or sustainment
of portals, websites, and web presence that are considered a
collaboration or information sharing IT environment used to enhance
operational or business mission areas. All portal submissions will
be reviewed and adjudicated by Deputy Chief Information Officer Navy
(DDCIO(N)) regardless of the costs.
q. Commercial Cloud Computing Services. Commands must submit an
ITPR for all cloud services and hosting (i.e., cloud service
provider, cloud computing service, and cloud service offering)
requests. All cloud requests will be reviewed and adjudicated by
DDCIO(N). Except for DDCIO (N) designated cloud brokers,
negotiations between commands and vendors are not authorized.
r. Data Center and Server requests. To ensure data center and
server transactions are compliant with the NDAA FY12, Section 2867
waiver review and approvals, all requests must be submitted through
NAV-ITAS. This includes all PORs, major automated information
systems, defense business systems, and supporting back office
information technology. There are no exceptions or approval
alternatives.
(1) A Business Case Analysis (BCA) is required for IT
applications, services, systems, and capabilities designated to move
as part of data center consolidation effort if the information owner
requests to host in a traditional data center (i.e., Core Data
Center (CDC), Component Enterprise Data Center (CEDC), Installation
Processing Node (IPN) and Special Purpose Processing Node (SPPN)).
(2) IT applications, services, systems, and capabilities
residing in a designated, not-closing CDC, CEDC, IPN, or SPPN will
not require BCAs for FY18 sustainment, but should have BCAs prepared
for continued sustainment in FY19 and beyond.
(3) A BCA is required for all new IT applications, services,
systems, and capabilities not utilizing cloud services or hosting.
s. Navy IT help desks. Commands must submit an ITPR with
detailed justification for the procurement of new Navy IT help desks
and upgrades (technology refresh and software and hardware updates)
to existing help desks that are on track for consolidation into the
Navy Enterprise Service Desk. All help desk submissions will be
reviewed and adjudicated by DDCIO(N). This includes all PORs with
no exceptions or approval alternatives.
t. Multi-Function Devices (MFD). Echelon II CIOs must continue
to use Defense Logistics Agency (DLA) services for MFDs. If DLA
cannot satisfy the printing requirements, a memorandum from DLA must
be attached to an ITPR before a waiver can be recommended for
approval. This memorandum must be on DLA Disposition Services
letterhead, signed by the designated DLA point of contact, and it
must state that DLA cannot satisfy the commands requirement.
(1) If DLA can support the printer and MFD requirement and
the command has a compelling reason not to procure through DLA, a
BCA that includes a justification for deviating from using DLA
printing services recommendation is required (e-mails from DLA are
not acceptable). All printer and MFDs must be on the Navy and
Marine Corps intranet certified list for all environments.
(2) All print service requests for NGEN must be submitted via
the NGEN command technical representative. There is no requirement
to submit ITPRs when obtaining printers and MFDs using the NGEN
Contract Line Item Number (CLIN) process for NGEN print services.
(3) DDCIO(N)'s NAV-ITAS MFD FY18 procurement cut-off date is
20 July 2018, which will allow requestors to meet the DLA cut-off
date of 31 July 2018. Requests submitted after 20 July 2018 will
not be considered without documented extenuating circumstances.
6. Additional guidance and considerations:
a. Windows 10 Secure Host Baseline (WIN 10 SHB) migration. Per
reference (c), all DoD component organizations must migrate from
Microsoft legacy operating systems to the Defense Information
Service Agency (DISA) approved WIN 10 SHB version. Per reference
(d), all workstation and server technical refresh procurements must
include the hardware necessary for enabling WIN 10 security
capabilities, to include 64-bit hardware, the Unified Extensible
Firmware Interface, and the Trusted Platform Module 2.0. Commands
must submit an ITPR to purchase Windows software assurance, which
allows purchased product key updates of the operating system to work
with the DISA approved WIN 10 SHB. One Windows software assurance
upgrade CLIN is a "platform" price that includes Office and the
other is without Office. There is no requirement to procure WIN 7.
b. ITPRs for multiple year contracts should be submitted for YoE
only. The total of such ITPRs should only reflect what will be
executed that year and should NOT include the cost for option
years. When approving an ITPR, you are only approving funds to be
spent within YoE. Additional ITPRs will need to be submitted for
subsequent option years. The total cost of the contract can be
noted in the executive summary but the total cost of the ITPR should
only reflect YoE.
