INFORMATION TECHNOLOGY PROCUREMENT REQUEST APPROVAL PROCESS FISCAL YEAR 2018 GUIDANCE (CORRECTED COPY):

1 NAVADMINs are known that refer back to this one:
NAVADMIN ID Title
NAVADMIN 300/18 NAVY INFORMATION TECHNOLOGY PROCUREMENT REQUEST FISCAL YEAR 2019 GUIDELINES (CORRECTED COPY)
UNCLASSIFIED
ROUTINE
R 201202Z SEP 17
FM CNO WASHINGTON DC
TO NAVADMIN
INFO CNO WASHINGTON DC
BT
UNCLAS
PASS TO OFFICE CODES:
FM CNO WASHINGTON DC//N2N6//
INFO CNO WASHINGTON DC//N2N6//

NAVADMIN 234/17

MSGID/NAVADMIN/CNO WASHINGTON DC/N2N6/SEP//

SUBJ/INFORMATION TECHNOLOGY PROCUREMENT REQUEST APPROVAL PROCESS FISCAL YEAR 
2018 GUIDANCE (CORRECTED COPY)//

REF/A/MSG/CNO WASHINGTON DC/031256ZOCT16//
REF/B/LTR/NIA CIO/06MAR17//
REF/C/MSG/CNO WASHINGTON DC/041557ZFEB16//
REF/D/LTR/DCIO CISO/06MAR17//
REF/E/LTR/DON CIO/12FEB16//
NARR/REF A IS NAVADMIN 222/16, FY17 ITPR APPROVAL PROCESS.  
REF B IS NIA CIO GUIDANCE ON SUBMISSION REQUIREMENTS FOR NATIONAL 
INTELLIGENCE PROGRAM ASSETS.  
REF C IS NAVADMIN 026/16, GUIDANCE FOR MIGRATION FROM ALL LEGACY VERSIONS OF 
WINDOWS OPERATING SYSTEMS TO WINDOWS 10.  
REF D IS DCIO CISO UPDATED DIRECTION FOR THE IMPLEMENTATION OF MICROSOFT 
WINDOWS 10 SECURE HOST BASELINE.  
REF E IS DON CIO GUIDANCE ON THE REPORTING REQUIREMENTS FOR ASSETS $25,000 
AND BELOW.//

POC/SALAZAR/JOSEPH/CIV/OPNAV N2N6G/-/TEL:  (571)256-8248/E
-MAIL:  joseph.a.salazar1@navy.mil//

RMKS/1.  This NAVADMIN cancels and supersedes reference (a).  As local policy 
may be more restrictive, all subordinate commands should refer to their 
Echelon II Command Information Officer (CIO) for additional guidance in 
regards to this NAVADMIN.

2.  The Information Technology Procurement Request (ITPR) process ensures 
efficient expenditure of information technology (IT) funding, prevents 
duplicative investments, provides visibility on all Navy information 
technology related expenditures, and achieves strategic sourcing for IT 
capabilities and procurements.  Command Contracting Officers and Purchasing 
Agents, including those operating at Fleet Logistic Centers, may "initiate" 
contracting actions; however, they are not authorized to "obligate" 
government funds without an approved ITPR control number included with the 
procurement documents.

3.  All Programs of Record (POR), including Defense Business System requests 
should utilize the systems subject matter expert (SME) exemption Speed Pass 
which allows the ITPR to skip the SME review group step.  All PORs and non-
PORs are encouraged to submit an annual spend plan request for approval to 
the designated Echelon II command approval authority.

4.  The following IT procurement guidance for fiscal year 2018 (FY18) applies 
to all IT assets including:  hardware, software, maintenance, contract 
support, telecommunication services, and back office IT that supports 
tactical programs reported in the Program Budget Information System-IT (PBIS-
IT) or National Intelligence Program (NIP) reporting and oversight databases 
and resourced with Navy or NIP appropriated funds.  Echelon II CIOs are 
authorized to utilize the ITPR process to track IT procurements resourced 
outside of the Navys IT budget.
    a.  Commands acting as Executive Agents for Department of Defense
    (DoD) programs using non-Navy IT budget funding to procure IT
    hardware, software, maintenance, support, or telecommunications in
    support of other DoD components (e.g., Defense Health Agency) or non
    -DoD agency programs (e.g., Department of Energy) may submit an ITPR
    for tracking purposes.  Expenditures for such requests will not be
    reported in the IT expenditure reporting summary.
    b.  Regardless of funding source, all ITPRs shall be properly
    scoped for the required need and shall not be segmented to avoid IT
    funding thresholds, oversight, and governance.

5.  Procurement requests must be submitted electronically via the Navy 
Information Technology Approval System (NAV-ITAS) for:
    a.  Business mission area programs certified and approved in the
    year of execution (YoE) by the Defense Business Council Investment
    Review Board.
    b.  Non-POR software, hardware, maintenance, and support
    services.
    c.  Fleet Outside the Continental United States (OCONUS) network
    centric IT assets (i.e., consolidated afloat network enterprise
    services and OCONUS Navy Enterprise Network, including all support
    service contracts regardless of contract value).
    d.  Next Generation (NGEN) program management and network IT
    infrastructure.
    e.  Cryptologic (UNCLASSIFIED) IT assets including support
    service contracts regardless of contract value.
    f.  Military Intelligence Program and NIP funds.  Per reference
    (b), ITPRs utilizing NIP sources are to be processed using the NAV
    -ITAS.  For these requests, submitters should select the SME
    exception "non-Navy/non-IT Budget Procurement Request:  hardware,
    software, services, and telecom procured with non-Navy IT funding or
    are NOT INCLUDED in the Navy's IT budget.  The submitter will need
    to upload a statement from the CIO or comptroller certifying
    availability of funds.  For NIP ITPRs that require a National
    Defense Authorization Act (NDAA), the submitter will need to check
    the Server and Data Center box.  Submitters must manually fill out
    the NDAA document and upload it to the ITPR.  The Unique Investment
    Identifier to use for NIP ITPRs is 007-000009995.
    g.  IT for industrial and base operating support and facilities
    maintenance equipment (other than direct support for data
    centers).  Examples include heating, ventilation, air conditioning,
    perimeter security, anti-terrorism and force protection, kW
    generators, uninterruptible power supplies that do not have IT
    embedded controls, battery packs, and all support service contracts
    regardless of contract value.
    h.  Ashore excepted network infrastructure assets including all
    support service contracts regardless of contract value.
    i.  Commercial off-the-shelf and government modified off-the
    -shelf software.
    j.  Commercially supported handheld wireless communication
    devices, non-tactical radios, and telecommunication service support
    contracts regardless of contract value.
    k.  Back office IT that supports oversight and program management
    operations of Program Executive Office, Program Manager Warfare, or
    Program Manager Air and Weapon Systems support (i.e., portals,
    hardware, and software tools, engineering services, financial
    management, installation, and support service contracts regardless
    of contract value).
    l.  Research, development, test, and evaluation laboratory
    network infrastructure that supports weapon system replication,
    trainers, ranges, and simulators, including related staff and
    service support contracts.
    m.  Small Business Innovative Research pilots or proofs of
    concept if funding source is in PBIS-IT.
    n.  Bureau of Medicine and Surgery.  IT assets procured using
    CONUS/OCONUS Navy IT funding and shipboard IT assets supporting
    Fleet Force Health Protection operations, including related staff
    and service support contracts.
    o.  Department of the Navy (DON) Enterprise License Agreement
    (ELA) and Enterprise Software Initiative (ESI).  Commands shall
    continue to submit an ITPR for all ELA and ESI software and
    maintenance products, including all PORs.  If a DON ELA and ESI
    cannot satisfy the requirement, an automated waiver request that
    includes a justification for deviating from using DON ELA must be
    submitted through NAV-ITAS.  Catalog products, blanket purchase
    agreement software products, and core products centrally funded and
    paid annually must have ITPRs submitted within NAV-ITAS.  Software
    vendors will not initiate procurement actions without ITPR approval.