7. The following are exempt from the ITPR process and do not require
submission or approval:
a. Weapons and platform IT designated systems not reported in
PBIS-IT (e.g., command, control, computer, communications,
intelligence, surveillance, and reconnaissance).
b. All peripherals and consumables (e.g., Smart Card/Common
Access Card readers and sleds, computer monitors or televisions used
for command display purposes, digital cameras not used for perimeter
security or surveillance, traditional telephone handsets, mice,
keyboards, joysticks, trackballs, computer microphones, speakers,
headsets, motherboards, removable internal or external hard drives,
memory cards, batteries and power supplies, surge protectors, paper,
toner, ink, compact discs, and digital video disc media).
c. NGEN priced and un-priced contract line item numbers not
associated with NGEN program management.
d. Personnel IT training and subscriptions not reported in the
information technology budget.
e. Attendance at vendor or government sponsored IT conferences.
f. Per reference (e), IT asset requests of $25,000 or less that
do not fall under the items listed in paragraph 8 (a-h), are exempt
from the ITPR process.
8. To assist in reporting IT spend of less than $25,000, NAV-ITAS
provides an abbreviated ITPR smart form that is designed for local command
review and approval by a designated Trusted Agent. Echelon II commands that
decide not to utilize the abbreviated smart form must submit a $25,000 or
less report at the end of each quarter to DON, DDCIO(N). A template for the
report can be found in the NAV-ITAS website under the policy tab.
Restrictions apply to the $25,000 local command approval and use of the
abbreviated smart form for requests less than $500,000. For ITPRs less than
$500,000, the Echelon II CIO retains discretion to set a local approval
threshold amount and utilize the abbreviated ITPR smart form for assigned
Echelon III and below commands. All requests of $500,000 or greater will
route to the DDCIO(N) for approval. ITPRs submitted for $20 million or
greater require Director, Programming (OPNAV N80) staff review. OPNAV N80
will coordinate approval decisions with DDCIO(N). If further review is
required, OPNAV N80 will present the request to the Resources Requirement
Review Board for a final procurement decision. The following are NOT exempt
and NOT authorized to use the abbreviated smart form:
a. MFD/DLA print services.
b. Software/maintenance products using any DON ELA/ESI.
c. Procurement/maintenance support of portals, websites, and
web presences.
d. Commercial cloud computing services, Data Center and server
hardware/software waiver reviews and approvals.
e. FY18 year of execution approved Defense Business System
requirements.
f. Navy IT Help Desks or upgrades, (technology refresh and
software/hardware updates).
g. New COTS and GOTS applications not registered in the DON
Applications Database Management System and not approved for use by
the assigned Functional Area Manager.
h. Contract support services that will exceed the $25,000
threshold over the course of the contract (includes option years).
9. Organizational responsibilities:
a. Echelon II CIOs and budget submitting offices: Reference and
incorporate revised policy contained in this NAVADMIN into local
regulations and standard operating procedures.
b. Assigned Type Commander: NAV-ITAS command managers must
assist afloat command users with ITPR submissions and are
responsible for ensuring the ITPRs they approve for their command
and subordinate commands are complete and acceptable.
c. Commander, U.S. Pacific Fleet and U.S. Fleet Forces Command
Customer Service Representatives: Support type commander and afloat
command users with ITPR submissions as required.
d. Command Customer Service Representatives: Responsible for
modifying and validating streamlined workflows; assisting new and
existing users aligned to their command in the creation of NAV-ITAS
accounts and ITPR requests; and answering general questions about
the process or tool while communicating new guidance and policy
affecting the ITPR process.
e. Trusted Agent assigned at Echelon III and below: Responsible
for reviewing and approving ITPRs of $25,000 or less.
10. For additional information or for references, please refer to the
DDCIO(N) SharePoint site at https://portal.secnav.navy.mil/orgs
/OPNAV/N2N6/DDCION/SitePages/Home.aspx.
11. Released by VADM Jan E. Tighe, Deputy Chief of Naval Operations for
Information Warfare, OPNAV N2N6.//
BT
#0001
NNNN
UNCLASSIFIED//