    p.  Portals, websites, and web presence.  Commands must submit an
    ITPR with detailed justification for the procurement or sustainment
    of portals, websites, and web presence that are considered a
    collaboration or information sharing IT environment used to enhance
    operational or business mission areas.  All portal submissions will
    be reviewed and adjudicated by Deputy Chief Information Officer Navy
    (DDCIO(N)) regardless of the costs.
    q.  Commercial Cloud Computing Services.  Commands must submit an
    ITPR for all cloud services and hosting (i.e., cloud service
    provider, cloud computing service, and cloud service offering)
    requests.  All cloud requests will be reviewed and adjudicated by
    DDCIO(N).  Except for DDCIO (N) designated cloud brokers,
    negotiations between commands and vendors are not authorized.
    r.  Data Center and Server requests.  To ensure data center and
    server transactions are compliant with the NDAA FY12, Section 2867
    waiver review and approvals, all requests must be submitted through
    NAV-ITAS.  This includes all PORs, major automated information
    systems, defense business systems, and supporting back office
    information technology.  There are no exceptions or approval
    alternatives.
        (1) A Business Case Analysis (BCA) is required for IT
        applications, services, systems, and capabilities designated to move
        as part of data center consolidation effort if the information owner
        requests to host in a traditional data center (i.e., Core Data
        Center (CDC), Component Enterprise Data Center (CEDC), Installation
        Processing Node (IPN) and Special Purpose Processing Node (SPPN)).
        (2) IT applications, services, systems, and capabilities
        residing in a designated, not-closing CDC, CEDC, IPN, or SPPN will
        not require BCAs for FY18 sustainment, but should have BCAs prepared
        for continued sustainment in FY19 and beyond.
        (3) A BCA is required for all new IT applications, services,
        systems, and capabilities not utilizing cloud services or hosting.
    s.  Navy IT help desks.  Commands must submit an ITPR with
    detailed justification for the procurement of new Navy IT help desks
    and upgrades (technology refresh and software and hardware updates)
    to existing help desks that are on track for consolidation into the
    Navy Enterprise Service Desk.  All help desk submissions will be
    reviewed and adjudicated by DDCIO(N).  This includes all PORs with
    no exceptions or approval alternatives.
    t.  Multi-Function Devices (MFD).  Echelon II CIOs must continue
    to use Defense Logistics Agency (DLA) services for MFDs.  If DLA
    cannot satisfy the printing requirements, a memorandum from DLA must
    be attached to an ITPR before a waiver can be recommended for
    approval.  This memorandum must be on DLA Disposition Services
    letterhead, signed by the designated DLA point of contact, and it
    must state that DLA cannot satisfy the commands requirement.
        (1) If DLA can support the printer and MFD requirement and
        the command has a compelling reason not to procure through DLA, a
        BCA that includes a justification for deviating from using DLA
        printing services recommendation is required (e-mails from DLA are
        not acceptable).  All printer and MFDs must be on the Navy and
        Marine Corps intranet certified list for all environments.
        (2) All print service requests for NGEN must be submitted via
        the NGEN command technical representative.  There is no requirement
        to submit ITPRs when obtaining printers and MFDs using the NGEN
        Contract Line Item Number (CLIN) process for NGEN print services.
        (3) DDCIO(N)'s NAV-ITAS MFD FY18 procurement cut-off date is
        20 July 2018, which will allow requestors to meet the DLA cut-off
        date of 31 July 2018.  Requests submitted after 20 July 2018 will
        not be considered without documented extenuating circumstances.

6.  Additional guidance and considerations:
    a.  Windows 10 Secure Host Baseline (WIN 10 SHB) migration.  Per
    reference (c), all DoD component organizations must migrate from
    Microsoft legacy operating systems to the Defense Information
    Service Agency (DISA) approved WIN 10 SHB version.  Per reference
    (d), all workstation and server technical refresh procurements must
    include the hardware necessary for enabling WIN 10 security
    capabilities, to include 64-bit hardware, the Unified Extensible
    Firmware Interface, and the Trusted Platform Module 2.0.  Commands
    must submit an ITPR to purchase Windows software assurance, which
    allows purchased product key updates of the operating system to work
    with the DISA approved WIN 10 SHB.  One Windows software assurance
    upgrade CLIN is a "platform" price that includes Office and the
    other is without Office.  There is no requirement to procure WIN 7.
    b.  ITPRs for multiple year contracts should be submitted for YoE
    only.  The total of such ITPRs should only reflect what will be
    executed that year and should NOT include the cost for option
    years.  When approving an ITPR, you are only approving funds to be
    spent within YoE.  Additional ITPRs will need to be submitted for
    subsequent option years.  The total cost of the contract can be
    noted in the executive summary but the total cost of the ITPR should
    only reflect YoE.

7.  The following are exempt from the ITPR process and do not require 
submission or approval:
    a.  Weapons and platform IT designated systems not reported in
    PBIS-IT (e.g., command, control, computer, communications,
    intelligence, surveillance, and reconnaissance).
    b.  All peripherals and consumables (e.g., Smart Card/Common
    Access Card readers and sleds, computer monitors or televisions used
    for command display purposes, digital cameras not used for perimeter
    security or surveillance, traditional telephone handsets, mice,
    keyboards, joysticks, trackballs, computer microphones, speakers,
    headsets, motherboards, removable internal or external hard drives,
    memory cards, batteries and power supplies, surge protectors, paper,
    toner, ink, compact discs, and digital video disc media).
    c.  NGEN priced and un-priced contract line item numbers not
    associated with NGEN program management.
    d.  Personnel IT training and subscriptions not reported in the
    information technology budget.
    e.  Attendance at vendor or government sponsored IT conferences.
    f.  Per reference (e), IT asset requests of $25,000 or less that
    do not fall under the items listed in paragraph 8 (a-h), are exempt
    from the ITPR process.

8.  To assist in reporting IT spend of less than $25,000,    NAV-ITAS 
provides an abbreviated ITPR smart form that is designed for local command 
review and approval by a designated Trusted Agent.  Echelon II commands that 
decide not to utilize the abbreviated smart form must submit a $25,000 or 
less report at the end of each quarter to DON, DDCIO(N).  A template for the 
report can be found in the NAV-ITAS website under the policy tab.  
Restrictions apply to the $25,000 local command approval and use of the 
abbreviated smart form for requests less than $500,000.  For ITPRs less than 
$500,000, the Echelon II CIO retains discretion to set a local approval 
threshold amount and utilize the abbreviated ITPR smart form for assigned
Echelon III and below commands.  All requests of $500,000 or greater will 
route to the DDCIO(N) for approval.  ITPRs submitted for $20 million or 
greater require Director, Programming (OPNAV N80) staff review.  OPNAV N80 
will coordinate approval decisions with DDCIO(N).  If further review is 
required, OPNAV N80 will present the request to the Resources Requirement 
Review Board for a final procurement decision. The following are NOT exempt 
and NOT authorized to use the abbreviated smart form:
    a.	MFD/DLA print services.
    b.	Software/maintenance products using any DON ELA/ESI.
    c.	Procurement/maintenance support of portals, websites,   and
    web presences.
    d.	Commercial cloud computing services, Data Center and server
    hardware/software waiver reviews and approvals.
    e.	FY18 year of execution approved Defense Business System
    requirements.
    f.  Navy IT Help Desks or upgrades, (technology refresh and
    software/hardware updates).
    g.  New COTS and GOTS applications not registered in the DON
    Applications Database Management System and not approved for use by
    the assigned Functional Area Manager.
    h.  Contract support services that will exceed the $25,000
    threshold over the course of the contract (includes option years).

9.  Organizational responsibilities:
    a.  Echelon II CIOs and budget submitting offices:  Reference and
    incorporate revised policy contained in this NAVADMIN into local
    regulations and standard operating procedures.
    b.  Assigned Type Commander:  NAV-ITAS command managers must
    assist afloat command users with ITPR submissions and are
    responsible for ensuring the ITPRs they approve for their command
    and subordinate commands are complete and acceptable.
    c.  Commander, U.S. Pacific Fleet and U.S. Fleet Forces Command
    Customer Service Representatives:  Support type commander and afloat
    command users with ITPR submissions as required.
    d.  Command Customer Service Representatives:  Responsible for
    modifying and validating streamlined workflows; assisting new and
    existing users aligned to their command in the creation of NAV-ITAS
    accounts and ITPR requests; and answering general questions about
    the process or tool while communicating new guidance and policy
    affecting the ITPR process.
    e.  Trusted Agent assigned at Echelon III and below:  Responsible
    for reviewing and approving ITPRs of $25,000 or less.

10.  For additional information or for references, please refer to the 
DDCIO(N) SharePoint site at https://portal.secnav.navy.mil/orgs
/OPNAV/N2N6/DDCION/SitePages/Home.aspx.

11.  Released by VADM Jan E. Tighe, Deputy Chief of Naval Operations for 
Information Warfare, OPNAV N2N6.//

BT
#0001
NNNN
UNCLASSIFIED//